Welcome to the ONSEC Cyber Daily, your one-stop source for the latest in cybersecurity news. Today, we delve into the world of cybercriminals exploiting end-of-life routers and the vulnerabilities they leave behind. We'll also discuss the critical security advisory issued by IBM regarding its Cognos Analytics platform. In a joint alert, CISA, FBI, EPA, and DOE highlight the rising cyber threats to critical infrastructure OT systems, urging organizations to remove OT connections from the public internet. Meanwhile, a second wave of cyberattacks is targeting SAP NetWeaver systems, exploiting a zero-day vulnerability. We'll also touch on the new alert warning issued by CISA about hackers attacking ICS/SCADA systems in oil and natural gas companies. In other news, Microsoft's Telnet exploit bypasses prompts in trusted zones, leading to click-free credential theft. In the logistics sector, a 160-year-old haulage firm folds following a cyber-attack, sounding the alarm for the industry's vulnerability. Universities are also warned of increased cyber-attacks. We'll wrap up with a look at the latest patches and updates, including Google's May 2025 update for Pixel phones, addressing high-severity vulnerabilities, and Cisco's patch for a flaw in IOS XE that enables root exploits via JWT. Stay tuned for more details on these stories and more, right here on ONSEC Cyber Daily.

Exploits Alert

1. Cyber Criminal Proxy Services Exploiting End of Life Routers: Cybercriminals are exploiting vulnerabilities in end-of-life routers, using them as proxies for malicious activities. This alert emphasizes the importance of updating and replacing outdated hardware to maintain cybersecurity. Source: IC3
2. IBM Cognos Analytics Vulnerability Let Attackers Upload Malicious Files: IBM has issued a critical security advisory warning of two high-severity vulnerabilities affecting its Cognos Analytics platform. These vulnerabilities could allow attackers to upload malicious files. Source: Cybersecurity News
3. CISA, FBI, EPA, DOE issue joint alert on rising cyber threats to critical infrastructure OT systems: A joint alert from CISA, FBI, EPA, and DOE warns of increasing cyber threats to critical infrastructure OT systems. The alert recommends removing OT connections from the public internet to reduce vulnerability. Source: Industrial Cyber
4. Second Wave of Attacks Targets SAP NetWeaver: A second wave of cyberattacks is targeting SAP NetWeaver systems through a zero-day vulnerability. This highlights the need for constant vigilance and timely patching of software vulnerabilities. Source: MSSP Alert
5. PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability: CISA has issued a new alert warning about a critical vulnerability in Apache Parquet. A Proof of Concept (PoC) tool has been released to help detect servers affected by this vulnerability. Source: GBHackers

Vulnerabilities & Patches

1. Cisco Patches CVE-2025-20188 in IOS XE: Cisco has addressed a critical flaw, CVE-2025-20188, in its IOS XE wireless controllers. The flaw, which had a CVSS score of 10.0, could have allowed root-level remote exploits. Source: The Hacker News
2. Google Closes Android Security Vulnerability: Google has patched a dangerous vulnerability, CVE-2025-27363, in the open-source program library FreeType. The flaw could have caused errors in text. Source: Yahoo News UK
3. Play Ransomware Group Used Windows Zero-Day: Microsoft has released a patch for CVE-2025-29824, a flaw that was exploited by the Play ransomware group against a US-based organization. Source: Dark Reading
4. SysAid Patches 4 Critical Flaws: SysAid has patched four critical flaws, including CVE-2023-47246, in its on-premise version. These flaws had been previously exploited by ransomware actors like Cl0p in zero-day attacks. Source: The Hacker News
5. Critical Langflow Vulnerability Actively Exploited: CISA has warned of active exploitation of CVE-2025-3248 in Langflow. This critical RCE flaw allows full server takeover. Users are advised to patch to version 1.3.0 now. Source: Hackread

Podcasts

1. Smashing Security Podcast #416: High street hacks, and Disney's Wingdings woe: This episode discusses the prolonged resolution of the M&S cyber attack and Disney's Wingdings issue. The hosts, Graham Cluley & Carole Theriault, provide an in-depth analysis of these cybersecurity incidents. Source: grahamcluley.com
2. CyberWire Daily Podcast Ep 2303: This episode of the CyberWire Daily podcast discusses the repercussions of spyware backfiring. The host, Dave Bittner, is a security podcast host and one of the founders at CyberWire. Source: thecyberwire.com
3. CISO Stories Podcast: This episode discusses the gaps in the C-Suite and how cybersecurity is not effectively addressing exposures and supply chain risks. The episode is sponsored by SC Media. Source: scworld.com
4. Cyber Defense Dialogues - 2025 NATO Summit: This episode discusses the preparation for the 2025 NATO Summit and cyber warfare. The podcast is hosted by Morrison Foerster and provides insights into the cyber defense strategies. Source: mofo.com

Final Words

And that's a wrap for today's edition of ONSEC Cyber Daily. We've covered a lot of ground, from cyber criminals exploiting end of life routers to the rising cyber threats to critical infrastructure OT systems. We've also discussed the second wave of attacks targeting SAP NetWeaver and the vulnerabilities in IBM Cognos Analytics. Remember, staying informed is your first line of defense against these threats. So, don't forget to share this newsletter with your friends and colleagues. Let's help each other stay safe in this digital world. Tomorrow, we'll be back with more updates on the latest cyber threats and vulnerabilities. Until then, stay safe and secure.

x.com

X (formerly Twitter)

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn