ONSEC Weekly Cybersecurity Newsletter
Welcome to this week’s edition of ONSEC’s Cybersecurity Newsletter! Stay informed with the latest ?? Exploits Alert, ??? Vulnerabilities & Patches, and top ?? Cybersecurity Podcasts to help you stay ahead of emerging threats.
?? Exploits Alert
Progress WhatsUp Gold Path Traversal Vulnerability Exposes Systems to Remote Code Execution CISA has issued an urgent warning about a path traversal vulnerability in Progress WhatsUp Gold that could expose systems to remote code execution. Source: GBHackers
CISA Alerts on Active Exploitation of Cisco Small Business Router Flaw CISA has issued an urgent warning about the active exploitation of a critical command injection vulnerability CVE-2023-20118 in Cisco Small Business Routers. Source: GBHackers
Report: CISA Vulnerabilities Catalog Monitored By Ransomware Gangs Ransomware gangs are reportedly monitoring the CISA vulnerabilities catalog, highlighting the importance of timely patching and vulnerability management. Source: MSSP Alert
Attackers Automating Vulnerability Exploits with Few Hours of Disclosure GreyNoise’s 2025 Mass Internet Exploitation Report reveals a systematic industrialization of cyberattacks, with threat actors leveraging automation to exploit vulnerabilities within hours of their disclosure. Source: Cybersecurity News
Ransomware Groups Exploit BioNTdrv.sys Flaws to Gain SYSTEM Privileges on Windows Ransomware groups are exploiting flaws in BioNTdrv.sys to gain SYSTEM privileges on Windows, with BYOVD attacks becoming increasingly popular among cybercriminals. Source: Tech Monitor
?? Vulnerabilities & Patches
Google Fixes 44 Android Flaws, 2 Actively Exploited Google has patched 44 Android vulnerabilities, two of which were already being exploited by hackers. One of the exploited vulnerabilities is identified as CVE-2024-43093. Source: VPNRanks
Progress WhatsUp Gold Path Traversal Vulnerability Exposes Systems to Remote Code Execution A path traversal vulnerability CVE-2024-4885 in Progress WhatsUp Gold exposes systems to remote code execution. Source: GBHackers
Samsung March 2025 Patch Enhances Security with Over 58 Vulnerability Fixes Samsung’s March 2025 patch enhances security by fixing over 58 vulnerabilities. Some of these vulnerabilities were already covered in earlier patches. Source: SammyFans
Nakivo Backup Flaw Still Present on Some Systems Months After Firms' Silent Patch Over 200 vulnerable Nakivo backup instances have been identified months after the firm silently patched a security flaw. Source: ITPro
Paragon Partition Manager Vulnerabilities Allow Attackers to Escalate Privileges Security researchers have uncovered five significant vulnerabilities in Paragon Partition Manager’s BioNTdrv.sys driver. Source: GBHackers
?? Top Podcasts This Week
APDR Podcast Episode 83 – Asia Pacific Defence Reporter Host Kym Bergmann discusses various topics related to cybersecurity, IT, simulation & training, and government policy. Source: Asia Pacific Defence Reporter
Taking the Pulse, A Health Care and Life Sciences Video Podcast | Episode 224 Lauren and Heather are joined by Steve McPheeters, EVP and Chief Legal Officer, to discuss health care and life sciences. Source: JD Supra
Is It Cyber Peace or Just a Buffer? – CyberWire Afternoon Cyber Tea discusses the concept of cyber peace and its implications. Host Dave Bittner leads the conversation. Source: CyberWire
Handmade Car Factory; Lifesaving Jet Design; Ford F-150 Security – Today in Manufacturing Ep. 209 This episode covers a range of topics, including a handmade car factory, a lifesaving jet design, and Ford F-150 security. Source: Manufacturing.net
Cyber Risk | Episode 2 | Improve Your Cyber Readiness – Clyde & Co Helen Bourne and Georgia Schulberg discuss how organizations can improve their cyber readiness through tabletop exercises. Source: Clyde & Co
Stay secure, stay informed.
ONSEC.io Team Experts in Penetration Testing and Cybersecurity Solutions