ONSEC Cyber Daily - July 25, 2025. Welcome to today's edition of ONSEC Cyber Daily, where we unravel the intricate web of cyber threats and vulnerabilities shaping our digital landscape. Today, we dive into a rapidly escalating cyber campaign that has taken the world by storm. A critical zero-day vulnerability in Microsoft's SharePoint (CVE-2025-53770) is being widely exploited, with Chinese hackers at the forefront of this cyber onslaught. This flaw has triggered a global response, impacting over 400 organizations, including U.S. federal agencies and even a nuclear administration. As the fallout worsens, ransomware attacks, notably the Warlock ransomware, are being deployed, leaving a trail of compromised systems in their wake. Microsoft has issued urgent patches, but the race against time continues as cyber defenders scramble to mitigate the damage. Stay vigilant and informed as we navigate through this unfolding cyber saga.

Exploits Alert

1. Firefox 141 Launches With Critical Security Fixes: Mozilla has rolled out Firefox 141, an update focused on security enhancements. This update addresses 18 newly discovered vulnerabilities, including several high-severity ones, urging users to update immediately to protect against potential exploits. Source.
2. CISA Alerts on Google Chromium Input Validation Flaw Actively Exploited: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert about a severe input validation vulnerability in Google Chromium. This flaw is actively being exploited, posing a significant threat to users, and necessitating immediate attention and patching. Source.
3. Chinese Hackers Now Exploiting SharePoint Zero-Days To Deploy Warlock Ransomware: A new wave of cyberattacks has been identified, where Chinese hackers are exploiting SharePoint zero-day vulnerabilities to deploy the Warlock ransomware. This development highlights the ongoing threat landscape and the need for robust security measures. Source.
4. Microsoft Hack Victims Need to Be on Alert for Sleeper Cells: Recent cyberattacks on SharePoint may have laid the groundwork for more severe future attacks. Victims are advised to remain vigilant for potential sleeper cells that could activate later, emphasizing the importance of continuous monitoring and security updates. Source.
5. National Treasury Probes Malware Attack: A significant malware attack has prompted the National Treasury to launch an investigation. This incident underscores the critical need for enhanced cybersecurity measures to protect sensitive governmental data from sophisticated cyber threats. Source.

Vulnerabilities & Patches

1. TP-Link Network Video Recorder Vulnerability Allows Arbitrary Command Execution: TP-Link has identified critical vulnerabilities, CVE-2025-7723, that allow arbitrary command execution on their network video recorders. Users are urged to apply the latest patches to mitigate potential exploitation risks. Source: Cyber Press.
2. SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw: SonicWall has released a patch for a critical flaw, CVE-2025-23006, in their SMA appliances. This vulnerability could lead to severe security breaches if left unpatched, and users are strongly advised to update their systems immediately. Source: IT Security News.
3. Critical Zero-Day Vulnerability Discovered in OpenSSH: A zero-day vulnerability, CVE-2025-38897, has been found in OpenSSH, affecting most Unix-based systems. This flaw requires urgent patching to prevent potential exploitation by attackers. Source: Hacker News.
4. CISA: Attacks Leveraging SysAid Flaws Ongoing: CISA has reported ongoing attacks exploiting SysAid vulnerabilities, CVE-2025-2775 and CVE-2025-2776. Organizations using SysAid are advised to implement the latest security patches to safeguard their systems. Source: SC Media.
5. Firefox 141 Launches With Critical Security Fixes: Mozilla has released Firefox 141, addressing critical vulnerabilities in the browser's JavaScript engine and memory management. Users should update to the latest version to ensure protection against potential threats. Source: LinkedIn.

Podcasts

1. Reach Launches New Podcast Unpicking Human Stories Behind Cyber Nightmares: This limited series of 10 episodes, produced by Reach's award-winning podcast editor Daniel McLaughlin, delves into the human stories behind cyber incidents. Each episode explores the personal and emotional impacts of cyberattacks, offering listeners a unique perspective on cybersecurity. Source: Newsworks.
2. We Get Privacy for Work – Episode 6: The Potential Privacy Risks Inherent to Mergers and Acquisitions: This episode discusses the privacy risks that come with mergers and acquisitions, emphasizing the importance of data mapping. The podcast features insights from cybersecurity experts, making it a valuable resource for understanding the complexities of privacy in corporate transactions. Source: Jackson Lewis.
3. ThreatX Product Demo Showcase: API & App Threat Protection: This episode includes a live demo of ThreatX's capabilities in API and app threat protection. It highlights the use of cutting-edge AI and cyber threat intelligence, providing listeners with a practical understanding of modern cybersecurity tools. Source: YouTube.
4. Why Salespeople's Knowledge of Cybersecurity Is Critical for the Ecosystem: Hosted by David Spark, this podcast episode explores the crucial role salespeople play in the cybersecurity ecosystem. It discusses how their understanding of cybersecurity can enhance the overall security posture of an organization. Source: CISO Series.
5. Reach Launches New Podcast Series: This series, also produced by Reach, focuses on unraveling the human stories behind cyber nightmares. It aims to provide a deeper understanding of the personal impacts of cyber incidents, making it a compelling listen for those interested in the human side of cybersecurity. Source: InPublishing.

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that the digital landscape is more turbulent than ever. The SharePoint zero-day vulnerability (CVE-2025-53770) is a stark reminder of the relentless pace at which cyber threats evolve. With hackers exploiting these vulnerabilities, including those linked to Chinese government affiliations, the urgency for robust cybersecurity measures has never been greater. Microsoft's global alert underscores the critical need for vigilance and proactive defense strategies. As organizations worldwide scramble to patch and protect their systems, it's crucial to stay informed and prepared. Remember, cybersecurity is a collective effort, and sharing knowledge is a powerful tool in our defense arsenal. We encourage you to share this newsletter with your friends and colleagues. By spreading awareness, we can build a more resilient community against cyber threats. Stay safe, stay informed, and let's tackle these challenges together. Until next time, keep your systems secure and your data protected.

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

x.com

X (formerly Twitter)