**ONSEC Cyber Daily: September 7, 2025** Welcome to today's edition of ONSEC Cyber Daily, where the digital landscape is anything but quiet. Our top story unfolds like a thriller, with hackers actively exploiting a critical SAP vulnerability, CVE-2025-42957, putting countless systems at risk. Veteran cybersecurity reporter Deeba from Hackread.com brings us the latest on this urgent security alert for SAP users. Meanwhile, Android users are facing their own September security nightmare, as critical vulnerabilities leave millions exposed. The latest patch offers some relief, but the threat looms large. As if that weren't enough, TP-Link router flaws are opening doors for botnets to target your Microsoft 365 accounts. The US Cybersecurity and Infrastructure Security Agency (CISA) has issued advisories, urging immediate updates. Stay informed, stay secure, and dive into today's stories to protect your digital world.

Exploits Alert

1. Critical SAP Vulnerability CVE-2025-42957 Actively Exploited by Hackers: A critical vulnerability in SAP systems, identified as CVE-2025-42957, is being actively exploited by hackers. This flaw allows unauthorized access and manipulation of sensitive data, posing a significant risk to organizations relying on SAP software. Immediate patching and security measures are advised to mitigate potential breaches. Source: Hackread.
2. Microsoft Exchange Server Zero-Day Exploit: A newly discovered zero-day vulnerability in Microsoft Exchange Server is under active exploitation, allowing attackers to execute arbitrary code remotely. This exploit poses a severe threat to businesses using Exchange for email and communication services, necessitating urgent updates and security protocols. Organizations are urged to apply the latest patches to safeguard their systems. Source: BleepingComputer.
3. Fortinet Firewall Vulnerability Exposes Networks: A critical vulnerability in Fortinet's firewall products has been identified, potentially allowing attackers to bypass authentication and gain unauthorized access to networks. This exploit could lead to data breaches and network disruptions, emphasizing the need for immediate firmware updates and enhanced security configurations. Source: SecurityWeek.
4. Apple iOS Zero-Day Flaw Under Active Attack: A zero-day vulnerability affecting Apple iOS devices is being actively exploited, enabling attackers to execute malicious code with elevated privileges. Users are strongly advised to update their devices to the latest iOS version to protect against potential exploitation and data compromise. Source: MacRumors.
5. VMware vSphere Security Flaw Threatens Virtual Environments: A security flaw in VMware vSphere has been discovered, which could allow attackers to gain control over virtual environments. This vulnerability highlights the importance of regular updates and security audits to prevent unauthorized access and ensure the integrity of virtual infrastructures. Source: The Register.

Vulnerabilities & Patches

1. Android's September Security Nightmare: Critical Vulnerabilities Leave Millions Exposed: Android users are facing a significant threat with the discovery of critical vulnerabilities that could potentially expose millions of devices to malicious attacks. The vulnerabilities, identified as CVE, highlight the urgent need for users to update their devices to the September 5 patch level to ensure comprehensive protection. This patch provides additional security measures to safeguard against these threats. Source
2. Worrying TP-Link Router Flaws Could Let Botnets Attack Your Microsoft 365 Accounts: A series of vulnerabilities in TP-Link routers have been identified, posing a risk of botnet attacks on Microsoft 365 accounts. Users are urged to update their router firmware immediately to mitigate these risks. The US Cybersecurity and Infrastructure Security Agency (CISA) has issued advisories to highlight the severity of these flaws. Source
3. Apple's iOS 17 Security Update: Fixes for Actively Exploited Vulnerabilities: Apple has released an urgent security update for iOS 17, addressing vulnerabilities that are currently being exploited in the wild. These vulnerabilities could allow attackers to execute arbitrary code on affected devices. Users are strongly advised to update their devices to the latest version to protect against potential threats. Source
4. Microsoft Patch Tuesday: Critical Fixes for Windows and Office: Microsoft's latest Patch Tuesday release includes critical updates for Windows and Office products, addressing vulnerabilities that could lead to remote code execution. These updates are crucial for maintaining system security and preventing potential exploitation by attackers. Users should apply these patches as soon as possible to ensure their systems are protected. Source
5. Linux Kernel Vulnerability: Privilege Escalation Risk: A newly discovered vulnerability in the Linux kernel could allow attackers to escalate privileges on affected systems. This flaw poses a significant risk to Linux users, and a patch has been released to address the issue. It is recommended that users update their systems promptly to mitigate this threat. Source

Podcasts

1. Cyber Chronicles: The Rise of Quantum Security: This podcast delves into the emerging field of quantum computing and its implications for cybersecurity. Experts discuss how quantum technologies could revolutionize encryption methods, making current security protocols obsolete. The series also explores the race between nations to achieve quantum supremacy and its potential impact on global cyber defense strategies. Source: Cyber Chronicles Podcast.
2. Data Breach Diaries: Inside the Minds of Hackers: Offering a deep dive into the psychology of cybercriminals, this podcast series interviews former hackers and cybersecurity experts to uncover the motivations and tactics behind major data breaches. Listeners gain insights into how organizations can better protect themselves by understanding the hacker mindset. Source: Data Breach Diaries.
3. Digital Fortress: Building Cyber Resilience: Focused on strategies for enhancing organizational resilience against cyber threats, this podcast provides practical advice from industry leaders. Topics include incident response planning, employee training, and leveraging AI for threat detection. Each episode features case studies of companies that successfully thwarted cyber attacks. Source: Digital Fortress Podcast.
4. Privacy Paradox: Navigating the Digital Age: This podcast explores the complex relationship between privacy and technology in today's digital world. Experts discuss the challenges of maintaining privacy in an era of pervasive data collection and surveillance, offering tips for individuals and businesses to safeguard their information. Source: Privacy Paradox Podcast.
5. Securing the Future: Innovations in Cyber Defense: Highlighting cutting-edge technologies and methodologies in cybersecurity, this podcast features interviews with innovators and thought leaders. Topics range from blockchain security to the use of machine learning in threat prediction, providing listeners with a glimpse into the future of cyber defense. Source: Securing the Future Podcast.

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that the digital landscape is as dynamic as ever. From the critical SAP vulnerability CVE-2025-42957 actively exploited by hackers, to Android's September security nightmare, and the concerning TP-Link router flaws, the need for vigilance and timely updates has never been more pressing. Our trusted sources, including veteran cybersecurity reporter Deeba from Hackread, remind us that staying informed is our first line of defense against cybercrime. We urge you to take action: update your systems, apply patches, and share this newsletter with friends and colleagues. By spreading the word, you're not just sharing information—you're helping to build a more secure digital community. Let's keep each other safe in this ever-evolving cyber world. Until tomorrow, stay secure and stay informed!