Welcome to the ONSEC Cyber Daily for June 3rd, 2025. Today, we're navigating the sea of alerts to prioritize vulnerabilities that are making waves in the cybersecurity landscape. Small and medium-sized enterprises (SMEs) are under siege, with unprecedented cyberattacks threatening their operations. Veteran cybersecurity writer, Davey Winder, warns of two critical vulnerabilities putting millions of Linux passwords at risk. Meanwhile, threat actors are exploiting a critical vBulletin vulnerability in the wild, and CISA has issued a critical advisory warning of two severe security vulnerabilities affecting all versions of the Consilium Safety CS5000 Fire Panel. In the world of patches and updates, Cisco's IOS XE bug has been rated a 10.0, with security pros urging teams to patch right away. Qualcomm has also flagged the exploitation of Adreno GPU flaws, urging OEMs to patch urgently. In our podcast section, we'll be featuring top voices in cybersecurity, including NATO CIO Manfred Boudreaux-Dehmer and Red Goat Cyber Security's Lisa Forte, discussing real-world risks. We'll also delve into the hidden camera dilemma, a growing concern in the realm of digital privacy. Stay tuned for all this and more in today's ONSEC Cyber Daily. Stay safe, stay updated.

Exploits Alert

1. Prioritizing Vulnerabilities in a Sea of Alerts - Cyber Security News: This article discusses the importance of prioritizing vulnerabilities amidst a sea of alerts. It emphasizes the need for small and medium-sized enterprises (SMEs) to develop cost-effective strategies to combat the increasing number of cyberattacks. Source: Cyber Security News
2. Millions Of Linux Passwords At Risk From 2 Critical Vulnerabilities - Forbes: Veteran cybersecurity writer, hacker, and analyst Davey Winder warns of two critical vulnerabilities that put millions of Linux passwords at risk. Source: Forbes
3. Threat Actors Actively Exploiting Critical vBulletin Vulnerability in the Wild: This article reports on threat actors actively exploiting a critical vBulletin vulnerability in the wild. It also provides a guide for Chief Information Security Officers to navigate regulatory compliance in global landscapes. Source: Cyber Security News
4. CISA Warns of Consilium Fire Panel Vulnerabilities Allowing Remote Takeover: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory warning of two severe security vulnerabilities affecting all versions of the Consilium Safety CS5000 Fire Panel, which could allow for remote takeover. Source: Cyber Security News

Vulnerabilities & Patches

1. Cisco IOS XE bug rated 10.0: A critical bug in Cisco IOS XE software has been patched on May 7. The bug, which is rated 10.0 in severity, has been made public, bringing the industry closer to a working exploit. Security professionals are urging teams to patch immediately. Source: SC Media
2. BadSuccessor Exploit: Microsoft is expected to assign a CVE and release patches for the BadSuccessor exploit. The exploit method is not yet disclosed, but updates will be provided as they become available. Source: Security Boulevard
3. ConnectWise Breach (CVE-2025-3935): Attackers have breached ConnectWise and compromised customer ScreenConnect instances. A patch for the ViewState deserialization vulnerability (CVE-2025-3935) was released on April 24. Source: Help Net Security
4. Qualcomm Adreno GPU 0-Day Vulnerabilities (CVE-2025-21479 and CVE-2025-21480): Critical vulnerabilities in Qualcomm Adreno GPU are being exploited to attack Android users. Users are advised to apply updates and monitor manufacturer communications regarding patch availability. Source: Cybersecurity News
5. vBulletin Vulnerability (CVE-2025-48827 and CVE-2025-48828): Threat actors are actively exploiting a critical vulnerability in vBulletin versions 5.0.0 through 6.0.3. The patched versions include vBulletin 6.0.3 Patch. Source: Cybersecurity News

Podcasts

1. APDR Podcast Episode 95 with host Kym Bergmann: This episode focuses on various aspects of cyber security, IT, simulation & training, and government policy. The host, Kym Bergmann, provides an in-depth analysis of the current state of cyber security in the Asia Pacific region. Source: Asia Pacific Defence Reporter
2. Invasion of Privacy: The Hidden Camera Dilemma: This podcast episode discusses the increasing threat to digital privacy, particularly the issue of hidden cameras. It provides insights into detecting hidden cameras and ensuring information security. Source: Security Boulevard
3. Cybersecurity's Top Voices Join SANS Cyber Leaders Podcast: The first three episodes feature senior leaders including NATO CIO Manfred Boudreaux-Dehmer and Red Goat Cyber Security's Lisa Forte. The podcast provides candid, no-hype conversations on real-world risk. Source: Morningstar
4. New podcast series on Smart Local Energy Systems launched by Amey: Episode 2 discusses data governance and cyber security in Smart Local Energy Systems (SLES), including demand forecasting and real-time monitoring. Source: FMJ
5. Building Cyber Resilience: AI Threats, Mid-Market Risks & Ransomware Trends: This episode discusses emerging threats and shifts in the cyber security landscape, focusing on AI threats, mid-market risks, and ransomware trends. Source: SC Media

Final Words

That's a wrap for today's edition of 'ONSEC Cyber Daily'. We've navigated the sea of alerts and vulnerabilities, explored cost-effective strategies for SMEs, and delved into the critical issues facing our cybersecurity landscape. Remember, in this digital age, staying updated is your first line of defense. We hope you found today's newsletter informative and enlightening. If you did, please consider sharing it with your friends and colleagues. After all, cybersecurity is a shared responsibility. Let's work together to create a safer digital world. Stay vigilant, stay informed, and stay secure. See you in the next edition of 'ONSEC Cyber Daily'. Until then, keep those systems patched and those passwords strong!

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

x.com

X (formerly Twitter)