Welcome to the ONSEC Cyber Daily, where today's issue unravels a web of vulnerabilities that could redefine your digital safety. From the Vim Command-Line Editor's alarming flaw allowing attackers to overwrite sensitive files, to AI phishing exploits manipulating trust in Gmail and MS 365, the cyber landscape is fraught with peril. As the Cybersecurity & Infrastructure Security Agency raises the alarm on potential end-of-train device hacks, and WordPress faces remote file deletion threats via the Malcure Plugin, the urgency to patch and protect has never been more critical. Meanwhile, Google's AI 'Big Sleep' and Oracle's massive update of 309 vulnerabilities highlight a shift towards proactive threat prevention. Dive in as we connect these dots into a narrative of evolving cyber threats and the relentless pursuit of security. Stay informed, stay secure.

Exploits Alert

1. Vim Command-Line Editor Vulnerability Allows Attackers to Overwrite Sensitive Files: A critical vulnerability in the Vim command-line editor has been discovered, allowing attackers to overwrite sensitive files on a user's system. This exploit could potentially lead to unauthorized access and data breaches if not addressed promptly. Users are advised to update their Vim installations to the latest version to mitigate this risk. Source: CyberPress
2. AI Phishing Exploits Vulnerabilities in Gmail, MS 365 Warnings Increase Risk: A new wave of AI-driven phishing attacks is exploiting vulnerabilities in Gmail and Microsoft 365, increasing the risk for users. These attacks involve fake alerts that appear legitimate, tricking users into divulging sensitive information. It's crucial for users to verify the authenticity of such alerts and follow security best practices. Source: CHOSUNBIZ
3. WordPress Security Alert: CVE-2025-6043 Enables Remote File Deletion via Malcure Plugin: A vulnerability identified as CVE-2025-6043 in the Malcure plugin for WordPress allows remote attackers to delete files on the server. This exploit poses a significant threat to websites using this plugin, potentially leading to data loss and service disruption. Website administrators are urged to apply the latest security patches immediately. Source: The Cyber Express
4. Critical Vulnerabilities Found in Multiple Adobe Products: CERT-In has issued a warning about critical vulnerabilities in various Adobe products that could be exploited by attackers to execute arbitrary code. Users are advised to update their Adobe software to the latest versions to protect against potential cyber threats. These vulnerabilities highlight the importance of regular software updates to maintain security. Source: NewsBytes
5. Gmail Message Exploit Triggers Code Execution in Claude, Bypassing Protections: A newly discovered exploit in Gmail messages can trigger code execution in Claude, bypassing existing security protections. This vulnerability underscores the need for enhanced security measures in email services to prevent unauthorized access and data breaches. Users should remain vigilant and report any suspicious activity. Source: GBHackers

Vulnerabilities & Patches

1. Cisco Warns of Critical ISE Flaw Allowing Unauthenticated Attackers to Execute Root Code: Cisco has identified a critical vulnerability, CVE-2025-20337, in its Identity Services Engine (ISE) that allows unauthenticated attackers to execute root code via an API exploit. This flaw affects ISE versions 3.3 and 3.4, but has been patched in versions 3.3 Patch 7 and 3.4 Patch 2. Organizations using affected versions are urged to update immediately to prevent potential exploitation. Source: The Hacker News.
2. Google Patches 6 Chrome Security Flaws, Including Actively Exploited Zero-Day: Google has released patches for six security vulnerabilities in Chrome, including the actively exploited zero-day CVE-2025-6558. This vulnerability, related to an integer overflow in the V8 JavaScript engine, has been rated as high severity. Users are strongly advised to update their browsers to the latest version to mitigate these risks. Source: LinkedIn.
3. SonicWall Customers Hit by Fresh, Ongoing Attacks Targeting Fully Patched SMA 100 Devices: SonicWall's SMA 100 devices are under attack despite being fully patched, with vulnerabilities like CVE-2021-20038 and CVE-2024-38475 being exploited. The attacks are attributed to the threat group UNC6148, highlighting the need for continuous monitoring and additional security measures beyond patching. Source: CyberScoop.
4. Oracle Issues Critical Security Update Patching 309 Vulnerabilities Across Products: Oracle's latest critical patch update addresses 309 vulnerabilities across various products, including severe flaws like CVE-2025-31651 in Oracle Fusion Middleware. With a CVSS score of 9.8, these vulnerabilities pose significant risks, and Oracle users are advised to apply the patches promptly. Source: CyberPress.
5. VMware ESXi and Workstation Vulnerabilities Let Attackers Execute Malicious Code on Host: VMware has patched several vulnerabilities, including CVE-2025-41236 and CVE-2025-41239, which could allow attackers to execute malicious code on host systems. These vulnerabilities affect components like VMXNET3 and vSockets, and users should update to the latest versions to secure their environments. Source: CyberSecurity News.

Podcasts

1. RegFi Episode 68: What the EU AI Act Means for Global Businesses: This episode of the RegFi Podcast delves into the implications of the EU AI Act for global businesses, highlighting key takeaways and potential impacts on privacy and data innovation. The discussion provides insights into how companies can navigate the evolving regulatory landscape. Source: Orrick
2. From Cop to CEO: HiveWatch CEO Ryan Schonfeld's Mission to Modernize Security: In this episode of SecurityDNA, Ryan Schonfeld, CEO of HiveWatch, shares his journey from law enforcement to leading a tech-driven security company. Schonfeld discusses his mission to modernize security operations and the innovative approaches his company is taking. Source: SecurityInfoWatch
3. Choo Choo Choose to ignore the vulnerability | Smashing Security podcast: Episode 426 of the Smashing Security podcast explores the surprising vulnerabilities in train systems, revealing how easily train brakes can be hijacked from afar with inexpensive equipment. The episode underscores the importance of addressing overlooked security gaps in critical infrastructure. Source: YouTube
4. Inside North Carolina's cyber internship program: This episode of StateScoop's Priorities Podcast highlights North Carolina's innovative cyber internship program, which aims to cultivate the next generation of cybersecurity professionals. The program's success in bridging the skills gap and fostering talent in the cybersecurity field is discussed. Source: StateScoop
5. Podcast Episode: Finding the Joy in Digital Security | Electronic Frontier Foundation: The Electronic Frontier Foundation's podcast episode encourages a fresh perspective on digital security training, suggesting that it can be an enjoyable and empowering experience. The episode explores how adopting a positive approach can enhance learning and engagement in cybersecurity practices. Source: EFF

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that the digital landscape is as dynamic as ever, with vulnerabilities lurking in unexpected places—from the Vim Command-Line Editor to the latest AI phishing exploits. These stories remind us of the importance of staying informed and vigilant in the face of evolving cyber threats. Just as a single vulnerability can impact countless systems, sharing knowledge can fortify our collective defenses. If you found today's insights valuable, please consider sharing this newsletter with your friends and colleagues. Together, we can build a more secure digital world, one informed reader at a time. Stay safe, stay updated, and see you in the next edition!

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

x.com

X (formerly Twitter)