Welcome to the June 18th edition of ONSEC Cyber Daily, where we unravel the intricate web of today's most pressing cybersecurity developments. In a groundbreaking move, the US and Canada have joined forces to dismantle a sophisticated Ethereum blockchain "approval phishing" scam, marking a new era of cross-border cyber collaboration. Meanwhile, the digital battlefield heats up as Tehran's "CyberFatwa" looms, threatening retaliation with just a click. As vulnerabilities in critical systems like Sitecore and TP-Link routers are actively exploited, CISA issues urgent alerts, underscoring the relentless pace of cyber threats. From zero-day exploits in Google Chrome to critical flaws in iOS and Windows, today's landscape is a stark reminder of the ever-evolving cyber frontier. Stay informed, stay secure.

Exploits Alert

1. US and Canada Collaborate to Disrupt Ethereum Blockchain “Approval Phishing” Scam: The United States and Canada have joined forces to dismantle a sophisticated phishing scam targeting Ethereum blockchain users. This operation aims to curb the rising trend of "approval phishing," which tricks users into granting permissions that allow scammers to drain their cryptocurrency wallets. The collaboration highlights the importance of international cooperation in tackling cross-border cyber threats. Source: INCIBE.
2. CyberFatwa: Tehran's Retaliation Will Be a Click Away: In a strategic move, Tehran is reportedly preparing a cyber retaliation strategy dubbed "CyberFatwa." This initiative underscores the growing geopolitical tensions and the potential for cyber warfare to become a primary tool of statecraft. The development serves as a stark reminder of the vulnerabilities inherent in national infrastructures. Source: Global Macro Monitor.
3. Critical Vulnerabilities in Sitecore Could Lead to Widespread Enterprise Attacks: Newly discovered vulnerabilities in Sitecore, a popular digital experience platform, pose significant risks to enterprises worldwide. These flaws could be exploited to gain unauthorized access to sensitive data, potentially leading to large-scale cyberattacks. Organizations using Sitecore are urged to apply patches promptly to mitigate these risks. Source: GBHackers.

Vulnerabilities & Patches

1. Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor: A critical zero-day vulnerability in Google Chrome was exploited by the threat actor TaxOff to deploy the Trinper backdoor. This flaw has been patched, but users are urged to update their browsers immediately to prevent potential exploitation. The vulnerability affects the Mojo component, a runtime library for inter-process communication on Windows systems. Source: The Hacker News
2. Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet: A severe vulnerability in Langflow is being actively exploited to deliver the Flodrix botnet. Organizations are advised to patch and upgrade to version 1.3.0 or later and restrict public access to Langflow endpoints to mitigate the risk. Immediate action is necessary to protect against this ongoing threat. Source: Trend Micro
3. New Veeam RCE Flaw Lets Domain Users Hack Backup Servers: A recently patched remote code execution (RCE) vulnerability in Veeam software allows domain users to compromise backup servers. This flaw, identified as CVE-2025-23120, underscores the importance of timely patching to prevent unauthorized access and potential data breaches. Organizations using Veeam are urged to apply the patch without delay. Source: Bleeping Computer
4. BeyondTrust Tools RCE Vulnerability Allows Attackers to Execute Arbitrary Code: A critical RCE vulnerability, CVE-2025-5309, in BeyondTrust's Remote Support tools allows attackers to execute arbitrary code. Organizations unable to patch promptly should implement additional security measures to mitigate the risk. This vulnerability highlights the need for robust patch management practices. Source: GBHackers
5. ASF Releases Patches for Critical Apache Tomcat Vulnerabilities: The Apache Software Foundation has released patches for critical vulnerabilities in Apache Tomcat, including CVE-2025-48976. These flaws could lead to authentication bypass and denial-of-service attacks. Users are strongly advised to apply the patches to secure their systems against potential exploitation. Source: Tech Monitor

Podcasts

1. Inside Cyber Diplomacy Redux: Episode I - CEPA: This podcast delves into the intricate world of cyber diplomacy, exploring cybersecurity processes, accountability challenges, and the evolving role of the private sector. Hosted by CEPA, it provides insights into how nations navigate the complex landscape of cyber threats and international cooperation. Source
2. Aeris's Newly Launched “IoT Real Talk” Podcast: Aeris introduces its first podcast series, offering unfiltered conversations about the future of global IoT. The series promises to spotlight innovations and challenges in IoT and cybersecurity, featuring industry leaders and experts. Source
3. APDR Podcast Episode 97 with host Kym Bergmann: This episode of the Asia Pacific Defence Reporter podcast covers a range of topics including cybersecurity, IT, and government policy. Host Kym Bergmann brings expert insights into the defense sector's latest developments and challenges. Source

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, let's take a moment to appreciate the power of collaboration in the cybersecurity world. The recent joint effort between the US and Canada to disrupt the Ethereum blockchain "approval phishing" scam is a testament to what we can achieve when we work together. It's a reminder that in the ever-evolving landscape of cyber threats, unity and shared knowledge are our strongest defenses. In the spirit of collaboration, we encourage you to share this newsletter with your friends and colleagues. By spreading the word, you're not just keeping them informed—you're helping to build a community that's more aware and better prepared to tackle the challenges of tomorrow. Stay vigilant, stay informed, and let's continue to protect our digital world together. Until next time, keep your systems updated and your networks secure!

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

x.com

X (formerly Twitter)