Welcome to the ONSEC Cyber Daily for September 5th, where today's digital landscape is a battlefield of vulnerabilities and exploits. Hackers are aggressively scanning Cisco ASA devices, leveraging a staggering 25,000 IPs to exploit known weaknesses. Meanwhile, GreyNoise's early warning system is on high alert, as SAP S/4HANA faces a critical vulnerability that could be a goldmine for threat actors. The cyber world is buzzing with news of Sitecore's zero-day flaw, sparking a fresh wave of ViewState threats, while Google rushes to patch two actively exploited zero-day vulnerabilities in Android. As the U.S. dangles a $10 million reward for FSB hackers targeting critical infrastructure, cybersecurity startups like Sola Security are rising to the challenge, backed by tech giants like Microsoft. In this interconnected narrative of cyber threats and defenses, staying informed is your first line of defense. Dive into today's issue for a comprehensive look at the latest in cybersecurity news, alerts, and updates.

Exploits Alert

1. Hackers Scanning Cisco ASA Devices to Exploit Vulnerabilities: Hackers are actively scanning Cisco ASA devices from 25,000 IPs to exploit known vulnerabilities. This large-scale scanning effort highlights the persistent threat to network security posed by unpatched devices. Organizations using Cisco ASA are urged to update their systems to mitigate potential risks. Source: Cybersecurity News.
2. Exploit Available for SAP S/4HANA Critical Vulnerability: A critical vulnerability in SAP S/4HANA has been identified, with exploits now available to threat actors. This vulnerability could allow unauthorized access and manipulation of sensitive business data, posing a significant risk to enterprises relying on SAP systems. Immediate patching and security measures are recommended to protect against potential attacks. Source: CSO Online.
3. Sitecore Zero Day Sparks New Round of ViewState Threats: A zero-day vulnerability in Sitecore has been discovered, leading to a new wave of ViewState-related threats. This flaw could be exploited to execute arbitrary code, compromising the security of web applications using Sitecore. Security teams are advised to apply available patches and monitor for unusual activity. Source: Dark Reading.
4. Google Alerts to Active Exploitation of Sitecore Zero-Day Flaw: Google researchers have issued a warning about the active exploitation of a Sitecore zero-day flaw. This vulnerability is being leveraged by attackers to gain unauthorized access to systems, emphasizing the need for immediate remediation. Organizations using Sitecore should prioritize patching and enhance their security monitoring. Source: GBHackers.
5. Linux UDisks Daemon Vulnerability CVE-2025-8067 Alert: A new vulnerability identified as CVE-2025-8067 in the Linux UDisks Daemon poses a threat to systems running this service. Exploiting this flaw could allow attackers to execute arbitrary commands, potentially leading to system compromise. Users are advised to update their systems promptly to mitigate this risk. Source: The Cyber Express.

Vulnerabilities & Patches

1. Google Patches Two Zero-Day Vulnerabilities in Android September Security Update: Google has released a critical security update for Android, addressing two zero-day vulnerabilities, CVE-2025-38352 and CVE-2025-48543. These vulnerabilities could allow attackers to escalate privileges and exploit the Android Runtime component. Users are urged to update their devices immediately to mitigate potential risks. Source: Mobile ID World.
2. Samsung Galaxy S25 FE Guarantees 7 Years of Android and Security Upgrades: Samsung's latest Galaxy S25 FE model promises extensive security support, including the September 2025 patch which addresses 71 Android vulnerabilities and 25 One UI vulnerabilities. This commitment to long-term updates enhances device security and user trust. Source: Sammy Fans.
3. Critical Infrastructures: Attacks on Industrial Control Systems Possible: Hitachi Energy's Relion 650, 670, and SAM600-IO devices are vulnerable to DoS attacks due to CVE-2025-2403. The vulnerability poses a significant risk to critical infrastructures, and an update is awaited to address this high-severity issue. Source: Heise Online.
4. WhatsApp Warns iPhone and Mac Users to Update ASAP: A critical security patch has been released for iOS and macOS to fix CVE-2025-43300, a flaw that could compromise user data. WhatsApp urges users to update their devices immediately to protect against potential exploits. Source: Macworld.
5. CMS Provider Sitecore Patches Exploited Critical Zero Day: Sitecore has patched a critical zero-day vulnerability, CVE-2025-53690, which allowed code injection in Sitecore XM and XP up to version 9.0. The vulnerability was actively exploited, highlighting the importance of timely updates. Source: Infosecurity Magazine.

Podcasts

1. Nudify' app ban, hacker threatens artists with AI punishment, and fake ID marketplace takedown: This episode of the Cyber Uncut podcast features David Hollingworth and Daniel Croft discussing the latest AI news, including the ban of the 'Nudify' app, a hacker threatening artists with AI, and the takedown of a fake ID marketplace. The hosts delve into the implications of these developments on cybercrime and digital security. Source: Cybersecurity Connect.
2. New podcast focuses on resilience across sectors: The Leaders in Security Podcast highlights the importance of resilience in various sectors, focusing on cyber-physical vulnerabilities. The episode emphasizes the need for robust security measures to protect against emerging threats. Source: Security Journal UK.
3. Fancy Bear Develops Fancy New Outlook Backdoor: The CISO Podcast Series Episode 5 explores the latest developments by Fancy Bear, including a new Outlook backdoor. This episode is a must-listen for those interested in understanding the tactics of advanced persistent threats. Source: The Cyber Express.
4. Cracking the Legal Code for AI: Hosted by Rocky Dhir, this episode features attorney Shawn Tuma discussing the intersection of AI, data privacy, and cyber law. The conversation provides insights into the legal challenges and considerations for AI technologies. Source: Legal Talk Network.
5. Fintech foils heist, NotDoor backdoor, Salesloft-Drift continues: This episode of the CISO Series Podcast covers a fintech company's successful prevention of a bank heist, the discovery of the NotDoor backdoor, and ongoing impacts of the Salesloft-Drift incident. The discussion highlights the evolving landscape of cyber threats and defense strategies. Source: CISO Series.

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that the cyber landscape is as dynamic as ever. From hackers scanning Cisco ASA devices to exploit vulnerabilities from a staggering 25,000 IPs, to the critical alerts surrounding SAP S/4HANA and Sitecore zero-day threats, the need for vigilance and proactive defense has never been more pressing. GreyNoise's early warning systems and platforms like Cyber Security News are crucial allies in staying informed and prepared. Remember, cybersecurity is a shared responsibility. By staying informed and vigilant, we can collectively fortify our defenses against the ever-evolving threats. If you found today's insights valuable, please share this newsletter with your friends and colleagues. Together, we can build a more secure digital world. Stay safe, stay informed, and see you in the next edition of ONSEC Cyber Daily!