Welcome to your daily dose of ONSEC Cyber Daily, where we bring you the most critical cybersecurity updates. Today, we're diving into the world of ransomware, as DragonForce hackers exploit SimpleHelp vulnerabilities. We'll also be discussing the appointment of Shane Barney as the new Chief Information Security Officer at Keeper Security. In a shocking turn of events, Pakistan's cyber agency has issued a nationwide alert following a massive data breach affecting 180 million netizens. This incident has raised serious concerns about the country's vulnerability to cyber threats. On the software front, the Pakistan Telecommunication Authority (PTA) and MeitY's CERT-In have issued warnings about critical security flaws in Microsoft Office Apps and other Microsoft products respectively. We'll be discussing these vulnerabilities and the steps taken to address them. We'll also be covering the latest patches from Microsoft and Adobe, aimed at fixing zero-days and other vulnerabilities. However, not every CVE deserves a fire drill, and we'll be discussing how to focus on what's exploitable. Finally, we'll be tuning into some insightful cybersecurity podcasts, including the latest episodes of "Gather by the Ghost Light", "The Presumption of Innocence", "The AI Fix", and "Inside the Ardent Health cyberattack". Stay tuned for these stories and more, as we unravel the complex world of cybersecurity.

Exploits Alert

1. DragonForce Ransomware Hackers Exploiting SimpleHelp Vulnerabilities: Hackers behind the DragonForce ransomware are exploiting vulnerabilities in SimpleHelp, a remote access tool. This highlights the importance of regularly updating and patching software to prevent cyber attacks. Source: SecurityWeek
2. Pakistan's Cyber Agency Issues Nationwide Alert After 180 Million Netizens Report Data Breach: Pakistan's cyber agency has issued a nationwide alert following a massive data breach affecting 180 million internet users. The incident underscores the country's vulnerability to cyber threats and the need for improved cybersecurity measures. Source: UniIndia
3. PTA Warns Against Critical Security Flaws in Microsoft Office Apps: The Pakistan Telecommunication Authority (PTA) has issued a cybersecurity advisory warning users about serious vulnerabilities in Microsoft Office applications. The alert emphasizes the importance of keeping software up-to-date to prevent potential cyber attacks. Source: ProPakistani
4. MeitY's CERT-In Issues 'High Risk' Warning for Microsoft Users: India's Ministry of Electronics and Information Technology's (MeitY) Computer Emergency Response Team (CERT-In) has issued a 'high risk' warning for Microsoft users. The agency reported multiple vulnerabilities in various Microsoft products, highlighting the need for users to update their software to protect against potential cyber threats. Source: Gujarat Samachar

Vulnerabilities & Patches

1. May Patch Tuesday From Microsoft Fixed 5 Zero-Days (CVE-2025-32709): Microsoft has addressed a use-after-free flaw in Windows Ancillary Function Driver for WinSock, which could allow an attacker to gain administrator privileges. The vulnerability is of important severity with a CVSS score of 7.8. Source: Latest Hacking News
2. Windows Server Emergency Update Fixes Hyper-V VM Freezes, Restart Issues: Microsoft has released an emergency update to address issues causing Hyper-V virtual machines to freeze and restart. The update is critical for maintaining the stability and security of Windows Server environments. Source: Bleeping Computer
3. Adobe Dreamweaver V8 Remote Code Execution Vulnerability (CVE-2025-30310): A vulnerability in Adobe Dreamweaver V8 allows an attacker to execute code in the context of the current process. Adobe has issued an update to correct this vulnerability. Source: Systemtek
4. Not Every CVE Deserves a Fire Drill: Focus on What's Exploitable: With vulnerability disclosures increasing by 38% last year, it's important to focus on what's exploitable rather than every CVE. Many tools, scanners, patching platforms, and dashboards still sort them by raw CVSS or EPSS. Source: Bleeping Computer
5. GIMP Image Editor Vulnerability Allows Remote Attackers to Execute Arbitrary Code (CVE-2025-2760 and CVE-2025-2761): Two vulnerabilities in GIMP Image Editor could allow remote attackers to execute arbitrary code. GIMP developers have responded quickly with patches and recommendations. Source: GBHackers

Podcasts

1. Gather by the Ghost Light Podcast: Celebrating its 5th anniversary, this podcast features a special episode on cyber integration, summer safety, and summer camp activities. Source: WJBF
2. The Presumption of Innocence Podcast: Episode 62 discusses the tragic toll of conspiracy theories, focusing on an unsolved murder case of a young professional in the nation's capital. Source: JD Supra
3. The AI Fix #52: This award-winning cybersecurity podcast discusses AI adopting its own social norms and a diversity scandal created by an AI DJ. Source: Graham Cluley
4. Ep. 252: Contain, extract, recover: Inside the Ardent Health cyberattack: This episode of Radio Advisory podcast provides an inside look at the Ardent Health cyberattack. Source: Advisory Board

Final Words

As we wrap up today's edition of 'ONSEC Cyber Daily', we hope you found our insights into the latest cybersecurity news and updates valuable. From the DragonForce Ransomware exploiting SimpleHelp vulnerabilities to the nationwide alert in Pakistan following a massive data breach, it's clear that the digital landscape is fraught with challenges. We also highlighted the critical security flaws in Microsoft Office Apps and the high-risk warning for Microsoft users. The importance of regular patching was underscored, with Microsoft fixing 5 Zero-Days in their May Patch Tuesday. In the world of software, Adobe Dreamweaver V8 had a remote code execution vulnerability, but an update has been issued to correct this. We also discussed the uncertainty around CVEs and the importance of focusing on what's exploitable. Finally, we touched on some interesting cybersecurity podcasts, including 'Gather by the Ghost Light', 'The Presumption of Innocence', 'The AI Fix', and 'Inside the Ardent Health Cyberattack'. Remember, knowledge is power. By staying informed, we can all play a part in creating a safer cyber world. If you found this newsletter helpful, please consider sharing it with your friends and colleagues. Let's spread the word and make cybersecurity a priority for everyone. Stay safe and see you in the next edition of 'ONSEC Cyber Daily'.

x.com

X (formerly Twitter)

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn