Welcome to today's edition of Secret CISO, where we unravel the latest in cybersecurity breaches and vulnerabilities, painting a vivid picture of the digital battlefield. On this January 19th, we delve into a series of alarming incidents that underscore the critical need for fortified defenses in our interconnected world.

First, we witness a seismic shift in the financial landscape as Coupang Inc. grapples with a $14 billion market cap plunge following a massive data breach. This event sets the stage for a broader narrative of vulnerability, as New Zealand's ManageMyHealth platform and the Canadian Investment Regulatory Organization face their own breaches, exposing sensitive personal and financial data to the world.

The digital underworld continues its relentless assault, with crypto criminals siphoning off $713 million and hackers compromising nearly 16,000 WordPress websites. Meanwhile, a daring theft at a top-secret spy base raises questions about physical security protocols, reminding us that threats are not confined to the digital realm.

In the realm of proactive defense, researchers sound the alarm on malicious Chrome extensions targeting enterprise systems, while the EFF champions the cause of security researchers facing legal challenges. Amidst these challenges, Nigerian-born researcher Taiwo Ogunseyi pioneers advancements in IoT security through explainable AI, offering a beacon of hope in the fight against cyber threats.

Finally, we explore the latest vulnerabilities, from Mapnik's heap-based buffer overflow to UTT's buffer overflow flaw, and n8n's sandbox bypass, highlighting the ever-present need for vigilance and rapid response in the face of evolving threats.

Stay informed, stay secure, and join us as we navigate the complex landscape of cybersecurity in today's Secret CISO.

Data Breaches

1. Coupang Market Cap Drops $14B After User Data Breach: Coupang Inc. experienced a significant data breach that led to a 25% drop in its stock price on the NYSE. The breach involved a large-scale leak of personal data, causing investor jitters and regulatory scrutiny. This incident highlights the critical need for robust cybersecurity measures in protecting user data. Source: Tech in Asia.
2. New Zealand “ManageMyHealth” Hack Exposes Thousands of Patients' Medical Records: A major data breach in New Zealand's ManageMyHealth platform exposed sensitive medical records of thousands of patients. This breach underscores the vulnerability of private health data in the hands of corporations prioritizing profit over security. The incident has sparked concerns about the protection of personal health information. Source: WSWS.
3. How Crypto Criminals Stole $713 Million: A significant data breach involving crypto criminals resulted in the theft of $713 million, affecting customer information. The criminals confirmed possession of the stolen data, highlighting the ongoing challenges in securing digital assets and the need for enhanced cybersecurity measures in the crypto industry. Source: BBC News.
4. CIRO Data Breach Last Year Exposed Info on 750,000 Canadian Investors: The Canadian Investment Regulatory Organization (CIRO) confirmed a data breach that exposed information on approximately 750,000 Canadian investors. This breach raises concerns about the security of financial data and the potential impact on investor trust and regulatory compliance. Source: Bleeping Computer.
5. Major Security Breach at Top Secret Spy Base as Thieves Steal Cable: A security breach at a top-secret spy base resulted in the theft of 56 tons of copper cable reels. The incident, involving thieves who managed to evade detection, highlights vulnerabilities in physical security measures at sensitive facilities. This breach raises questions about the adequacy of security protocols in protecting critical infrastructure. Source: The Sun.

Security Research

1. Alert! Researchers spot 5 malicious Chrome extensions targeting popular enterprise HR and ERP platforms: Researchers have identified five malicious Chrome extensions that are targeting popular enterprise HR and ERP platforms. These extensions, named DataByCloud 2, Tool Access 11, DataByCloud Access, Data By Cloud 1, and Software, pose significant security risks by potentially accessing sensitive enterprise data. Source: Cybersecurity Connect.
2. EFF asks court to block US from prosecuting security researcher: The Electronic Frontier Foundation (EFF) is advocating for the protection of security researchers from prosecution in the US. They argue that the methods used by researchers to identify vulnerabilities in computer systems are crucial for cybersecurity and should not be criminalized. Source: BetaNews.
3. Hackers compromise nearly 16,000 WordPress websites: Security researcher Daniel Cid reports that nearly 16,000 WordPress websites have been compromised by cyber attackers this year. These attacks highlight the vulnerabilities in WordPress sites and the need for enhanced security measures to protect against such breaches. Source: BetaNews.
4. Researcher advances explainable AI for IoT security: Nigerian-born cybersecurity researcher Taiwo Ogunseyi is making significant strides in improving the security of Internet-of-Things (IoT) devices. By advancing explainable AI, Ogunseyi aims to enhance the understanding and management of IoT security threats. Source: The Nation Newspaper.
5. Argus - Python-powered Toolkit for Information Gathering and reconnaissance: Argus is a new Python-powered toolkit designed for information gathering and reconnaissance. This tool is particularly useful for cybersecurity professionals looking to exploit vulnerabilities in malware like StealC, offering a robust solution for enhancing security measures. Source: Cyber Security News.

Top CVEs

1. CVE-2025-15537: A security vulnerability in Mapnik up to version 4.2.0 has been identified, affecting the function mapnik::dbffile::stringvalue in the file plugins/input/shape/dbfile.cpp. This flaw leads to a heap-based buffer overflow and requires local access to exploit. The exploit has been publicly disclosed, but the project has not yet responded to the issue report. Source: Vulners.
2. CVE-2026-1140: A vulnerability in UTT 进取 520W version 1.7.7-180627 affects the strcpy function in the file /goform/ConfigExceptAli, resulting in a buffer overflow. This flaw can be exploited remotely, and the exploit has been made public. Despite early notification, the vendor has not responded to this disclosure. Source: Vulners.
3. CVE-2026-0863: An attacker can bypass n8n's python-task-executor sandbox restrictions using string formatting and exception handling, allowing them to execute arbitrary Python code on the underlying operating system. This vulnerability can be exploited by an authenticated user with basic permissions, leading to a full instance takeover if operating under "Internal" execution mode. In "External" mode, the impact is reduced as the code executes inside a Sidecar container. Source: Vulners.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the world of cybersecurity is as dynamic and challenging as ever. From major data breaches affecting companies like Coupang and ManageMyHealth to vulnerabilities in platforms like WordPress and Mapnik, the need for robust security measures is more pressing than ever. These incidents serve as a stark reminder of the importance of staying vigilant and proactive in safeguarding our digital landscapes.

We also explored the innovative strides being made in the field, such as the advancements in explainable AI for IoT security and the development of tools like Argus for information gathering. These efforts highlight the ongoing battle against cyber threats and the critical role of research and innovation in fortifying our defenses.

As we continue to navigate this complex terrain, remember that knowledge is power. Sharing insights and staying informed are key to building a resilient cybersecurity community. If you found today's newsletter insightful, please consider sharing it with your friends and colleagues. Together, we can foster a more secure digital future for everyone.

Thank you for being a part of the Secret CISO community. Stay safe, stay informed, and we'll see you in the next edition!