**ONSEC Cyber Daily: September 17, 2025** Welcome to today's edition of ONSEC Cyber Daily, where we unravel the tangled web of cyber threats lurking in the shadows. In this issue, we dive into the critical vulnerabilities that small and medium enterprises (SMEs) must guard against, starting with the ever-pressing issue of password security. As cybercriminals deploy brute force attacks with automated tools, the call for passwordless solutions grows louder. Our journey continues as we uncover the alarming state of AI servers, left exposed with unpatched components, inviting cybercriminals to exploit these digital fortresses. Meanwhile, the FBI sounds the alarm on cybercriminal groups targeting Salesforce platforms, adding another layer of urgency to the cybersecurity landscape. In a race against time, tech giants like Apple and Microsoft roll out patches to combat zero-day vulnerabilities, while Samsung urges Galaxy users to update against a critical flaw. As the cyber battlefield evolves, the importance of staying breach-ready with solutions like ColorTokens Xshield becomes paramount. Join us as we navigate these interconnected stories, highlighting the relentless pursuit of cyber resilience in an ever-changing digital world. Stay informed, stay secure.

Exploits Alert

1. Mind Your Password (and Five Other Cyber Vulnerabilities Important for SMEs): Hackers are increasingly using brute force attacks to bypass basic password security, employing automated tools to guess passwords. This highlights the urgent need for SMEs to adopt passwordless solutions to enhance their cybersecurity posture. The article emphasizes the importance of addressing these vulnerabilities to protect sensitive data. Source: Business Ghana.
2. Security Alert for AI Servers: Thousands Are at Risk: Recent research indicates that many AI infrastructures are being constructed with unprotected or unpatched components, leaving them vulnerable to cybercriminal attacks. This oversight provides an easy target for malicious actors, underscoring the necessity for robust security measures in AI development. The report calls for immediate action to secure these systems. Source: Red Hot Cyber.
3. FBI Alert on Cybercriminals Targeting Salesforce Platforms: The FBI has issued a flash alert concerning cybercriminal groups that are actively targeting Salesforce platforms. This critical vulnerability disclosed by Adobe could lead to significant data breaches if not addressed promptly. Organizations using Salesforce are urged to implement security patches and monitor for suspicious activities. Source: Crowe UAE.

Vulnerabilities & Patches

1. Apple Addresses Dozens of Vulnerabilities in Latest Software for iPhones, iPads, and Macs: Apple has rolled out critical updates for its devices, addressing over 50 vulnerabilities, including a zero-day flaw (CVE-2025-43300) that could lead to memory corruption. Users are urged to update to iOS 26 and macOS Tahoe 26 to protect against potential exploits. Source.
2. Microsoft September 2025 Patch Tuesday Fixes 81 Vulnerabilities, Including Zero-Days: Microsoft's latest patch release addresses a wide array of security issues, including a critical zero-day vulnerability (CVE-2025-44111) that could allow remote code execution. The update underscores Microsoft's proactive approach to cybersecurity. Source.
3. Patch Immediately — Social-Login Flaw in a WordPress Plugin Lets Attackers Bypass Authentication: A critical vulnerability (CVE-2025-5821) in a popular WordPress plugin allows attackers to bypass authentication, posing a significant risk to websites using this plugin. With a CVSS score of 9.8, immediate patching is recommended. Source.
4. SAP Releases Patches for Multiple High-Impact Vulnerabilities: SAP has issued patches for several critical vulnerabilities, including a deserialization flaw (CVE-2025-42944) with a perfect CVSS score of 10.0. This vulnerability could allow attackers to execute arbitrary code, highlighting the importance of timely updates. Source.
5. Samsung Urges Galaxy Users to Patch Zero-Day Flaw in September 2025 Update: Samsung has identified a zero-day vulnerability (CVE-2025-21043) in its Galaxy devices, which exploits an out-of-bounds write in an image-parsing library. Users are advised to update their devices promptly to mitigate potential risks. Source.

Podcasts

1. CrowdStrike Among Those Hit in NPM Attack Campaign: This podcast episode delves into the recent NPM attack campaign that has impacted several companies, including CrowdStrike. It explores the tactics used by attackers and the implications for cybersecurity practices. Source.
2. Black Hat USA 2025 CISO Podcast Series: Episode 7 Out Now: Episode 7 of the Black Hat USA 2025 CISO Podcast Series discusses the role of AI as a protective measure in cybersecurity. The episode provides insights into how AI is being integrated into security frameworks to enhance resilience. Source.
3. Android Security Changes, CISA Incentive Audit, LLM Usage: This podcast covers recent updates in Android security, the CISA incentive audit, and the usage of large language models (LLMs) in cybersecurity. It highlights the evolving landscape of mobile security and regulatory measures. Source.
4. Wait, SMS Doesn't Stand for “Super Mega Secure?”: Hosted by David Spark, this episode challenges common misconceptions about SMS security. It features discussions on the vulnerabilities associated with SMS and the importance of adopting more secure communication methods. Source.
5. The Future of UK Cyber & Crypto Policing – Ep. 170: This episode explores the rapid evolution of cybercrime in the UK and the strategies being implemented to combat it. It provides an in-depth look at the intersection of cyber and crypto policing and the future challenges in this domain. Source.

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, remember that the digital world is a vast ocean, and your passwords are the keys to your ship. With cybercriminals constantly on the prowl, it's crucial to stay vigilant and proactive. From brute force attacks to unpatched vulnerabilities, the threats are real, but so are the solutions. Embrace passwordless technologies, keep your systems updated, and always be breach-ready. We hope you found today's insights valuable. If you did, why not share this newsletter with your friends and colleagues? Together, we can build a more secure digital community. Until next time, stay safe and cyber-aware!