Welcome to the ONSEC Cyber Daily for July 15th, where today's headlines weave a chilling narrative of vulnerabilities and exploits that could redefine the landscape of cybersecurity. As CitrixBleed 2 emerges from the shadows, echoing the chaos of its predecessor, organizations worldwide brace for impact. Meanwhile, a stark warning from CISA highlights a vulnerability that could allow hackers to seize control of train brake systems, posing a tangible threat to public safety. In the digital realm, Google's Gmail faces a new challenge with a prompt-injection vulnerability, while FortiWeb's RCE exploit underscores the urgency of patching critical systems. As the cyber frontier expands, the stakes have never been higher. Stay informed, stay secure.

Exploits Alert

1. CitrixBleed 2 Vulnerability Actively Exploited, CISA Warns: CitrixBleed 2 is causing significant concern as it mirrors the impact of its predecessor, which led to widespread cyberattacks on global organizations in 2023. The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about this vulnerability, urging organizations to take immediate action. Source: WebProNews
2. Cybersecurity Agency Issues Warning About End-of-Train Device Vulnerability: A critical vulnerability in end-of-train devices could allow hackers to gain control over a train's brake system, posing a severe risk to rail safety. The Cybersecurity & Infrastructure Security Agency has highlighted the urgency of addressing this issue to prevent potential disasters. Source: Trains.com
3. Google's Gmail Warning—If You See This, You're Being Hacked: A new prompt-injection vulnerability in Google Gemini has been identified, potentially allowing hackers to manipulate Gmail users. The warning comes from 0din, Mozilla's zero-day investigative network, emphasizing the need for users to be vigilant. Source: Forbes
4. Exploits for Unauthenticated FortiWeb RCE Are Public, So Patch Quickly! (CVE-2025-25257): FortiWeb users are urged to patch immediately as exploits for a remote code execution vulnerability have been made public. This vulnerability could allow attackers to execute arbitrary code on affected systems, highlighting the critical need for timely updates. Source: Help Net Security

Vulnerabilities & Patches

1. Exploits for unauthenticated FortiWeb RCE are public, so patch quickly! (CVE-2025-25257): A critical SQL command injection vulnerability in Fortinet's FortiWeb has been exposed with two proof-of-concept exploits now public. This vulnerability allows remote code execution, making it imperative for users to apply patches immediately to prevent potential exploitation. Source: Help Net Security.
2. Exploited Wing file transfer bug risks 'total server compromise,' CISA warns: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a critical vulnerability in Wing file transfer software that could lead to total server compromise. Agencies are urged to patch the bug by August 4 to mitigate the risk of exploitation. Source: The Record.
3. Experts uncover critical flaws in Kigen eSIM technology affecting billions: Security researchers have identified critical vulnerabilities in Kigen eSIM technology, which could potentially impact billions of devices globally. These flaws necessitate immediate patching to safeguard against unauthorized access and data breaches. Source: Security Affairs.
4. Hackers Allegedly Selling WinRAR 0-day Exploit on Dark Web Forums for $80,000: A new zero-day exploit for WinRAR is reportedly being sold on dark web forums for $80,000. This remote code execution vulnerability poses a significant threat, and users are advised to stay vigilant and update their software as patches become available. Source: Cybersecurity News.
5. New MITRE framework takes aim at crypto threats: MITRE has introduced a new framework designed to address threats in the cryptocurrency space, focusing on adversarial actions in digital asset payment technologies. This initiative aims to enhance security measures and protect against emerging crypto-related threats. Source: Help Net Security.

Podcasts

1. Post-quantum Specialist Boosts Smart City Cybersecurity: This episode explores how post-quantum technologies are enhancing cybersecurity measures in smart cities across the United States. It delves into the challenges and solutions for securing urban infrastructure against emerging cyber threats. Source.
2. Cybercrime Magazine Update: Automated Security Testing Tools: Host Paul John Spaulding and Steve Morgan discuss the latest in automated security testing tools, highlighting their importance in identifying vulnerabilities before they can be exploited. The episode provides insights into the evolving landscape of cybersecurity testing. Source.
3. Coordinating Security Tools with Tines: Matt Muller, field CISO at Tines, explains how their platform helps coordinate various security tools to enhance overall cybersecurity posture. The episode covers strategies for integrating and optimizing security operations. Source.
4. Accenture and Microsoft Collaborate on GenAI Cybersecurity Tools: This episode of MVP – The Master's Voice Podcast discusses the collaboration between Accenture and Microsoft to develop GenAI-powered cybersecurity tools. These tools aim to accelerate threat detection and improve security infrastructure for enterprises. Source.
5. Unpacking Trump's Cybersecurity Executive Order: The Infosecurity podcast team analyzes the implications of Donald Trump's June 2025 Cybersecurity Executive Order. The episode provides a detailed breakdown of the order's impact on national cybersecurity strategies and policies. Source.

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that the digital landscape is as dynamic and challenging as ever. From the unsettling echoes of CitrixBleed 2 to the alarming vulnerabilities in critical infrastructure, the need for vigilance and proactive measures has never been more pressing. Whether it's safeguarding your email from prompt-injection threats or ensuring your systems are patched against the latest FortiWeb exploits, staying informed is your first line of defense. Remember, cybersecurity is a collective effort. By sharing this newsletter with your friends and colleagues, you're not just spreading awareness—you're building a community of informed and prepared individuals ready to tackle the cyber threats of today and tomorrow. Let's keep the conversation going and the digital world a safer place for everyone. Until next time, stay secure and stay connected!

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

x.com

X (formerly Twitter)