Welcome to the ONSEC Cyber Daily for September 9th, where today's headlines weave a cautionary tale of vulnerabilities and defenses in the digital age. As the energy sector braces for potential cyber onslaughts, experts like Felix Kan of Cyberbay sound the alarm on aging infrastructures. Meanwhile, researchers have uncovered a method to bypass web application firewalls, raising concerns about the robustness of our digital defenses. In the UAE, a staggering 70% of smart home devices are exposed to cyber threats, highlighting the pervasive nature of these risks. The aviation industry is not spared either, with recent cyberattacks on Qantas underscoring the global reach of these threats. As vulnerabilities in Android phones and critical flaws in SAP S/4HANA systems come to light, the urgency for patches and updates becomes ever more pressing. Join us as we delve into these stories and more, exploring the interconnected web of cyber risks that define our modern world.

Exploits Alert

1. Energy Sector Faces Growing Cybersecurity Risk, Cyberbay Warns: The energy sector is increasingly vulnerable to cyberattacks due to aging infrastructure, according to Felix Kan, CEO of Cyberbay. This warning highlights the urgent need for enhanced cybersecurity measures to protect critical energy systems from potential threats. Source
2. Researchers Bypassed Web Application Firewall With JS Injection: Cybersecurity researchers have discovered a method to bypass web application firewalls using JavaScript injection combined with parameter pollution. This exploit could allow attackers to infiltrate systems that rely on these firewalls for protection, emphasizing the need for more robust security solutions. Source
3. 70% of Smart Home Devices Vulnerable to Cyberattacks, Warns UAE Cyber Security Council: The UAE Cyber Security Council reports that 70% of smart home devices, including voice assistants and cameras, are susceptible to cyberattacks. This vulnerability underscores the growing threat landscape and the importance of securing IoT devices in households. Source
4. Critical Argo CD API Flaw (CVE-2025-55190) Exposes Secrets: A critical vulnerability in the Argo CD API, identified as CVE-2025-55190, has been discovered, potentially exposing sensitive information. This flaw highlights the risks associated with API security and the need for immediate patching to prevent data breaches. Source
5. Vulnerabilities Detected in Android Phones, Update Now: CERT-In: CERT-In has identified vulnerabilities in Android phones running versions 14, 15, and 16, which could be exploited by attackers to steal data. Users are advised to update their devices promptly to mitigate these risks and protect their personal information. Source

Vulnerabilities & Patches

1. WINRAR Exploit: CVE-2025-8088
2. : A new vulnerability in WINRAR, identified as CVE-2025-8088, is being actively exploited by the hacker group HackerHood. The exploit allows attackers to leverage proprietary malware for data theft. A patch is available, but users need to manually update their systems to secure against this threat. Source:
3. Red Hot Cyber
4. .
5. Samsung Galaxy Z Fold 7 and Flip 7 Update
6. : Samsung has rolled out a September update for Galaxy Z Fold 7 and Flip 7, addressing several security vulnerabilities including CVE-2025-27034. Initially released in South Korea, this patch is expected to be available globally soon, enhancing device security and adding new features. Source:
7. SSBCrack
8. .
9. Apache Jackrabbit Vulnerability: CVE-2025-58782
10. : Apache Jackrabbit has become a target for hackers due to a critical vulnerability, CVE-2025-58782. Users are urgently seeking patches for version Oak 1.82.0 to mitigate the risk of exploitation. The vulnerability allows unauthorized access and manipulation of data. Source:
11. LinkedIn
12. .
13. PgAdmin Unauthorized Access: CVE-2025-9636
14. : A high-severity vulnerability in pgAdmin, CVE-2025-9636, allows unauthorized account access. The issue affects versions up to 9.7 and has been addressed with a patch. Users are advised to update immediately to prevent potential data breaches. Source:
15. Cyber Press
16. .
17. SAP S/4HANA Vulnerability: CVE-2025-42957
18. : A critical vulnerability in SAP S/4HANA, CVE-2025-42957, is being actively exploited, allowing attackers full system control. With a CVSS score of 9.9, SAP has released an urgent patch, and administrators are urged to apply it immediately to protect their systems. Source:
19. WebProNews
20. .

Podcasts

1. Hackers are after your water. How this town defends against them: This episode of "Consider This from NPR" explores how a small town is proactively defending its water supply from cyber threats. The podcast delves into the strategies and technologies employed to safeguard critical infrastructure from hackers. Source: NPR
2. Milwaukee Tool Heist; FedEx Cummins Layoffs; Deere Acquisition | Today in Manufacturing Ep. 235: This episode covers a range of topics including a cyber incident that temporarily shut down Jaguar Land Rover. It also discusses major corporate moves such as the Milwaukee Tool heist and FedEx Cummins layoffs. Source: IEN
3. SVG phishing, Anthropic piracy suit, Qantas docks executives - CISO Series: The podcast highlights the latest in cybersecurity news, focusing on SVG phishing campaigns and the legal battles surrounding Anthropic piracy. It also touches on executive penalties at Qantas. Source: CISO Series
4. Salesforce Under Fire: The Salesloft Drift Supply-Chain Breach: This episode discusses a significant cyber attack involving a data breach at Palo Alto Networks via their Salesforce platform. The podcast examines the implications for supply-chain security. Source: Security Boulevard
5. Why cyber risk is escalating for law firms: In this episode of The Lawyers Weekly Show, the focus is on the increasing cyber risks faced by law firms. The discussion includes insights from Cybertify on how legal practices can enhance their cybersecurity posture. Source: Lawyers Weekly

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that the digital landscape is evolving faster than ever, with new vulnerabilities emerging across sectors. From the energy sector's aging infrastructure to the rise of AI-powered threats in smart homes, the need for robust cybersecurity measures is more pressing than ever. Felix Kan's warning about the energy sector's vulnerabilities serves as a stark reminder of the challenges we face. Meanwhile, researchers continue to uncover ways to bypass defenses, as seen with the recent web application firewall bypass. In the UAE, the cybersecurity council's findings on smart home devices highlight the importance of securing our personal spaces. And let's not forget the critical vulnerabilities in systems like SAP S/4HANA and Android phones, which demand immediate attention and action. As we navigate these challenges, remember that cybersecurity is a collective effort. Share this newsletter with your friends and colleagues to keep them informed and vigilant. Together, we can build a safer digital world. Until tomorrow, stay secure and stay informed!