Welcome to today's edition of ONSEC Cyber Daily, where the digital world is under siege. In a dramatic turn of events, a critical SharePoint vulnerability, CVE-2025-53770, with a staggering CVSS score of 9.8, has sent shockwaves through the cybersecurity community. This flaw has not only prompted an urgent warning from Microsoft but has also been exploited in a high-profile cyberattack targeting the U.S. National Nuclear Security. As Chinese state-backed hackers leverage AI-driven vulnerabilities, the threat to critical infrastructure has never been more palpable. Meanwhile, organizations worldwide scramble to patch their systems, with over 400 firms already compromised. Join us as we unravel the intricate web of cyber threats and the race against time to secure our digital future.

Exploits Alert

1. Maximum Severity Cisco ISE Vulnerabilities Exploited by Attackers: Cisco's Identity Services Engine (ISE) has been targeted by attackers exploiting maximum severity vulnerabilities. These vulnerabilities allow unauthorized access and control over affected systems, posing a significant threat to organizations relying on Cisco ISE for network security. Immediate patching is recommended to mitigate these risks. Source: Help Net Security
2. Chrome High-Severity Vulnerabilities Allow Attackers to Execute Arbitrary Code: Google's Chrome browser is under threat from high-severity vulnerabilities within its V8 engine, which could allow attackers to execute arbitrary code. Google has responded by increasing bug bounty rewards to encourage rapid identification and patching of these vulnerabilities. Users are urged to update their browsers to the latest version to protect against potential exploits. Source: Cybersecurity News
3. SOTA Parent Portal Taken Down for Urgent Patching Following Global Cyberattack Alerts: Singapore's School of the Arts (SOTA) has temporarily taken down its parent portal to address vulnerabilities being actively exploited in global cyberattacks. This precautionary measure aims to protect sensitive data and prevent unauthorized access. The Cyber Security Agency of Singapore has issued alerts to ensure other institutions are aware and prepared. Source: The Straits Times
4. Quebec Government Computer Networks Affected by Widespread Microsoft Cyberattack: The Quebec government's computer networks have been compromised by a large-scale cyberattack targeting Microsoft software. This incident highlights the vulnerabilities in widely-used software and the need for robust cybersecurity measures. Authorities are working to contain the breach and secure affected systems. Source: CTV News
5. #StopRansomware: Interlock: The Cybersecurity and Infrastructure Security Agency (CISA) has released an alert under the #StopRansomware initiative, focusing on the Interlock ransomware variant. This alert provides critical information on detection and mitigation strategies to protect against ransomware attacks, emphasizing the importance of proactive cybersecurity measures. Source: CISA

Vulnerabilities & Patches

1. GitLab Publishes Security Update Addressing Several Vulnerabilities: GitLab has released a security update to address multiple vulnerabilities, including CVE-2025-4700, a high-severity XSS vulnerability with a CVSS score of 8.7. This flaw could allow authenticated attackers to execute unintended actions. Users are urged to apply the update promptly to mitigate potential risks. Source: GBHackers.
2. Synology BeeDrive for Windows Exposes Desktop to Arbitrary Code Execution: Synology has identified vulnerabilities in its BeeDrive Desktop Application that could lead to arbitrary code execution. The security update addresses three distinct CVEs, ensuring that users' systems are protected from potential exploitation. It is crucial for users to update their applications to prevent unauthorized access. Source: Cyber Press.
3. Fixed Ivanti Bugs Still Haunt Japan Orgs 6 Months Later: Despite patches being released, Ivanti bugs continue to affect organizations in Japan. The vulnerabilities include CVE-2025-0282, which has been stealthily exploited. Organizations are advised to ensure all patches are applied and to remain vigilant against potential threats. Source: Dark Reading.
4. Sophos Fixed Two Critical Sophos Firewall Vulnerabilities: Sophos has addressed five vulnerabilities in its firewall products, including CVE-2025-6704 and CVE-2025-7624. These vulnerabilities could have allowed unauthorized access and control over affected systems. Users are strongly encouraged to update their systems to the latest version to enhance security. Source: Security Affairs.
5. CISA Issues Alert on Exploited SysAid Vulnerabilities: CISA has issued an alert regarding vulnerabilities in SysAid's on-premise versions, tracked as CVE-2025-2776 and CVE-2025-2775. These vulnerabilities enable unauthorized access, and organizations are urged to apply patches by the deadline of August 13 to secure their systems. Source: WebProNews.

Podcasts

1. Can a thief break into your home through your Wi-Fi?: This podcast episode explores the vulnerabilities of home Wi-Fi networks and how cybercriminals can exploit them to gain unauthorized access to personal data. It provides practical advice on securing your network to prevent such breaches. Source.
2. The clock's ticking and the bots are clicking - CyberWire: This episode delves into the increasing automation in cyberattacks, highlighting how bots are being used to exploit vulnerabilities faster than ever before. It discusses the implications for cybersecurity defenses and the need for rapid response strategies. Source.
3. Smashing Security podcast #427: When 2G attacks, and a romantic road trip goes wrong: This episode warns about the dangers of outdated mobile networks like 2G, which are being targeted by cybercriminals. It also shares a humorous anecdote about a road trip gone awry, illustrating the unexpected ways technology can impact our lives. Source.
4. Bonus podcast episode: What you need to know about the Civil Society Covenant: This episode provides insights into the cybersecurity challenges faced by the third sector, emphasizing the importance of preparedness and resilience in protecting sensitive data. It outlines the key components of the Civil Society Covenant and its role in enhancing security measures. Source.
5. Celebrating 40 Years with OSAC | Security Magazine: In this episode, the Overseas Security Advisory Council's Executive Director discusses the evolution of global security challenges over the past four decades. It highlights OSAC's role in fostering collaboration between the private sector and government to enhance security worldwide. Source.

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that the digital landscape is more volatile than ever. The critical SharePoint vulnerability, CVE-2025-53770, with a CVSS score of 9.8, serves as a stark reminder of the ever-present threats lurking in our cyber world. With Microsoft issuing urgent warnings and the U.S. National Nuclear Security infrastructure under attack, the stakes have never been higher. In this interconnected age, staying informed is our best defense. Share this newsletter with your friends and colleagues to ensure they are equipped with the knowledge to protect their digital assets. Together, we can build a more secure digital future. Until tomorrow, stay vigilant and stay secure!

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

x.com

X (formerly Twitter)