Welcome to the June 25th edition of ONSEC Cyber Daily, where we unravel the intricate web of cyber threats and vulnerabilities shaping our digital landscape. Today, we delve into the escalating cyber crisis plaguing the healthcare sector, where hospitals and insurers find themselves under siege from relentless cyberattacks. As the healthcare industry grapples with these challenges, new guidance from CISA aims to curb memory-related vulnerabilities, offering a beacon of hope amidst the chaos. Meanwhile, a critical vulnerability in Notepad++ threatens full system takeovers, underscoring the urgency for timely patches. Across the globe, Chinese state-linked Salt Typhoon is suspected in cyberattacks on Canadian telecom networks, while Iranian cyber threats loom large, prompting heightened vigilance. In the realm of software, a high-risk WinRAR vulnerability demands immediate updates, and a popular WordPress theme falls prey to malware, highlighting the ever-present danger of digital exploitation. As we navigate these turbulent waters, join us in exploring the latest cybersecurity insights and strategies to fortify your defenses against the rising tide of cyber threats.

Exploits Alert

1. Inside the Cyber Crisis Facing Healthcare: The healthcare sector is increasingly vulnerable to cyberattacks, ranging from minor disruptions to major incidents. Hospitals, insurers, and medical supply chains are prime targets, necessitating robust cybersecurity measures to protect sensitive data and maintain operational integrity. Source: MSSP Alert.
2. New Guidance Released for Reducing Memory-Related Vulnerabilities: CISA has issued new guidelines aimed at mitigating memory-related vulnerabilities, a common vector for cyberattacks. This guidance is crucial for developers and IT professionals to enhance system security and prevent exploitation. Source: CISA.
3. Notepad++ Vulnerability Allows Full System Takeover — PoC Released: A critical vulnerability in Notepad++ has been identified, allowing attackers to potentially take full control of affected systems. Users are urged to apply patches immediately to safeguard against this exploit. Source: GBHackers.
4. Chinese State Linked Salt Typhoon Suspected in Cyberattacks on Canadian Telecom Networks: A cyberattack campaign, potentially linked to Chinese state actors, has targeted Canadian telecom networks. This highlights the ongoing geopolitical tensions and the need for enhanced cybersecurity measures in critical infrastructure sectors. Source: Industrial Cyber.
5. High-risk WinRAR RCE Vulnerability Patched, Update Quickly! (CVE-2025-6218): A high-risk remote code execution vulnerability in WinRAR has been patched. Users are strongly advised to update their software immediately to prevent potential exploitation by attackers. Source: Help Net Security.

Vulnerabilities & Patches

1. Fix Windows Crashing Problem Due to OpenVPN Driver Vulnerabilities: A critical vulnerability in the OpenVPN driver has been causing Windows systems to crash. Microsoft has identified four flaws, urging users to apply the necessary patches to prevent system instability and potential exploitation. For more details, visit the original source here. Source: Make Tech Easier.
2. Up next on the KEV? All signs point to 'CitrixBleed 2': A new critical vulnerability, dubbed 'CitrixBleed 2', has been identified in Citrix systems. Although Citrix has not confirmed active exploitation, administrators are advised to patch immediately to safeguard against potential threats. More information can be found here. Source: The Register.
3. A popular WordPress theme has been hijacked by malware - here's what we know: A widely-used WordPress theme has been compromised by malware, identified as CVE-2025-4322. Users are strongly encouraged to update to version 5.6.68 to mitigate the risk of unauthorized access and data breaches. For further details, visit MSN. Source: MSN.
4. Multiple vulnerabilities in Sitecore CMS: Sitecore CMS users are urged to update their systems following the discovery of several vulnerabilities, including CVE-2025-6019 and CVE-2025-33053. These flaws could lead to remote code execution and other security breaches if left unpatched. Detailed information is available here. Source: Kaspersky official blog.
5. Zimbra Classic Web Client Vulnerability Let Attackers Execute Arbitrary JavaScript: A critical stored XSS vulnerability has been found in the Zimbra Classic Web Client, allowing attackers to execute arbitrary JavaScript. Security updates are available for versions 9.0.0 Patch 46, 10.0.15, and 10.1.9, and users are advised to update immediately. More information can be found here. Source: Cybersecurity News.

Podcasts

1. The Rise of Malware: Salt Typhoon and Spark Kitty – SWN #488: In this episode of Security Weekly News, Doug White delves into the latest cybersecurity threats, focusing on the emergence of Salt Typhoon and Spark Kitty malware. The discussion highlights the evolving tactics of cybercriminals and the importance of staying informed to protect against these threats. Source.
2. Inside Oak Ridge National Lab's Pioneer Approach to AI: This episode of CyberCast explores the innovative AI strategies employed at Oak Ridge National Laboratory. The discussion covers how AI is being leveraged to enhance cybersecurity measures and improve operational efficiency, offering insights into cutting-edge research and applications. Source.
3. Anton's Security Blog Quarterly Q2 2025: Anton's Security Blog presents a top-rated podcast episode on cloud security, focusing on Google's approach to scaling detection and response. The episode emphasizes automation and metrics as key components in enhancing security measures and provides valuable insights for cybersecurity professionals. Source.
4. The AI Fix #56: ChatGPT Traps Man in a Cult of One, and AI is Actually Stupid: This award-winning podcast episode humorously critiques the limitations of AI, using a fictional scenario where ChatGPT inadvertently creates a cult. The episode provides an entertaining yet insightful look at the current state of AI technology and its societal implications. Source.
5. Former Federal Agent Discusses Biometric Security and Identity Fraud on Latest ID Talk Episode: In this episode of ID Talk, a former federal agent discusses the role of biometric technologies in preventing identity fraud. The conversation highlights the effectiveness of FaceTec's solutions and the growing importance of biometrics in enhancing security protocols. Source.

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that the cyber landscape is as dynamic as ever. From the healthcare sector grappling with relentless cyberattacks to the unveiling of new vulnerabilities that demand immediate attention, staying informed is crucial. Whether it's the critical alerts from MSSP or the latest guidance from CISA, each piece of information is a vital puzzle in the broader cybersecurity picture. In a world where cyber threats are constantly evolving, sharing knowledge is our strongest defense. If you found today's insights valuable, consider passing them along to friends and colleagues. Together, we can build a more resilient digital community, one informed reader at a time. Stay vigilant, stay secure, and see you tomorrow for more essential updates.

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

x.com

X (formerly Twitter)