Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity threats and breaches that continue to challenge our digital landscape. In this issue, we delve into a series of alarming incidents that underscore the vulnerabilities across various sectors, from healthcare to finance, and even government agencies.

We begin with a significant data breach at Central Maine Healthcare, where the sensitive information of over 145,000 individuals was exposed, highlighting the persistent vulnerabilities in the healthcare sector. Meanwhile, Rumpke faces the financial repercussions of a cyberattack, settling a lawsuit for $750,000 after employee data was compromised.

The financial sector is not spared, as LPL and Ameriprise report breaches affecting clients' accounts, raising concerns about data security. In a more severe breach, a whistleblower has leaked personal data of 4,500 DHS and ICE agents, posing a grave risk to their safety.

On the technological front, a new Chinese-made malware framework targets Linux-based cloud environments, while a malicious Chrome extension masquerades as a trading tool to steal MEXC API keys. Additionally, a critical vulnerability in ASUS routers threatens to disrupt entire networks.

Finally, we explore a series of critical vulnerabilities, including improper access control in Windows Deployment Services and a heap-based buffer overflow in Fortinet systems, each posing significant risks to network security.

Stay informed and vigilant as we navigate these complex cybersecurity challenges together.

Data Breaches

1. Central Maine Healthcare Breach Exposed Data of Over 145,000 People: A data breach at Central Maine Healthcare (CMH) exposed sensitive information of more than 145,000 individuals. This incident highlights the ongoing vulnerabilities in the healthcare sector, emphasizing the need for robust data protection measures. Source: Bleeping Computer.
2. Rumpke Settles Lawsuit Over Employee Data Stolen in Cyberattack: Rumpke is settling a class-action lawsuit for $750,000 following a cyberattack that impacted nearly 17,000 current and former employees. The settlement underscores the financial and reputational risks companies face from data breaches. Source: Cincinnati Enquirer.
3. LPL, Ameriprise Report Online Attacks on Clients' Accounts, Data to Maine: Financial advice firms LPL and Ameriprise have reported data breaches affecting clients' accounts. This incident is part of a broader trend of cyberattacks targeting financial institutions, raising concerns about data security in the financial sector. Source: InvestmentNews.
4. $4M Numotion Data Breach Class Action Settlement: Numotion has agreed to a $4 million settlement following data breaches in March and September 2024. Affected individuals may qualify for up to $15,000 in reimbursement, highlighting the potential financial impact of data breaches on companies. Source: Top Class Actions.
5. Whistleblower Leaks Personal Data of 4,500 DHS and ICE Agents to Doxxing Website: A whistleblower has leaked the personal data of 4,500 DHS and ICE agents to a doxxing website. This breach raises significant concerns about the security of sensitive government data and the potential risks to individuals' safety. Source: WTOV9.

Security Research

1. This will get you hacked: from early probing to trust abuse - Cybernews: Cybernews's latest security research highlights a range of threats from insider recruitment and AI-powered investment scams to LLM reconnaissance and QR code phishing. The report underscores the evolving tactics of cybercriminals and the importance of staying vigilant against these sophisticated attacks. Source: Cybernews
2. Google security researcher warns that hackers are using malicious websites to exploit iOS: A security researcher from Google's Project Zero has discovered that hackers are using compromised websites to install "monitoring implants" on iPhones. This exploit allows attackers to gain unauthorized access to sensitive data, highlighting the need for robust security measures on mobile devices. Source: BetaNews
3. New Chinese-Made Malware Framework Targets Linux-Based Cloud Environments: Security researchers at Check Point Research have uncovered a new malware framework linked to Chinese-affiliated actors targeting Linux-based cloud environments. This sophisticated malware poses a significant threat to cloud infrastructure, emphasizing the need for enhanced security protocols. Source: Infosecurity Magazine
4. Malicious Chrome Extension Steals MEXC API Keys by Masquerading as Trading Tool: A malicious Chrome extension has been discovered stealing MEXC API keys by posing as a legitimate trading tool. This highlights the ongoing threat of browser-based attacks and the importance of verifying the authenticity of browser extensions. Source: The Hacker News
5. ASUS router bug can bring down whole networks: Security researchers have identified a wireless vulnerability in ASUS routers that could lead to total network disruption. This discovery underscores the critical need for regular updates and patches to protect network infrastructure from potential exploits. Source: SDxCentral

Top CVEs

1. CVE-2026-0386: Improper access control in Windows Deployment Services allows an unauthorized attacker to execute code over an adjacent network. This vulnerability poses a significant risk as it could be exploited to gain unauthorized access and control over network resources. Source.
2. CVE-2025-25249: A heap-based buffer overflow vulnerability in Fortinet FortiOS and FortiSASE allows attackers to execute unauthorized code or commands via specially crafted packets. This vulnerability affects multiple versions of FortiOS and FortiSASE, making it a critical issue for organizations using these systems. Source.
3. CVE-2026-22686: A critical sandbox escape vulnerability in enclave-vm allows untrusted, sandboxed JavaScript code to execute arbitrary code in the host Node.js runtime. This vulnerability breaks the core security guarantee of isolating untrusted code, posing a severe threat to systems using enclave-vm. Source.
4. CVE-2026-22871: A path traversal vulnerability in GuardDog's safeextract function allows malicious PyPI packages to write arbitrary files outside the intended extraction directory. This can lead to Arbitrary File Overwrite and Remote Code Execution on systems running GuardDog, making it a significant security concern. Source.
5. CVE-2026-22869: A critical security vulnerability in Eigent's CI workflow allows arbitrary code execution from fork pull requests with repository write permissions. This vulnerability can be exploited to steal credentials, post comments, push code, or create releases, posing a severe risk to systems using Eigent. Source.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is fraught with challenges and opportunities for both attackers and defenders. From healthcare breaches affecting thousands to sophisticated malware targeting cloud environments, the need for vigilance and robust security measures has never been more critical.

We've seen how companies like Rumpke and Numotion are navigating the aftermath of cyberattacks, highlighting the financial and reputational stakes involved. Meanwhile, the exposure of sensitive government data and the exploitation of mobile devices remind us that no sector is immune to these threats.

In the world of vulnerabilities, the recent discoveries in Windows Deployment Services, Fortinet systems, and other platforms underscore the importance of staying informed and proactive in patching and securing systems. Each vulnerability is a reminder of the ever-evolving tactics of cybercriminals and the need for continuous vigilance.

We hope today's insights empower you to strengthen your defenses and stay ahead of potential threats. If you found this newsletter valuable, please share it with your friends and colleagues. Together, we can build a more secure digital world.

Until next time, stay safe and stay informed!