**ONSEC Cyber Daily: September 16, 2025** Welcome to today's edition of ONSEC Cyber Daily, where the digital battlefield is ever-evolving, and vigilance is key. Today, we unravel a web of cyber threats that span from sophisticated Salesforce exploits to vulnerabilities lurking in your everyday devices. The FBI has sounded the alarm on two cybercriminal groups, UNC6040 and UNC6395, who are exploiting Salesforce OAuth tokens, weaving a tapestry of data theft through cunning vishing techniques. This alert is a stark reminder of the relentless pursuit of sensitive information by cyber adversaries. Meanwhile, a critical flaw in WhatsApp for older Windows versions has prompted a cybersecurity warning, urging users to patch their systems. As vulnerabilities continue to surface, the importance of proactive security measures becomes ever more apparent. In the realm of mobile security, Samsung Galaxy users are urged to update their devices immediately to counter a severe vulnerability, CVE-2025-21043, that threatens Android users worldwide. This serves as a crucial reminder of the importance of timely updates in safeguarding personal data. Join us as we delve into these stories and more, exploring the intricate dance between cyber threats and the defenses we must deploy to stay one step ahead. Stay informed, stay secure.

Exploits Alert

1. FBI Alert: UNC6040, UNC6395 Exploit Salesforce OAuth for Data Theft: The FBI has issued an alert regarding cyberattacks by groups UNC6040 and UNC6395. These attackers are exploiting Salesforce via OAuth token manipulation and vishing techniques to steal sensitive data. This highlights the importance of securing OAuth implementations and being vigilant against social engineering attacks. Source: WebProNews.
2. FBI Flags New Salesforce Cyber Threats - IOCs Reveal Data Exfiltration Tactics: In collaboration with CISA, the FBI has released a security warning about two cybercriminal groups targeting Salesforce. The alert details the tactics used for data exfiltration, emphasizing the need for organizations to enhance their monitoring and response strategies. Source: CyberPress.
3. Cybersecurity Center Issues Warning on WhatsApp Flaw Affecting Older Windows Versions: A cybersecurity center has issued a warning about a vulnerability in WhatsApp for Windows, particularly affecting older versions. This flaw could potentially be exploited to compromise user data, urging users to update their software to the latest version. Source: MSN.
4. CTT Organized Cybersecurity Vulnerability Management Workshop (2025): The CTT hosted a workshop focused on cybersecurity vulnerability management, aiming to enhance understanding and identification of vulnerabilities. This initiative is part of a broader effort to strengthen cybersecurity frameworks and prepare for future threats. Source: GCS.

Vulnerabilities & Patches

1. Samsung Galaxy Security Update: CVE-2025-21043: Samsung has released a critical security update for Galaxy devices to address CVE-2025-21043, an out-of-bounds write vulnerability in the libimagecodec.quram.so library. This flaw, with a CVSS score of 8.8, could allow attackers to execute arbitrary code on affected devices. Users are urged to update their devices immediately to mitigate potential risks. Source: Mashable
2. iOS 18.7 and iPadOS 18.7 Security Patches: Apple has rolled out security patches for iOS 18.7 and iPadOS 18.7, addressing significant vulnerabilities for users not yet on the latest Liquid Glass version. These updates are crucial for maintaining device security and protecting against potential exploits. Users should ensure their devices are updated to the latest software versions. Source: Cult of Mac
3. Apache Foundation Urges Immediate Patching: The Apache Foundation has identified two critical vulnerabilities, CVE-2024-43441 and CVE-2024-45387, with the former being an authentication bypass issue. Users are strongly advised to apply the latest patches to prevent unauthorized access and potential data breaches. Source: MSN
4. IBM QRadar SIEM Vulnerability: CVE-2025-0164: IBM has released an interim fix for a vulnerability in QRadar SIEM, CVE-2025-0164, which could allow attackers to perform unauthorized actions. Organizations using QRadar SIEM should apply Update 13 Interim to secure their systems against potential exploitation. Source: GBHackers
5. FlowiseAI Password Reset Token Flaw: CVE-2025-58434: A vulnerability in FlowiseAI, CVE-2025-58434, exposes accounts to takeover risks via the password reset token mechanism. Until a patch is available, it is recommended to disable public access to the affected endpoint and implement additional security measures. Source: The Cyber Express

Podcasts

1. Fastest 5 Minutes: CMMC: This podcast episode delves into the Department of Defense's final rule on the Cybersecurity Maturity Model Certification (CMMC) program, which is crucial for DoD contractors. It provides a concise overview of the implications and requirements of the CMMC, making it essential listening for those involved in government contracts and procurement. Source: Mondaq
2. Policy to Practice Podcast Series: Nick Johnston on Navigating AI, Privacy, and Risk: This podcast series explores the intersection of AI, privacy, and cybersecurity, featuring insights from industry experts like Kaylee Cox Bankston and Boris Segalis. The discussions focus on the challenges and strategies for managing AI-related risks and privacy concerns in today's digital landscape. Source: JD Supra
3. Zscaler CEO warns that AI could spark new cyberattacks: In this episode, the CEO of Zscaler discusses the potential for AI to initiate new forms of cyberattacks, highlighting the evolving nature of cybercrime. The conversation provides valuable insights into how companies can prepare for and mitigate these emerging threats. Source: YouTube
4. CISO's Guide to Securing a Board Seat in the Boardroom: This podcast from Cybercrime Magazine offers daily episodes featuring insights from cybersecurity experts, victims, and law enforcement. It focuses on the strategic role of CISOs in securing boardroom positions and influencing organizational cybersecurity policies. Source: Cybercrime Magazine
5. Transforming Asset Visibility with Trend Micro: Franz Fiorim, Field CTO at Trend Micro, discusses their Cyber Risk Exposure Management (CREME) solution in this episode. The podcast highlights how Trend Micro's approach enhances asset visibility and addresses cybersecurity challenges, making it a must-listen for cybersecurity professionals. Source: CISO Series

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that the digital landscape is ever-evolving, with threats lurking at every corner. From the FBI's alert on UNC6040 and UNC6395 exploiting Salesforce OAuth tokens to the vulnerabilities in WhatsApp and Samsung Galaxy devices, staying informed is your first line of defense. Remember, knowledge is power, and sharing this knowledge can help fortify our collective cybersecurity posture. We encourage you to share this newsletter with friends and colleagues who could benefit from staying updated on the latest cyber threats and security measures. Together, we can build a more secure digital world, one informed individual at a time. Stay vigilant, stay secure, and see you in the next edition of ONSEC Cyber Daily!