Welcome to the ONSEC Cyber Daily for September 13, 2025. Today, we dive into a digital battlefield where vulnerabilities are the frontline. Blockstream raises the alarm on phishing threats, revealing the human Achilles' heel in Bitcoin's armor. Meanwhile, SonicWall firewalls face a relentless Akira ransomware surge, exploiting system misconfigurations. Panama's Ministry of Economy and Finance admits to a cyberattack, highlighting the global reach of cybercrime. As the digital landscape evolves, so do the threats—DELMIA Apriso and Samsung devices grapple with critical vulnerabilities, while Apple warns of mercenary spyware attacks. In this interconnected web of cyber threats, vigilance and timely patches are our strongest allies. Stay informed, stay secure.

Exploits Alert

1. Blockstream Warns: Phishing Threats Expose Bitcoin's Human Vulnerability: Blockstream has issued a warning about a surge in phishing attacks targeting Bitcoin users, highlighting the human element as a critical vulnerability in blockchain security. This trend underscores the need for enhanced cybersecurity measures across the industry to protect digital assets. Source.
2. SonicWall Firewalls Targeted by Fresh Akira Ransomware Surge: A new wave of Akira ransomware attacks is exploiting misconfigurations in SonicWall firewalls, affecting numerous organizations. This highlights the importance of proper system configuration and regular updates to mitigate such vulnerabilities. Source.
3. Data Security Incident Admitted by Panama Ministry of Economy and Finance: Panama's Ministry of Economy and Finance has confirmed a cyberattack that potentially compromised one of its computers. This incident raises concerns about the security of governmental data and the need for robust cybersecurity protocols. Source.
4. DELMIA Factory Software Vulnerability Exploited in Attacks: A critical vulnerability in DELMIA Apriso factory software is being actively exploited by threat actors, prompting warnings from cybersecurity agencies. This exploitation emphasizes the necessity for timely patching and monitoring of industrial software systems. Source.
5. Apple Issues Warning on Mercenary Spyware Attacks Targeting User Devices: Apple has alerted users to sophisticated spyware attacks commissioned at high costs, targeting specific individuals. These attacks highlight the evolving nature of cyber threats and the importance of vigilance and security updates for personal devices. Source.

Vulnerabilities & Patches

1. Samsung's September Update Patches Critical Zero-Day Vulnerability: Samsung has released a critical security update addressing a zero-day vulnerability, tracked as CVE-2025-21043, affecting Android versions 13 through 16. This flaw, an out-of-bounds write, could allow attackers to execute arbitrary code. Users are urged to update their devices immediately to mitigate potential risks. Source: SammyGuru
2. Patch Now! Attacks on SonicWall Firewalls Observed Again: A critical vulnerability, CVE-2024-40766, in SonicWall firewalls has been actively exploited since September 2024. Despite being known for over a year, recent attacks highlight the urgency for users to apply the available patches to protect their systems. Source: Heise Online
3. WhatsApp Addressed An Actively Exploited Zero-Day Vulnerability: WhatsApp has patched a zero-day vulnerability, CVE-2025-55177, used in targeted spyware campaigns. Users are advised to update their applications to the latest version to prevent potential exploitation. Source: Latest Hacking News
4. Trio of Severe Cisco IOS XR Flaws Fixed: Cisco has released patches for several vulnerabilities in its IOS XR software, including a medium-severity installation process bug, CVE-2025-20248. These flaws could be exploited to bypass security measures, making timely updates crucial for network security. Source: SC Media
5. Microsoft Windows Defender Firewall Vulnerabilities Allow Privilege Escalation: Microsoft has addressed multiple vulnerabilities in Windows Defender Firewall, including CVE-2025-53808, CVE-2025-54104, and CVE-2025-54109. These flaws could allow attackers to escalate privileges, emphasizing the need for immediate deployment of the September security update. Source: GBHackers

Podcasts

1. Cyber Uncut Podcast: AI's impact on Aussie kids, ransomware attacks in Australia rise, and Warner Bros sues Midjourney. In this episode, Daniel Croft and David Hollingworth discuss the latest AI developments, the increasing frequency of ransomware attacks in Australia, and the legal battle between Warner Bros and Midjourney. Source. Content: PODCAST: AI's impact on Aussie kids, ransomware attacks in Australia rise, and Warner ...
2. Fastest 5 Minutes: CMMC: This week's episode covers the Department of Defense's final rule on the Cybersecurity Maturity Model Certification (CMMC). The podcast provides a concise update on the implications for contractors and the broader cybersecurity landscape. Source. Content: Fastest 5 Minutes: CMMC - Crowell & Moring LLP
3. Darknet Diaries: This podcast delves into the world of cybercrime, exploring real-life stories of hackers, breaches, and the people behind them. Each episode provides a gripping narrative that uncovers the hidden aspects of the digital underworld. Source. Content: Darknet Diaries - True stories from the dark side of the Internet.
4. Smashing Security: Hosted by cybersecurity veterans, this podcast offers a humorous take on the latest security news and breaches. The hosts break down complex topics into digestible and entertaining discussions, making cybersecurity accessible to all. Source. Content: Smashing Security - News and views from the world of cybersecurity.
5. The CyberWire Daily: This podcast provides a daily briefing on the latest cybersecurity news, trends, and events. With expert analysis and insights, it keeps listeners informed about the ever-evolving cyber threat landscape. Source. Content: The CyberWire Daily - Your daily dose of cybersecurity news and analysis.

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that the digital landscape is as dynamic as ever. From Blockstream's urgent warning about phishing threats exposing Bitcoin's human vulnerabilities to the relentless surge of Akira ransomware targeting SonicWall firewalls, the message is clear: vigilance is key. The Panama Ministry of Economy and Finance's recent data security incident and the critical vulnerabilities patched by tech giants like Samsung and Apple remind us that no system is invulnerable. In this interconnected world, sharing knowledge is our strongest defense. If you found today's insights valuable, please share this newsletter with your friends and colleagues. Together, we can build a more informed and resilient community, ready to tackle the challenges of tomorrow. Stay safe, stay informed, and see you in the next issue!