Welcome to the ONSEC Cyber Daily for October 7, 2025. Today's issue weaves a narrative of vulnerabilities and resilience in the ever-evolving cyber landscape. We begin with a critical security alert on Citrix NetScaler, highlighting a vulnerability (CVE-2025-5777) that demands immediate attention. As we delve deeper, the water sector's cyber-risks surface, underscoring the need for modernization and segmentation to safeguard vital resources. Meanwhile, ServiceNow admins are urged to patch access control lists to thwart potential exploits. The narrative takes a global turn with Chinese hackers exploiting Microsoft Exchange Servers, revealing the fragility of our cybersecurity infrastructure. In a parallel thread, senior citizens face unique online threats, as ageism becomes a tool for cybercriminals. Patch Tuesday brings a flurry of activity, with Microsoft addressing 130 vulnerabilities, including a wormable RCE flaw (CVE-2025-47981) that could have far-reaching consequences. As we navigate these challenges, the importance of timely updates and patches becomes clear, reinforcing the need for vigilance in an interconnected world. Join us as we unravel these stories and explore the path to a more secure digital future.

Exploits Alert

1. Vulnerability Citrix NetScaler | CVE-2025-5777 - Stormshield: A critical vulnerability in Citrix NetScaler has been identified, potentially allowing attackers to execute arbitrary code remotely. This exploit poses a significant risk to organizations relying on Citrix for secure application delivery. Immediate patching is recommended to mitigate potential breaches. Source: Stormshield.
2. Warning to ServiceNow admins: Fix your access control lists now: ServiceNow administrators are urged to address a newly discovered vulnerability in access control lists that could be exploited to gain unauthorized access to sensitive data. The exploit is relatively simple, making it imperative for organizations to update their systems promptly. Source: CIO.
3. Fraud, ageism and fear: Understanding the unique risks faced by senior citizens online: Cybercriminals are increasingly targeting senior citizens, exploiting societal biases like ageism to perpetrate fraud. This demographic is particularly vulnerable due to a lack of digital literacy, making awareness and education crucial in combating these threats. Source: EurekAlert.
4. Chinese Hackers Exploit Microsoft Exchange Servers to Steal COVID-19 Research Data: A sophisticated cyberattack by Chinese state-sponsored hackers has targeted Microsoft Exchange Servers to steal sensitive COVID-19 research data. This breach highlights significant vulnerabilities in global cybersecurity infrastructure, necessitating enhanced protective measures. Source: Cybersecurity News.
5. ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Phoenix Contact: Recent vulnerabilities in industrial control systems (ICS) from Siemens, Schneider, and Phoenix Contact have been addressed in the latest patch release. These vulnerabilities could have severe implications for critical infrastructure, underscoring the importance of timely updates. Source: SecurityWeek.

Vulnerabilities & Patches

1. Critical mcp-remote Flaw Could Enable RCE When Connecting AI Clients: A critical vulnerability, CVE-2025-6514, has been identified in mcp-remote versions 0.0.5 to 0.1.15, potentially allowing remote code execution (RCE) when connecting AI clients. The flaw has been patched in version 0.1.16, which introduces URL sanitization to mitigate the risk. This vulnerability highlights the importance of securing AI client connections to prevent unauthorized access. Source.
2. ServiceNow Patches High-Severity ACL Bug: ServiceNow has addressed a high-severity access control list (ACL) vulnerability, CVE-2025-3648, which could have allowed unauthorized access to sensitive data. The patch, released on July 8, 2025, strengthens ACL configurations to prevent exploitation. This update underscores the critical need for robust access controls in enterprise environments. Source.
3. Adobe Protects After Effects & Co. from Possible Attacks: Adobe has released updates to address multiple critical vulnerabilities, including CVE-2025-49533, which could allow malicious code execution on affected systems. These patches are crucial for users of Adobe After Effects and related software to prevent potential exploitation. The updates emphasize the ongoing need for timely software patching to safeguard against cyber threats. Source.
4. CISA Flags Four Actively Exploited Flaws, Urges Swift Remediation: The Cybersecurity and Infrastructure Security Agency (CISA) has highlighted four actively exploited vulnerabilities, including a critical buffer overflow flaw, CVE-2014-3931, with a CVSS score of 9.8. CISA urges organizations to patch these vulnerabilities promptly to prevent potential breaches. This alert serves as a reminder of the persistent threat posed by unpatched vulnerabilities. Source.
5. Over Two Dozen SAP Vulnerabilities Addressed: SAP has released updates for over 31 vulnerabilities, including critical insecure deserialization flaws in NetWeaver, tracked as CVE-2025-30012. These patches are essential for maintaining the security of SAP systems and preventing unauthorized access. The update highlights the importance of regular security assessments and timely patching in complex enterprise environments. Source.

Podcasts

1. What Could Texas Learn from North Carolina's Flood Warning System?: This podcast episode explores the advanced flood warning system implemented in North Carolina and discusses its potential applications in Texas. The conversation delves into the technology and strategies that have made North Carolina's system effective, offering insights for other states facing similar challenges. Source.
2. Unpacking the ECHR Decision on Russia's Violations in Ukraine: This episode from Just Security provides an in-depth analysis of the European Court of Human Rights' decision regarding Russia's actions in Ukraine. The discussion includes legal perspectives and implications for international law, offering listeners a comprehensive understanding of the case. Source.
3. Go Fund Yourself Season 2, Episode 7: XOOX's Stylish Tech and CyBase AI's Cyber Innovations: This podcast highlights the latest in tech innovation, featuring XOOX's stylish technology and CyBase AI's advancements in cybersecurity. The episode provides insights into how these companies are shaping the future of tech and security. Source.
4. Adaptive: OpenAI's Investment for AI Cyber Threats: This episode discusses OpenAI's strategic investments aimed at combating AI-driven cyber threats. It covers the next-generation security awareness training initiatives and features interviews with industry experts on the evolving landscape of AI in cybersecurity. Source.
5. Lawfare Daily: The Double Black Box: Ashley Deeks on National Security AI: In this episode, Ashley Deeks discusses the complexities and challenges of integrating AI into national security frameworks. The conversation addresses the hurdles of international cooperation and the ethical considerations of AI deployment in security operations. Source.

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that the digital landscape is as dynamic as ever. From the critical vulnerabilities in Citrix NetScaler and ServiceNow to the sophisticated cyberattacks targeting Microsoft Exchange Servers, the need for vigilance and proactive measures has never been more pressing. The water sector's call to modernize and segment systems highlights the importance of staying ahead in the cybersecurity game. Meanwhile, the unique risks faced by senior citizens online remind us of the human element in cybersecurity. In this ever-evolving cyber world, sharing knowledge is power. If you found today's insights valuable, please pass this newsletter along to your friends and colleagues. Together, we can build a more informed and secure digital community. Stay safe, stay informed, and see you in the next edition!

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

x.com

X (formerly Twitter)