ONSEC Cyber Daily: July 20, 2025. Welcome to today's edition of ONSEC Cyber Daily, where the digital battlefield is more intense than ever. Our top story reveals a chilling narrative of cyber threats that are not just knocking at the door but breaking it down. A newly discovered 0-Day RCE vulnerability in Microsoft SharePoint servers is being actively exploited, granting attackers full server access and sparking a sophisticated cyberattack campaign. Meanwhile, the U.S. train brake systems face a critical vulnerability that could allow unauthorized commands, posing severe risks to public safety. As if that weren't enough, a zero-day vulnerability in CrushFTP and a Fortinet FortiWeb SQL injection flaw are being exploited in real-time, highlighting the urgent need for robust cybersecurity measures. In a world where inaction is costly, today's stories underscore the strategic importance of investing in resilient cybersecurity infrastructure. Stay informed, stay secure.

Exploits Alert

1. SharePoint 0-Day RCE Vulnerability Actively Exploited in the Wild to Gain Full Server Access: A sophisticated cyberattack campaign has been discovered targeting Microsoft SharePoint servers. This campaign exploits a newly weaponized vulnerability chain, allowing attackers to gain full server access. Organizations using SharePoint are urged to apply patches immediately to mitigate the risk. Source: Cybersecurity News.
2. Critical Cybersecurity Vulnerability in US Train Brake Systems: Cybersecurity experts have issued an urgent warning about a critical vulnerability in train braking systems. This flaw poses serious risks as it could potentially allow attackers to send unauthorized commands, leading to catastrophic failures. Immediate action is required to secure these systems. Source: RaillyNews.
3. Cybersecurity Warning Issued Over Train Brake System Vulnerability: A similar alert has been issued regarding vulnerabilities in train brake systems, highlighting the potential for attackers to exploit these weaknesses. The vulnerability could lead to unauthorized command execution, emphasizing the need for urgent security measures. Source: Railway Supply.
4. CrushFTP Zero-Day Vulnerability Exploited in Attacks: CrushFTP has warned that threat actors are actively exploiting a zero-day vulnerability, tracked as CVE-2025-54309. This vulnerability allows attackers to gain unauthorized access, posing significant risks to affected systems. Users are advised to apply security updates promptly. Source: LinkedIn.
5. CISA Warns of Fortinet FortiWeb SQL Injection Vulnerability Exploited in Attacks: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a critical Fortinet FortiWeb vulnerability. This SQL injection flaw is being actively exploited, underscoring the importance of immediate patching to protect against potential breaches. Source: Cybersecurity News.

Vulnerabilities & Patches

1. Fortinet FortiWeb flaw CVE-2025-25257 exploited hours after PoC release: A critical unauthenticated SQL injection vulnerability in Fortinet FortiWeb was exploited just hours after a proof-of-concept was released. Researchers demonstrated how this flaw could be escalated to remote code execution, emphasizing the need for immediate patching. Source.
2. The Cost of Inaction: Why Cybersecurity Infrastructure Resilience is a Strategic Investment in 2025: Cisco's 2025 security advisory highlights vulnerabilities CVE-2025-20281 and others, stressing the importance of upgrading to patched versions like Cisco ISE 3.3 Patch 7 or 3.4 Patch. This underscores the strategic necessity of maintaining robust cybersecurity infrastructure. Source.
3. Apache Tomcat DoS Vulnerability: CVE-2025-53506 Under Analysis: Apache Tomcat faced a high-severity Denial of Service vulnerability, CVE-2025-53506. Apache responded swiftly, releasing a patch on July 11, 2025, to mitigate the risk of exploitation. This highlights the importance of timely updates in software management. Source.
4. Fortinet FortiOS and FortiProxy Vulnerabilities: Fortinet has released patches for critical vulnerabilities affecting FortiOS and FortiProxy, which could allow remote attackers to execute arbitrary code. Users are urged to update to the latest versions to protect their systems from potential exploitation. Source.
5. Oracle Critical Patch Update for July 2025: Oracle's July 2025 Critical Patch Update addresses numerous vulnerabilities across its product suite, including critical flaws in Oracle Database and Oracle WebLogic Server. Organizations using Oracle products should apply these updates promptly to mitigate security risks. Source.

Podcasts

1. San Diego Cyber Clinic Established to Train Students: This podcast episode discusses the establishment of the San Diego Cyber Clinic, a pioneering initiative aimed at training students to provide cybersecurity support. The clinic is designed to bridge the gap between academic learning and real-world cybersecurity challenges, offering hands-on experience to students. Hosted by Drew Schlosberg, this episode is part of Cloudcast Media's powerful local lineup. Source.
2. Cybersecurity in Healthcare: Protecting Patient Data: This podcast explores the critical importance of cybersecurity in the healthcare sector, focusing on strategies to protect sensitive patient data from cyber threats. Experts discuss the latest trends and technologies being implemented to safeguard healthcare systems. The episode provides valuable insights for healthcare professionals and IT specialists alike. Source.
3. Ransomware Resilience: Building a Strong Defense: In this episode, cybersecurity experts delve into the growing threat of ransomware and how organizations can build resilience against such attacks. The discussion covers best practices for prevention, detection, and response, offering listeners actionable advice to enhance their cybersecurity posture. Source.
4. Emerging Threats in the IoT Landscape: This podcast episode examines the vulnerabilities and security challenges posed by the Internet of Things (IoT). Experts highlight the potential risks associated with connected devices and discuss innovative solutions to mitigate these threats. The episode is a must-listen for anyone interested in the future of IoT security. Source.
5. Cybersecurity Careers: Navigating the Industry: Aimed at aspiring cybersecurity professionals, this podcast provides insights into building a successful career in the cybersecurity industry. The episode features interviews with industry veterans who share their experiences and advice on skills development, certifications, and career progression. Source.

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that the digital landscape is more dynamic and challenging than ever. From the sophisticated exploitation of SharePoint vulnerabilities to the critical alerts on train brake systems, the urgency for robust cybersecurity measures has never been more apparent. Each story we shared today underscores the importance of staying informed and proactive in safeguarding our digital and physical infrastructures. We hope you found today's insights valuable and urge you to share this newsletter with your friends and colleagues. By spreading awareness, we can collectively strengthen our defenses and foster a more secure digital environment for everyone. Remember, cybersecurity is a shared responsibility, and together, we can make a difference. Stay vigilant, stay informed, and see you in the next edition of ONSEC Cyber Daily!

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

x.com

X (formerly Twitter)