Welcome to your daily dose of ONSEC Cyber Daily. Today, we're diving into the evolving landscape of cybersecurity strategies, where proactive threat management is becoming the new norm. We'll explore how cybercriminals are leveraging advanced persistent threats, AI-driven phishing, and deepfake-based social engineering techniques to breach modern organizations. In other news, a new Safari XSS flaw has been discovered, exploiting JavaScript error handling to execute arbitrary code. This comes alongside reports of Algeria's hacking group targeting the Moroccan Notaries Platform, highlighting the critical need for robust cybersecurity measures. We'll also be discussing the latest patches and updates from tech giants like Samsung, Google, and Qualcomm. Samsung has addressed two critical zero-day vulnerabilities in Galaxy devices, while Google has released an emergency fix for a high-severity Chrome 0-day. Qualcomm, on the other hand, has finally patched Adreno GPU zero-day flaws used in Android attacks. Moreover, we'll be examining the top CVEs of May 2025, including a critical stack-based buffer overflow vulnerability affecting several Fortinet products. Finally, we'll be featuring insights from the latest cybersecurity podcasts, discussing why being bold matters in cybersecurity and branding, and the launch of the AI-powered cybersecurity platform BarracudaONE in India. Stay tuned for these stories and more, only on ONSEC Cyber Daily.

Exploits Alert

1. Proactive Threat Management Changing Cybersecurity Strategies: Cybercriminals are now using advanced persistent threats (APTs), AI-driven phishing tactics, and deepfake-based social engineering techniques. This has led to a shift in cybersecurity strategies, with organizations now focusing more on proactive threat management. Source: Big News Network.
2. New Safari XSS Flaw: A new cross-site scripting (XSS) flaw in Safari leverages JavaScript error handling to execute arbitrary code. This vulnerability highlights the need for robust cybersecurity measures. Source: Cyber Security News.
3. Algeria's Hacking Group Targets Moroccan Notaries Platform: A report suggests that a hacking group from Algeria targeted the Moroccan Notaries Platform, not ANCFCC. The Moroccan agency has warned its citizens about this critical vulnerability and the cybersecurity risks associated with it. Source: Morocco World News.
4. New Safari XSS Vulnerability Exploits JavaScript Error Handling: Another XSS vulnerability in Safari has been discovered that exploits JavaScript error handling to run arbitrary code. This vulnerability can be triggered by passing a specific message to an eval function. Source: GBHackers.

Vulnerabilities & Patches

1. Samsung Patches Two Critical Zero-Day Vulnerabilities in Galaxy Devices: Samsung has released security updates to address two critical zero-day vulnerabilities, including CVE-2024-49415, in its Galaxy devices. The patches were rolled out in October 2024. Source: Mobile ID World
2. Google Addresses High-Severity Vulnerabilities in Android Security Update: Google has patched 34 high-severity vulnerabilities, including CVE-2025-26443, in its June 2025 Android security update. The company has not disclosed any actively exploited vulnerabilities. Source: Cyberscoop
3. Google Pushes Emergency Fix for High-Severity Chrome 0-Day: Google has released an emergency update to patch a high-severity Chrome 0-day vulnerability, CVE-2025-5068, in the open-source rendering engine Blink. Source: The Register
4. Critical Exploits and Real-World Attacks in May 2025: CVE-2025-32756, a critical stack-based buffer overflow vulnerability affecting several Fortinet products, was among the top vulnerabilities of May 2025. Immediate patching is advised. Source: Security Boulevard
5. Critical Threat to All Windows Systems: CVE-2025-24054: CVE-2025-24054, a critical Windows flaw under active attack, is now on CISA's KEV list. Immediate patching is recommended to prevent SYSTEM-level breaches. Source: Techgenyz

Podcasts

1. TechSpective Podcast: The latest episode features a discussion with Don Jeter, Chief Marketing Officer, and Leonid Belkind, CTO and Co-founder, on the importance of boldness in cybersecurity and branding. They delve into the significance of a strong, assertive approach in both these areas. Source: TechSpective.
2. Best of the Steve Harvey Podcast: This episode highlights a woman who provides free Google certification scholarships in cybersecurity, data analytics, and digital fields. The podcast emphasizes the importance of education and accessibility in these rapidly growing industries. Source: iHeart.
3. MVP – The Master's Voice Podcast: The latest episode features William Mann, CISO at the Borough, discussing the launch of BarracudaONE, an AI-powered cybersecurity platform in India. The podcast explores the potential of AI in enhancing cybersecurity measures. Source: MediaBrief.

Final Words

As we wrap up today's edition of 'ONSEC Cyber Daily', we hope you've found our insights on the ever-evolving cybersecurity landscape valuable. From the proactive threat management strategies being adopted by modern organizations, to the latest vulnerabilities and patches, it's clear that the cyber world is in a constant state of flux. Remember, staying informed is the first line of defense. So, whether it's a new XSS flaw in Safari, a hacking group targeting Moroccan notaries, or critical vulnerabilities in Galaxy devices, we've got you covered. And let's not forget the importance of sharing knowledge. If you found today's newsletter helpful, why not pass it on to your friends and colleagues? After all, cybersecurity is a shared responsibility. Stay safe, stay updated, and let's continue to navigate the complex world of cybersecurity together. Until tomorrow, this is ONSEC Cyber Daily, signing off.

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

x.com

X (formerly Twitter)