Welcome to the ONSEC Cyber Daily for September 6th, where the digital battlefield is more active than ever. Today, we delve into a world where vulnerabilities are the new weapons, and patches are the shields. The Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert on a critical Android 0-Day Use-After-Free vulnerability actively exploited in cyberattacks. Meanwhile, SAP S/4HANA systems are under siege, with a flaw so severe it could lead to a full system takeover if not patched immediately. As if that weren't enough, Czechia sounds the alarm on China's data-stealing tactics, highlighting the global reach of cyber espionage. In this interconnected narrative of threats, the message is clear: vigilance and prompt patching are our best defenses. Stay informed, stay secure.

Exploits Alert

1. CISA Warns of Android 0-Day Use-After-Free Vulnerability Exploited in Attacks: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert for a newly discovered zero-day vulnerability in Android devices. This use-after-free vulnerability is actively being exploited in cyberattacks, emphasizing the urgent need for prompt patching to protect against potential threats. Source: Cybersecurity News.
2. Critical SAP S/4HANA Vulnerability Under Attack, Patch Now: A critical vulnerability in SAP S/4HANA is currently under active attack, prompting urgent calls for immediate patching. This vulnerability poses significant risks to enterprise systems, potentially allowing attackers to compromise sensitive business data. Source: Dark Reading.
3. CISA Warns of Linux Kernel Race Condition Vulnerability Exploited in Attacks: CISA has identified a race condition vulnerability in the Linux Kernel that is being actively exploited. This vulnerability could allow attackers to execute arbitrary code, making it crucial for users to apply available patches to mitigate risks. Source: Cybersecurity News.
4. Hackers Scan Cisco ASA Devices for Known Vulnerabilities: A massive scanning campaign targeting Cisco ASA devices has been detected, indicating potential upcoming vulnerability disclosures. This activity highlights the importance of maintaining up-to-date security measures to protect against exploitation. Source: Cyber Press.
5. Czechia Warns Of Chinese Data Transfers And Remote Administration For Espionage: The National Cyber and Information Security Agency (NÚKIB) of Czechia has issued a warning about Chinese data transfers and remote administration practices that pose espionage risks. This alert underscores the ongoing threats to government systems and critical infrastructure. Source: The Cyber Express.

Vulnerabilities & Patches

1. Google Recommends Immediate Android Update Due to Exploits: Google has identified two serious vulnerabilities in Android devices, urging users to update their phones immediately if the security patch level is before September 5, 2025. These flaws, including CVE-2025-48543, are actively exploited, posing significant security risks. Source.
2. Samsung Galaxy S26 Edge Receives Critical Security Updates: Samsung's One UI 8 Beta updates address several vulnerabilities, including CVE-2025-48561 and CVE-2025-48562. Users are advised to apply these patches to protect against potential exploits targeting these flaws. Source.
3. SAP S/4HANA Vulnerability Sparks Urgent Patch Requirement: A critical code injection vulnerability, CVE-2025-42957, in SAP's S/4HANA ERP system has been exploited, necessitating immediate application of the August 2025 patch. This flaw allows attackers to fully compromise affected systems. Source.
4. Sitecore XP Flaw Exploited, CISA Demands Immediate Patch: CISA has mandated federal agencies to patch CVE-2025-53690, a critical Sitecore XP vulnerability with a CVSS score of 9.0, which has been exploited since December 2024. This flaw allows remote code execution and data theft. Source.
5. WordPress Theme Hijacked by Malware, Update Required: A popular WordPress theme has been compromised by malware, exploiting CVE-2025-4322. Users are urged to update to version 5.6.68 to secure their sites against this threat. Source.

Podcasts

1. Week in Review: Baltimore's Expensive Gaffe, Ransomware Takedown Outcomes, Workiva Salesforce Breach: This podcast episode delves into the costly cybersecurity missteps made by Baltimore, the outcomes of recent ransomware takedowns, and the implications of the Workiva Salesforce breach. It provides a comprehensive analysis of these events, offering insights into the lessons learned and future prevention strategies. Source.
2. BSidesSF 2025: CISO Series Podcast - LIVE!: Recorded live at the BSidesSF 2025 event, this podcast features discussions with industry leaders on the latest cybersecurity trends and challenges. The episode captures the dynamic exchange of ideas and innovative solutions presented during the conference. Source.
3. 10 Cybersecurity Podcasts to Add to Your Queue Now: This podcast episode highlights the top 10 cybersecurity podcasts that are making waves in the industry. Each featured podcast is known for its in-depth analysis and coverage of the most prolific cyber gangs and emerging threats. Source.
4. The Dark Side Of LLMs For Code Generation: This episode from Cybercrime Magazine explores the potential risks and challenges associated with using large language models (LLMs) for code generation. It features insights from cybersecurity experts on how these technologies can be exploited and what measures can be taken to mitigate such risks. Source.
5. China's Cyberstorm Goes Global: The CyberWire Daily Podcast examines the global impact of China's cyber activities, discussing recent incidents and their implications for international cybersecurity. The episode provides a detailed analysis of China's strategies and the global response to these cyber threats. Source.

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that the digital landscape is as dynamic as ever, with new vulnerabilities and cyber threats emerging at every turn. From CISA's urgent warnings about the Android 0-Day Use-After-Free vulnerability to the critical SAP S/4HANA flaw under active attack, the message is clear: prompt patching is your frontline defense. Staying informed is crucial, and we hope you found today's stories both insightful and actionable. Remember, cybersecurity is a shared responsibility. If you found this newsletter valuable, please share it with your friends and colleagues. Together, we can build a more secure digital world. Stay vigilant, stay informed, and we'll see you in the next edition of ONSEC Cyber Daily. Until then, keep your systems patched and your data safe!