Welcome to the latest issue of ONSEC Cyber Daily, your one-stop source for all things cybersecurity. Today, we're diving into the EU's new European Vulnerability Database (EUVD), a significant step towards enhancing cybersecurity and supporting risk assessment and incident response. But it's not just about new databases. We're also exploring the concept of 'Alert Fatigue' and how neuroscience can help us combat this growing issue in the cybersecurity world. In other news, Cisco's IOS XE flaw could potentially allow attackers to gain root access to your systems, a reality many CISOs are already familiar with. Meanwhile, CISA has issued three critical advisories warning organizations about severe vulnerabilities in Industrial Control Systems (ICS). On the tech front, Google has released an emergency patch for a critical flaw in its Chrome browser, and Qualcomm has patched three exploited security flaws. However, users could still be vulnerable. In the world of Android, Verizon has updated eight Samsung Galaxy devices with the May 2025 patch, and Google is urging its 3 billion Chrome users to update their browsers after a critical hack alert. Finally, we'll be discussing the latest episodes from cybersecurity podcasts, including CyberWire's exploration of private data tracking, Trend Micro's focus on AI-driven security, and Dustin Bolander's journey from MSP leadership to reinventing cyber insurance. Stay tuned for these stories and more in today's ONSEC Cyber Daily. Stay safe, stay informed.

Exploits Alert

1. EU Launches New Vulnerability Database to Enhance Cybersecurity: The European Union has launched a new European Vulnerability Database (EUVD) to strengthen cybersecurity. The database will aid in risk assessment and incident response, providing a valuable resource for cybersecurity professionals. Source: Security Boulevard.
2. How Neuroscience Can Help Us Battle 'Alert Fatigue': Dark Reading discusses the latest cybersecurity threats, newly discovered vulnerabilities, and data breach information. The article highlights the importance of staying updated on emerging trends to combat 'alert fatigue'. Source: Dark Reading.
3. Cisco's IOS XE Flaw: Could Attackers Gain Root Access to Your Systems?: A vulnerability in Cisco's IOS XE could potentially allow attackers to gain root access to systems. This highlights the ongoing threat of cyber attacks and the importance of robust cybersecurity measures. Source: IBTimes UK.
4. CISA Releases ICS Advisories Covering Vulnerabilities & Exploits: The Cybersecurity and Infrastructure Security Agency (CISA) issued three critical Industrial Control Systems (ICS) advisories on June 3, 2025, warning organizations about severe vulnerabilities. These advisories underscore the importance of staying informed about potential threats. Source: Cyber Security News.

Vulnerabilities & Patches

1. Google Issues Emergency Chrome Patch for Critical Flaw: Google has released an urgent security patch for its Chrome browser to fix a critical zero-day vulnerability. Users are advised to update their browsers immediately to protect against potential exploits. Source: WebProNews
2. One UI 7.0 becomes shortest-lived One UI version: Verizon has updated 8 Samsung Galaxy devices in the US with the May 2025 patch. The CVE included in Android's June update is already patched on One UI devices. Source: Sammy Fans
3. Qualcomm patches three exploited security flaws: Qualcomm has released patches for three security flaws that may be under limited, targeted exploitation. Users are advised to update their devices to the latest software version. Source: ZDNET
4. Multiple HPE StoreOnce vulnerabilities addressed in new update: HPE has released an update to address multiple vulnerabilities in StoreOnce. Users are advised to update to the latest software version to protect against potential exploits. Source: SC Media
5. Critical CVE-2025-37093 Hits HPE StoreOnce Systems: HPE has warned of a critical vulnerability in StoreOnce software that allows remote access. Users are urged to patch to version 4.3.11 or later. Source: The Cyber Express

Podcasts

1. "CyberWire Daily Podcast": This podcast offers a daily dose of cybersecurity news, featuring interviews with a wide range of experts. Hosted by Dave Bittner, one of the founders of CyberWire, it provides a comprehensive roundup of the latest threats and developments in the cybersecurity world. Source: CyberWire.
2. "MVP – The Master's Voice Podcast": In this episode, Mr. Rajesh Thapar, CISO, NSE, discusses the importance of proactive security in today's digital landscape. The podcast is part of Trend Micro's global cybersecurity tour, focusing on AI-driven security. Source: MediaBrief.
3. "Now That's IT: Stories of MSP Success": This podcast features the journey of Dustin Bolander from MSP leadership to reinventing cyber insurance. It provides educational information about issues that may be relevant to MSPs and those interested in the field. Source: iHeartRadio.

Final Words

And that's a wrap for today's edition of ONSEC Cyber Daily! We've covered a lot of ground, from the EU's new vulnerability database to the latest patches and updates from tech giants like Google and Samsung. Remember, in the world of cybersecurity, knowledge is power. Stay informed, stay vigilant, and most importantly, stay safe. If you found this newsletter helpful, why not share it with your friends and colleagues? Let's work together to create a safer digital world. And if you have any questions or topics you'd like us to cover, feel free to reach out. We're here to help. Until tomorrow, keep your data secure and your systems patched. Stay cyber smart!

x.com

X (formerly Twitter)

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn