Welcome to today's issue of ONSEC Cyber Daily. We're diving deep into the world of cyber threats and vulnerabilities, starting with the BTMOB RAT virus that's causing havoc for Moroccan users. We'll explore how cybercriminals are using this "Malware-as-a-Service" to steal banking data and what you need to know to protect yourself. In the retail sector, we're seeing a surge in investments to bolster cybersecurity. We'll discuss the new techniques being used to identify vulnerabilities and alert specialist teams to potential issues. On the tech front, we're looking at a series of critical vulnerabilities. From the exploited SonicWall flaws and Samsung MagicINFO 9 Server vulnerability to the Microsoft 0-Click Telnet vulnerability that enables credential theft without user action, we'll break down what these mean for you. We're also covering the latest Android updates, including the critical security patch for the CVE-2025-27363 vulnerability. We'll discuss why it's essential to update your devices and how to stay protected against these security flaws. Finally, we'll wrap up with a roundup of the latest cybersecurity podcasts. From discussions on trust and government oversight to insights from AWS' Chief Information Security Officer, we're bringing you the most impactful content from the cybersecurity world. Stay tuned for all this and more in today's ONSEC Cyber Daily.

Exploits Alert

1. «BTMOB RAT» virus : What Moroccan users need to know: Cybercriminals are continuously developing new techniques and uncovering previously unknown vulnerabilities, with the BTMOB RAT virus being a recent example. This virus is being offered as “Malware-as-a-Service” (MaaS), allowing various cybercriminals to purchase or rent it. Source: Yabiladi.com
2. What are retailers investing in now to bolster cyber-security?: Retailers are investing in cybersecurity measures to alert a dedicated team of specialists to any discovered vulnerabilities and potential cyber-attacks. Source: Drapers
3. Critical Android Malware Alert: DGSSI Warns of Banking Data Theft: The DGSSI has issued a warning about a critical Android malware that is threatening banking data. The malware, BTMOB RAT, is being sold or rented as a service to cybercriminals. Source: Morocco World News
4. Exploited SonicWall Flaws Added to KEV List Amid PoC Code Release: SonicWall flaws have been added to the KEV list following the release of PoC code. This highlights the ongoing threat of cyber vulnerabilities and the importance of effective threat management. Source: MSSP Alert
5. Samsung MagicINFO 9 Server Vulnerability Actively Exploited in the Wild: A vulnerability in the Samsung MagicINFO 9 Server is being actively exploited by cybercriminals for data theft, ransomware deployment, or disruption of critical signage infrastructure. Source: GBHackers

Vulnerabilities & Patches

1. Google's May 2025 Pixel update with critical security patch (CVE-2025-27363): Google has released a critical security patch for its Pixel devices. The patch addresses a vulnerability (CVE-2025-27363) that is reportedly under limited, targeted exploitation. Users are strongly advised to update their devices. Source: Android Central
2. Commvault Bug (CVE-2025-34028) Still Exploitable Despite Patch: A previously patched bug in Commvault software is still exploitable, according to researchers. CISA has added the vulnerability (CVE-2025-34028) to its catalog of known exploited vulnerabilities, citing active attacks in the wild. Source: Dark Reading
3. Active Exploitation of SonicWall Flaws (CVE-2023-44221): The U.S. Cybersecurity and Infrastructure Security Agency has flagged two SonicWall vulnerabilities (CVE-2023-44221) as being actively exploited. Users are advised to update their systems to the latest version. Source: SC Media
4. Samsung MagicINFO 9 Server Vulnerability (CVE-2024-7399): A vulnerability in Samsung's MagicINFO 9 Server is being actively exploited in the wild. Organizations are urged to upgrade to at least version 21.1050, which contains the patch for CVE-2024-7399. Source: GBHackers
5. Exploited RCE Flaw in AI Building Tool (CVE-2025-3248): A remote code execution vulnerability in a tool used for building AI agents has been exploited by attackers. The flaw was reported in February 2025 and patched in Langflow 1.3.0, released in late March. Source: Help Net Security

Podcasts

1. Technologically Speaking Podcast; Episode 4: Better, Faster, More Effective: This episode discusses the importance of efficiency and effectiveness in the realm of homeland security. It emphasizes the role of technology in enhancing security measures. Source: DHS.
2. TechSpective Podcast: Cybersecurity, Trust, and the Shifting Landscape of Government Oversight: This episode features Jeff, a veteran in the field of cybersecurity, who shares his insights on the evolving landscape of government oversight in cybersecurity. Source: TechSpective.
3. New York Post Podcast: Hackers pose as IT staff in UK retail cyber strikes: This episode delves into the tactics used by cyber attackers, including impersonating IT staff and sending deceptive invites. Source: SC Media.
4. The AI Fix #49: The typo from hell - Graham Cluley: This episode of the award-winning cybersecurity podcast discusses the potential dangers of a simple typo in the realm of cybersecurity. Source: Graham Cluley.
5. Ctrl Alt Lead Podcast: Why AWS doesn't let AI run the show (yet): AWS' Chief Information Security Officer Chris Betz discusses the importance of human oversight in a world of fast-paced technological advancements. Source: Computing UK.

Final Words

As we wrap up today's edition of 'ONSEC Cyber Daily', we hope you've found our insights valuable in staying ahead of the curve in this ever-evolving cyber landscape. From the BTMOB RAT virus affecting Moroccan users to the critical Android malware alerts, and the various vulnerabilities being exploited in the wild, it's clear that cybersecurity is a shared responsibility. Remember, knowledge is power. By staying informed, you're already one step ahead in protecting yourself and your organization from potential threats. If you found this information useful, we encourage you to share this newsletter with your friends and colleagues. Let's work together in fostering a safer digital world for all. Stay safe, stay informed, and see you in the next edition of 'ONSEC Cyber Daily'.

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

x.com

X (formerly Twitter)