Welcome to today's edition of ONSEC Cyber Daily, where the digital and physical worlds collide in a tale of resilience and vulnerability. As Europe grapples with logistics bottlenecks, cyberattacks, and geopolitical disruptions, the industrial sector stands at a crossroads, demanding robust defenses against systemic risks. Meanwhile, the digital realm is abuzz with critical updates: Chrome and Adobe Commerce patch severe vulnerabilities, while Microsoft's September 2025 Patch Tuesday addresses a staggering 80 CVEs, including two zero-day flaws. As the cyber landscape evolves, podcasts and discussions explore the intersection of AI, connectivity, and cybersecurity, offering insights into navigating these turbulent times. Dive in as we unravel the threads of today's interconnected challenges and solutions.

Exploits Alert

1. Critical Vulnerability in Popular E-commerce Platform: A newly discovered exploit in a widely-used e-commerce platform allows attackers to bypass authentication mechanisms, potentially exposing millions of user accounts to unauthorized access. This vulnerability has garnered significant attention due to its potential impact on online retail security. Security experts urge immediate patching to prevent exploitation. Source: Cybersecurity News.
2. Zero-Day Exploit in Major Cloud Service Provider: A zero-day vulnerability affecting a leading cloud service provider has been identified, allowing attackers to execute arbitrary code remotely. The exploit has raised alarms across industries relying on cloud services for critical operations. Companies are advised to implement additional security measures while awaiting a patch. Source: TechRadar.
3. New Ransomware Strain Targets Healthcare Sector: A sophisticated ransomware strain is actively targeting healthcare institutions, encrypting sensitive patient data and demanding hefty ransoms. The attack has disrupted operations in several hospitals, highlighting the urgent need for enhanced cybersecurity protocols in the healthcare industry. Source: Health IT Security.
4. Vulnerability in Industrial Control Systems: A critical flaw in industrial control systems used in manufacturing and energy sectors has been discovered, potentially allowing attackers to disrupt operations. The vulnerability has sparked widespread concern due to its implications for national infrastructure security. Experts recommend immediate system audits and updates. Source: IndustryWeek.
5. Phishing Campaign Exploits Social Media Platforms: A large-scale phishing campaign is exploiting vulnerabilities in social media platforms to harvest user credentials and personal information. The campaign's sophistication and reach have made it a significant threat to online privacy and security. Users are advised to exercise caution and verify suspicious communications. Source: Social Media Examiner.

Vulnerabilities & Patches

1. Chrome Security Update Patches Critical Remote Code Execution Vulnerability: Google has released a security update for Chrome, addressing two major vulnerabilities, with the most severe being CVE-2025-10200. This critical remote code execution flaw could allow attackers to execute arbitrary code on affected systems. Users are advised to update their browsers immediately to mitigate potential risks. Source: Cybersecurity News
2. Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts: A critical vulnerability in Adobe Commerce, identified as CVE-2025-54236, allows attackers to hijack customer accounts. This flaw affects ColdFusion 2021, 2023, and 2025 versions on all platforms. Adobe has released patches to address this issue, urging users to update their systems promptly. Source: The Hacker News
3. Microsoft's September 2025 Patch Tuesday Addresses 80 CVEs: Microsoft's latest Patch Tuesday release includes fixes for 80 vulnerabilities, with CVE-2025-55234 being a notable elevation of privilege flaw in the Windows SMB protocol. This vulnerability could allow attackers to perform relay attacks, emphasizing the need for immediate patching. Source: Security Boulevard
4. Patch Tuesday Priorities: Vulnerabilities in SAP NetWeaver and Microsoft NTLM and Hyper-V: SAP's September 2025 Patch Day highlights a critical vulnerability, CVE-2025-42944, in the NetWeaver RMI-P4 module. Rated 10 on the CVSS scale, this insecure deserialization flaw requires immediate attention to prevent potential exploitation. Source: CSO Online
5. Technical Details of Actively Exploited Android Kernel Flaw Released: CVE-2025-38352, a vulnerability in the Android kernel, has been actively exploited and patched in Google's September 2025 Android Security update. The flaw allows attackers to bypass security measures, highlighting the importance of timely updates to protect devices. Source: Cyber Kendra

Podcasts

1. Unlocking Resilience: Hospital & Health System Threats
2. : John Riggi, the National Advisor for Cybersecurity and Risk at the American Hospital Association, joins host Heather Engel to discuss the evolving cybersecurity threats facing hospitals and health systems. The episode delves into strategies for enhancing resilience against cyber threats in the healthcare sector. Source:
3. iHeart
4. Navigating Cybersecurity Compliance: From Physical Audits to AI Frameworks
5. : Host Tom Fox engages with Lori Crooks, a cybersecurity and audit assessment expert, to explore the transition from traditional physical audits to modern AI-driven compliance frameworks. The discussion highlights the challenges and opportunities in adapting to new cybersecurity compliance standards. Source:
6. JD Supra
7. Salesloft Drift Cyberattack Hits Major Tech Companies
8. : This episode of the CISO Podcast Series provides insights into the recent Salesloft Drift cyberattack affecting major tech companies. It offers guidance for CISOs and security professionals on managing the complexities of such cyber threats. Source:
9. The Cyber Express
10. Podcast: KVH on Connectivity, Cybersecurity, and Crew Wellbeing
11. : Marine Log's Listen Up! podcast features KVH discussing the impact of next-gen connectivity on maritime cybersecurity and crew wellbeing. The episode explores how technological advancements are transforming the maritime industry. Source:
12. Marine Log
13. New DLA Podcast Series Offers Venue for Contested Logistics Discussions
14. : The debut episode of the DLA podcast series features Peter Battaglia discussing the future of logistics and emerging cybersecurity threats. The series aims to provide a platform for discussing critical issues in logistics and cybersecurity. Source:
15. DLA

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, let's take a moment to reflect on the interconnected world we navigate. From the early warning signals in European logistics to the critical patches addressing vulnerabilities in our digital infrastructure, resilience is the thread that binds these stories. Our industrial sectors and digital landscapes face challenges that require vigilance and proactive measures. By staying informed and prepared, we can turn these challenges into opportunities for growth and security. If you found today's insights valuable, why not share this newsletter with your friends and colleagues? Together, we can build a community that is informed, resilient, and ready to tackle the cyber challenges of tomorrow. Until next time, stay secure and stay connected!