Welcome to today's edition of Secret CISO, where we delve into the latest cybersecurity challenges and breakthroughs. In a world where data breaches and vulnerabilities are becoming alarmingly frequent, today's stories paint a vivid picture of the current landscape.

We begin with the Ingram Micro ransomware attack, which has compromised the data of over 42,000 individuals, underscoring the persistent threat of ransomware to large enterprises. Meanwhile, Monroe University and Central Maine Healthcare are grappling with their own data breaches, highlighting vulnerabilities in both educational and healthcare sectors.

In a significant legal development, American Addiction Centers has reached a $2.75 million settlement following a data breach, illustrating the financial repercussions organizations face in the wake of such incidents. Similarly, Daniel H. Cook Associates is dealing with the aftermath of a breach affecting 36,000 individuals, leading to legal actions.

On the technological front, a16z Crypto's Daejun Park advocates for a shift in DeFi security approaches, while Flare Research warns of phishing kits evolving into SaaS platforms, posing new challenges for cybersecurity defenses. Additionally, Anthropic's Claude Cowork faces scrutiny over a vulnerability that could lead to unauthorized data access.

We also uncover the emergence of PDFSIDER malware, designed for stealthy, long-term system access, and Operation Poseidon, a spear-phishing campaign exploiting Google Ads to distribute EndRAT malware, bypassing traditional security measures.

Finally, we explore critical vulnerabilities, including CVE-2026-0899 in Google Chrome and CVE-2026-23944 in Arcane, emphasizing the importance of timely patches and updates to safeguard against potential exploits.

Stay informed and vigilant as we navigate these complex security challenges together.

Data Breaches

1. Ingram Micro Ransomware Attack Affects 42,000 People: Ingram Micro, a major information technology company, suffered a ransomware attack in July 2025, leading to a data breach that impacted over 42,000 individuals. The breach exposed sensitive information, highlighting the ongoing threat of ransomware to large enterprises. Source: Bleeping Computer.
2. Monroe University Data Breach Alert: Monroe University in New Rochelle, New York, announced a data breach that potentially compromised the personal information of its community members. The breach has prompted the university to issue alerts and take measures to protect affected individuals. Source: GlobeNewswire.
3. Central Maine Healthcare Data Breach Exposes Personal Information: Central Maine Healthcare experienced a data breach that exposed personal information, leading to legal investigations by Murphy Law Firm. The breach underscores the vulnerabilities in healthcare data security and the potential legal ramifications. Source: GlobeNewswire.
4. Daniel H. Cook Associates Data Breach Impacts 36K: A data breach at Daniel H. Cook Associates affected 36,000 individuals, exposing their personal information. The breach has led to legal actions, with affected parties being informed of their rights and options. Source: Class Action Lawsuits.
5. American Addiction Centers Data Breach Settlement: American Addiction Centers reached a $2.75 million settlement following a data breach that compromised personal information. The settlement aims to compensate affected individuals and highlights the financial impact of data breaches on organizations. Source: Top Class Actions.

Security Research

1. Shift in DeFi Security Approach Advocated by a16z Researcher: A senior security researcher at a16z Crypto, Daejun Park, has proposed a paradigm shift in DeFi protocols from 'code as law' to 'specification as law.' This approach aims to enhance security by focusing on clear specifications rather than relying solely on code, potentially reducing vulnerabilities and increasing trust in DeFi systems. Source: Binance.
2. Phishing Kits Now Operate Like SaaS Platforms: Flare Research has revealed that phishing kits are evolving to function like Software-as-a-Service (SaaS) platforms. This development allows cybercriminals to offer phishing services with ease, making it crucial for organizations to adopt phishing-resistant authentication methods, such as FIDO2 security keys, to protect high-risk users and critical systems. Source: eSecurity Planet.
3. Anthropic's Cowork Shipped With Known Vulnerability: Security researchers have demonstrated how Anthropic's new Claude Cowork productivity agent can be manipulated to steal user files and upload them without consent. This vulnerability highlights the importance of thorough security testing before deploying new technologies in sensitive environments. Source: GovInfoSecurity.
4. PDFSIDER Malware Uncovered: Researchers have identified a new malware strain named PDFSIDER, designed for covert, long-term access to compromised systems. This malware employs anti-VM checks and hidden persistence mechanisms, making it a significant threat to organizational security. Source: Infosecurity Magazine.
5. New Spear-Phishing Campaign Abuses Google Ads to Deliver EndRAT Malware: Security researchers have documented Operation Poseidon, a sophisticated spear-phishing campaign that exploits Google Ads to distribute the EndRAT malware. This campaign bypasses traditional security controls and URL reputation systems, emphasizing the need for advanced threat detection measures. Source: CyberPress.

Top CVEs

1. CVE-2026-0899: Out of bounds memory access in V8 in Google Chrome prior to version 144.0.7559.59 allows a remote attacker to potentially exploit object corruption via a crafted HTML page. This vulnerability has been rated with high severity by the Chromium security team. Source.
2. CVE-2026-23944: Arcane, a Docker management interface, had a vulnerability in versions prior to 1.13.2 where unauthenticated requests could be proxied to remote environment agents. This allowed unauthorized access to remote environment resources, potentially leading to data exposure and unauthorized changes. The issue has been patched in version 1.13.2. Source.
3. CVE-2026-23838: Tandoor Recipes, a recipe manager, had a vulnerability in versions 23.05 to 26.05 where the full database file could be externally accessible due to default configurations. This issue has been addressed in NixOS 26.05, with recommended workarounds for older versions. Source.
4. CVE-2026-23876: ImageMagick, a digital image editing software, had a heap buffer overflow vulnerability in its XBM image decoder. This could be exploited via maliciously crafted image files, affecting versions prior to 7.1.2-13 and 6.9.13-38. The issue has been fixed in these versions. Source.
5. CVE-2026-23947: Orval, a tool for generating type-safe JS clients, had a vulnerability in versions 7.10.0 to 8.0.2 that allowed arbitrary code execution via untrusted OpenAPI specifications. The issue has been fixed in version 8.0.2. Source.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is as dynamic as ever, with new challenges and developments emerging daily. From the unsettling ransomware attack on Ingram Micro affecting thousands, to the evolving threats in the DeFi and SaaS spaces, staying informed is crucial for safeguarding our digital environments.

We've also seen how vulnerabilities, like those in Google Chrome and Docker management interfaces, can pose significant risks if left unpatched. It's a reminder of the importance of proactive security measures and the need for constant vigilance in our cybersecurity practices.

In this ever-evolving field, sharing knowledge is key. If you found today's insights valuable, please consider sharing this newsletter with your friends and colleagues. Together, we can build a more secure digital world, one informed decision at a time.

Thank you for being part of our community. Stay safe, stay informed, and see you in the next edition of Secret CISO!