Welcome to the ONSEC Cyber Daily for September 18, 2025. Today, we dive into a web of vulnerabilities that are shaking the digital world. From Nigeria to Canada, and across the globe, cybercriminals are exploiting weaknesses in our most trusted devices and platforms. The Nigerian Data Protection Commission (NDPC) has raised alarms over critical Chrome vulnerabilities, urging users to secure their devices against potential data breaches. Meanwhile, a controversial bill in Canada could hinder cybersecurity efforts by restricting information sharing among service providers. In Morocco, Apple users are on high alert following a critical security warning, while Google Chrome users face an active 0-day attack, necessitating immediate updates. As cyber threats evolve, small and medium enterprises (SMEs) are urged to reassess their security measures to fend off crippling attacks. Join us as we unravel these interconnected stories, highlighting the urgent need for vigilance and proactive security measures in our increasingly digital world.

Exploits Alert

1. NDPC Sounds Alarm on Chrome Vulnerabilities, Urges Nigerians to Secure Devices: The National Data Protection Commission (NDPC) has highlighted critical vulnerabilities in Chrome that could allow cybercriminals to install malicious software, manipulate sensitive data, or create unauthorized user accounts. This alert emphasizes the importance of securing devices to prevent potential exploitation. Source.
2. Mind Your Password: Six Cyber Vulnerabilities That Could Cripple SMEs: As cyber threats continue to evolve, small and medium-sized enterprises (SMEs) are urged to reassess their digital security strategies. The report identifies six critical vulnerabilities that could severely impact business operations if left unaddressed. Source.
3. Strong-Borders Bill Could Compromise Cybersecurity in Canada, Experts Warn: Canadian experts are raising concerns over a proposed bill that could hinder cybersecurity efforts by preventing electronic service providers from sharing information about vulnerabilities. This legislation could potentially weaken the overall security framework by limiting collaborative defense measures. Source.
4. Morocco Urges Apple Users to Update Devices After Critical Security Alert: Following the discovery of severe security vulnerabilities, Moroccan authorities have issued a critical alert urging Apple users to update their devices immediately. This proactive measure aims to protect users from potential cyber threats exploiting these vulnerabilities. Source.

Vulnerabilities & Patches

1. Google Chrome 0-Day Under Active Attack – Update Immediately: A high-severity type confusion flaw in Chrome's V8 JavaScript engine, tracked as CVE-2025-10585, is under active exploitation. Users are strongly urged to update their browsers immediately to protect against potential attacks. Source: GBHackers, Cybersecurity News.
2. How Tenable Found a Way To Bypass a Patch for BentoML's Server-Side Request Forgery Vulnerability: Tenable discovered a method to bypass a patch for CVE-2025-54381, a vulnerability in BentoML's file-upload processing system. This flaw could allow remote attackers to make arbitrary HTTP requests. Source: Security Boulevard.
3. Samsung Security Flaw Could Let Hackers Remotely Control Your Device: A critical vulnerability in Samsung devices, tracked as CVE-2025, allows remote control by attackers. Samsung has issued a patch, and users are advised to update their devices immediately. Source: StartupNews.fyi.
4. Apple Fixes 0-Day Vulnerabilities in Older version of iPhones and iPad: Apple has patched CVE-2025-43300, an ImageIO zero-day vulnerability that enabled arbitrary code execution via malicious images. Users of older iPhones and iPads should update to iOS/iPadOS 16.7.12 to protect against this threat. Source: Cybersecurity News, gHacks Tech News.
5. Update Your Samsung Phone ASAP to Patch This Zero-Day Flaw Exploited in the Wild: Samsung users are urged to update their devices to patch a zero-day flaw that has been exploited in sophisticated attacks. This vulnerability, when combined with Apple's CVE-2025-43300, poses a significant security risk. Source: ZDNET.

Podcasts

1. Lights! Camera! Hacktion! | Smashing Security: This podcast episode explores the intriguing crossover between hackers and actors, featuring Graham and special guest Jenny Radcliffe. They engage in a playful game of "Hacker or Ham?" to determine when "bad actors" transition from cyber criminals to theatrical performers. The episode provides a humorous yet insightful look into the world of cybersecurity and entertainment. Source: YouTube
2. Shaping a New Era of Impact Through Integration: This podcast from UT San Antonio Today discusses the integration of missions between two leading research institutions. The episode highlights how this collaboration aims to improve lives and foster innovation. It's part of the "Launchpad: Voices of" series, which focuses on transformative initiatives in education and research. Source: UT San Antonio Today
3. The Cost of Delaying Colorado's AI Act: In this StateScoop podcast, Colorado Representative Brianna Titone discusses the implications of delaying the implementation of the Colorado AI Act. The episode delves into the legislative challenges and potential impacts on the state's technological landscape. It offers a critical perspective on policy-making in the realm of artificial intelligence. Source: StateScoop
4. How AI and Virtual Operators Are Transforming Security Operations: This Security Magazine podcast features Simon Morgan, Chief Product Officer at SureView Systems, discussing the transformative role of AI and virtual operators in security operations. The episode is part of the magazine's series on top cybersecurity leaders, providing insights into cutting-edge security technologies and strategies. Source: Security Magazine
5. Cybersecurity Stock Watch: What's Driving SailPoint's Rise: Cybercrime Magazine's podcast examines the factors contributing to the rise of SailPoint in the cybersecurity market. The episode discusses the economic significance of cyberattacks, projecting losses that rival the world's largest economies. It offers an in-depth analysis of market trends and the financial impact of cybersecurity threats. Source: Cybercrime Magazine

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that the digital landscape is ever-evolving, with new vulnerabilities and threats emerging at every turn. From the NDPC's urgent call for Nigerians to secure their devices against Chrome vulnerabilities to the critical updates needed for Apple and Samsung users, the message is clear: staying informed and proactive is key to safeguarding our digital lives. Cybercriminals are constantly refining their tactics, and as we've seen, even the smallest oversight can lead to significant breaches. Whether you're an individual user or an SME, understanding these vulnerabilities and taking immediate action can make all the difference. We hope today's insights empower you to take the necessary steps to protect your digital assets. If you found this newsletter helpful, please share it with your friends and colleagues. Together, we can build a more secure digital community. Stay vigilant, stay updated, and see you tomorrow for more cyber insights!

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

x.com

X (formerly Twitter)