Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity incidents shaping our digital landscape. As we step into the new year, the stakes have never been higher, with a series of breaches and vulnerabilities that demand our immediate attention.

In a dramatic turn of events, the European Space Agency finds itself grappling with a significant data breach, raising questions about the security of sensitive information. Meanwhile, Knownsec's breach unveils a trove of espionage tradecraft, highlighting the persistent threat of insider risks.

The cryptocurrency world is not spared, as Trust Wallet falls victim to a sophisticated supply chain attack, draining millions from unsuspecting users. This incident underscores the urgent need for fortified defenses in the ever-evolving crypto landscape.

Privacy concerns take center stage with Pornhub's data breach, exposing users' viewing habits and sparking a potential class-action lawsuit. Similarly, Condé Nast's breach serves as a stark reminder of the vulnerabilities lurking within large-scale data systems.

As we delve deeper, the rise of illegal streaming emerges as a formidable industry, posing significant security threats. Meanwhile, SquareX's research reveals the heightened risks associated with browser AI agents, calling for enhanced security measures.

In the realm of development environments, GlassWorm malware exploits VS Code extensions, turning them into attack vectors against macOS. Additionally, threat actors manipulate large language models for automated vulnerability exploitation, emphasizing the need for robust AI security.

Finally, we spotlight critical vulnerabilities, from cross-site scripting issues in ZhinaTwitterWidget to SQL injection flaws in WordPress plugins, each posing unique challenges to our digital defenses.

Stay informed and vigilant as we navigate these complex threats together. Welcome to the new year in cybersecurity.

Data Breaches

1. European Space Agency Hit Again as Crims Claim 200 GB Haul: The European Space Agency (ESA) has acknowledged a security incident that reportedly resulted in the theft of 200 GB of data. While the ESA claims the breach affected only a small number of users, the incident has raised significant concerns about the agency's cybersecurity measures. The breach's impact and the potential exposure of sensitive information have garnered considerable attention. Source: The Register
2. Knownsec Data Breach: A Trove of Espionage Tradecraft with an Insider Narrative: Knownsec has suffered a significant data breach, exposing a wealth of internal documents and offensive cyber tools. The breach has revealed evidence of global targeting by the Chinese cybersecurity firm, raising alarms about the potential misuse of such sensitive information. This incident highlights the ongoing risks associated with insider threats and the need for robust security measures. Source: Resecurity
3. Trust Wallet Chrome Extension Hack Drains $8.5M via Shai-Hulud Supply Chain Attack: Trust Wallet has disclosed a security breach involving the Shai-Hulud supply chain attack, resulting in the theft of $8.5 million. The attack targeted the Chrome extension of the wallet, exploiting vulnerabilities to drain funds from users' accounts. This incident underscores the critical need for enhanced security in cryptocurrency platforms and the growing sophistication of cyber threats. Source: The Hacker News
4. Pornhub Premium Lawsuit Data Breach Users Viewing Habits: Pornhub is facing a potential class-action lawsuit following a data breach that exposed users' viewing histories. The breach has raised privacy concerns among users, as sensitive information about their online activities has been compromised. This incident highlights the importance of robust data protection measures for companies handling sensitive user data. Source: Austin American-Statesman
5. Condé Nast Hack Exposes 40 Million Users' Data: A hacker named Lovely has claimed responsibility for breaching Condé Nast's user database, exposing data of over 40 million users. The breach has led to the release of more than 2.3 million user records, raising significant concerns about data security and privacy. This incident serves as a stark reminder of the vulnerabilities present in large-scale data systems. Source: PYMNTS.com

Security Research

1. Crypto Exploit Triage Group SEAL Sees Uptick in Tickets in 2025: The SEAL 911 group has experienced a significant increase in the number of tickets, totaling 3,300 since its launch in late 2023. This surge highlights the growing challenges in managing crypto-related security incidents. The group's efforts are crucial in addressing the complexities of the crypto security landscape. Source: The Block.
2. Illegal Streaming Grows into an Organized, Profitable, and Dangerous Industry: Recent research reveals that illegal streaming has evolved into a highly organized and profitable industry. Alarmingly, one in ten people underestimate the risks associated with using illegal sources for entertainment. This trend poses significant security threats and underscores the need for increased awareness and regulation. Source: Help Net Security.
3. SquareX Research Finds Browser AI Agents Riskier Than Employees: New research from SquareX indicates that browser AI agents are more susceptible to phishing and OAuth attacks compared to human employees. This finding raises concerns about the security implications of integrating AI agents into enterprise environments, necessitating enhanced security measures. Source: Security Boulevard.
4. GlassWorm Malware Turns VS Code Extensions into an Attack Vector Against macOS: Security researchers have identified malicious extensions on the Open VSX marketplace that exploit VS Code extensions as an attack vector against macOS. This discovery highlights the need for vigilance in monitoring and securing development environments against such threats. Source: GBHackers.
5. Threat Actors Manipulating LLMs for Automated Vulnerability Exploitation: Researchers have uncovered that threat actors are manipulating large language models (LLMs) to automate vulnerability exploitation. By assigning benign roles to these models, attackers can construct scenarios that facilitate exploit development, emphasizing the need for robust AI security measures. Source: Cybersecurity News.

Top CVEs

1. CVE-2025-23719: This vulnerability involves improper neutralization of input during web page generation, leading to a cross-site scripting (XSS) issue in the ZhinaTwitterWidget. It affects versions from n/a through 1.0, allowing attackers to execute scripts in the context of the user's browser session. Source: Vulners.
2. CVE-2025-31054: A cross-site request forgery (CSRF) vulnerability in Themefy Bloggie allows for reflected XSS attacks. This issue affects Bloggie versions from n/a through 2.0.8, potentially enabling attackers to perform unauthorized actions on behalf of users. Source: Vulners.
3. CVE-2025-28949: This vulnerability is an SQL injection flaw in the Codedraft Mediabay - WordPress Media Library Folders. It allows blind SQL injection attacks, affecting versions from n/a through 1.4, which could lead to unauthorized data access or manipulation. Source: Vulners.
4. CVE-2025-30628: An SQL injection vulnerability in the AA-Team Amazon Affiliates Addon for WPBakery Page Builder allows attackers to execute arbitrary SQL commands. This issue affects versions from n/a through 1.2, posing a risk of data compromise. Source: Vulners.
5. CVE-2025-47566: This cross-site scripting (XSS) vulnerability in ZoomSounds allows reflected XSS attacks. It affects versions from n/a through 6.91, potentially enabling attackers to inject malicious scripts into web pages viewed by other users. Source: Vulners.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the cybersecurity landscape is as dynamic and challenging as ever. From the European Space Agency's data breach to the sophisticated Shai-Hulud supply chain attack, each story underscores the critical importance of robust security measures and constant vigilance.

We've also seen how insider threats and vulnerabilities in popular platforms like Trust Wallet and Pornhub can lead to significant data breaches, affecting millions of users worldwide. These incidents serve as stark reminders of the need for enhanced security protocols and the importance of safeguarding sensitive information.

Moreover, the rise in crypto-related security incidents and the evolving threat landscape in illegal streaming and AI integration highlight the complexities of modern cybersecurity. As threat actors continue to exploit vulnerabilities, it's crucial for organizations to stay informed and proactive in their defense strategies.

We hope you found today's insights valuable and encourage you to share this newsletter with friends and colleagues who might benefit from staying informed about the latest cybersecurity developments. Together, we can build a more secure digital world.

Until next time, stay safe and vigilant!