Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity incidents and vulnerabilities that are shaping the digital landscape. In this issue, we delve into a series of alarming data breaches and emerging cyber threats that demand immediate attention and action.

Our journey begins with a wave of data breaches sweeping across various sectors. From the healthcare industry with Variety Care's exposed sensitive information, to the financial sector's CIRO breach affecting 750,000 Canadian investors, and the educational realm with Monroe University's compromised records, the message is clear: no domain is immune. Even the Ellafi Federal Credit Union and Victorian government schools have fallen prey, underscoring the urgent need for fortified defenses.

As we navigate through these breaches, we encounter the relentless rise of cyber threats. The Kimwolf botnet's rapid infection of over 2 million devices and the novel ConsentFix OAuth phishing attack exemplify the evolving tactics of cybercriminals. Meanwhile, the c-ares DLL side-loading technique and VoidLink's sophisticated Linux malware framework highlight the persistent vulnerabilities that hackers exploit.

In the realm of vulnerabilities, we spotlight critical CVEs that pose significant risks. From the arbitrary file disclosure in Google Gemini to the privilege escalation in Modular DS, these vulnerabilities emphasize the necessity for rigorous security measures and vigilant monitoring.

Join us as we dissect these pressing issues, offering insights and strategies to bolster your cybersecurity posture. Stay informed, stay secure.

Data Breaches

1. Variety Care Data Breach Investigation: Strauss Borrelli PLLC is investigating a data breach involving Variety Care, which has potentially exposed sensitive information. The law firm is actively looking into the extent and impact of the breach. Source: Strauss Borrelli PLLC
2. CIRO Says About 750K People's Data Affected by Cybersecurity Incident: The Canadian Investment Regulatory Organization reported a data breach affecting approximately 750,000 Canadian investors. This breach has raised concerns about the security of personal information within the financial sector. Source: BNN Bloomberg
3. Privacy Alert: Monroe University Under Investigation for Data Breach: Schubert Jonckheer & Kolbe LLP is investigating a data breach at Monroe University that has compromised the personal information of over 320,000 individuals. The breach has prompted legal scrutiny and potential class action lawsuits. Source: PR Newswire
4. Conn. Credit Union Hit With 2nd Data Breach Class Lawsuit: Ellafi Federal Credit Union in Connecticut faces a second class action lawsuit following an October data breach. The breach has affected numerous members, leading to legal actions and demands for better data protection measures. Source: Law360
5. Victorian Students' Personal Data Exposed in Major Breach: A significant data breach has exposed the personal details of students in Victorian government schools. This incident highlights vulnerabilities in educational data systems and the need for enhanced cybersecurity measures. Source: 9News

Security Research

1. Kimwolf Botnet's Swift Rise to 2M Infected Devices Agitates Security Researchers: The Kimwolf botnet, a derivative of the Aisuru DDoS botnet, has rapidly infected over 2 million devices, causing significant concern among security researchers. This botnet's swift expansion highlights the ongoing challenges in combating large-scale cyber threats. Source: CyberScoop.
2. ConsentFix Debrief: Insights from the New OAuth Phishing Attack: The Push Security research team has identified and blocked a novel OAuth phishing attack technique named ConsentFix. This attack exploits OAuth's consent mechanism, posing a significant threat to user data security. Source: Bleeping Computer.
3. Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware: A new attack vector has been identified where hackers use c-ares DLL side-loading to bypass security measures and deploy malware. This technique often begins with a phishing email, making it a potent threat to unsuspecting users. Source: The Hacker News.
4. Linux Systems Face a New Predator: Inside VoidLink's Sophisticated Attack Arsenal: Security researchers have uncovered VoidLink, a sophisticated Linux malware framework with over 30 modules designed for stealthy, long-term access to cloud environments. This discovery underscores the evolving threat landscape targeting Linux systems. Source: Technology.org.
5. Predator Spyware Demonstrates Troubleshooting, Researcher-Dodging Capabilities: The Predator spyware has been found to possess advanced troubleshooting and researcher-dodging capabilities, transforming failed deployments into diagnostic events. This feature complicates efforts to analyze and mitigate its impact. Source: CyberScoop.

Top CVEs

1. CVE-2026-0532: External Control of File Name or Path CWE-73 combined with Server-Side Request Forgery CWE-918 can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. This requires an attacker to have authenticated access with privileges sufficient to create or modify connectors. The server processes a configuration without proper validation, allowing for arbitrary network requests and for arbitrary file reads. Source: Vulners.
2. CVE-2025-66005: Lack of authorization of the InputManager D-Bus interface in InputPlumber versions before v0.63.0 can lead to local Denial-of-Service, information leak, or even privilege escalation in the context of the currently active user session. This vulnerability highlights the importance of proper authorization checks in system interfaces. Source: Vulners.
3. CVE-2026-23550: Incorrect Privilege Assignment vulnerability in Modular DS allows Privilege Escalation. This issue affects Modular DS from unspecified versions through 2.5.1. The flaw can be exploited to gain elevated privileges, posing a significant risk to systems using this software. Source: Vulners.
4. CVE-2025-14338: Polkit authentication is disabled by default, and a race condition in the Polkit authorization check in versions before v0.69.0 can lead to similar issues as in CVE-2025-66005. This vulnerability underscores the critical need for secure authentication mechanisms in system services. Source: Vulners.
5. CVE-2025-67859: An Improper Authentication vulnerability in TLP allows local users to arbitrarily control the power profile in use as well as the daemon’s log settings. This issue affects TLP from version 1.9 before 1.9.1, highlighting the need for robust authentication controls in power management tools. Source: Vulners.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the cybersecurity landscape is as dynamic and challenging as ever. From data breaches affecting hundreds of thousands to sophisticated malware frameworks targeting Linux systems, the threats we face are evolving rapidly. The stories we've covered today highlight the critical need for vigilance, robust security measures, and continuous education to protect sensitive information and maintain trust in our digital world.

Whether it's the investigation into the Variety Care data breach, the alarming rise of the Kimwolf botnet, or the vulnerabilities exposed by recent CVEs, each piece of news serves as a reminder of the importance of staying informed and proactive in our cybersecurity efforts. As security professionals, we must remain committed to safeguarding our systems and data against these ever-present threats.

If you found today's insights valuable, please consider sharing this newsletter with your friends and colleagues. By spreading awareness and knowledge, we can collectively strengthen our defenses and foster a more secure digital environment for everyone. Thank you for joining us today, and we look forward to bringing you more critical updates in our next edition of Secret CISO.