Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity challenges and breakthroughs. As we dive into the latest developments, a common thread emerges: the relentless pursuit of securing sensitive data amidst evolving threats.

AT&T is on the brink of settling a massive data breach case, shedding light on the vulnerabilities that left nearly 100 million customers exposed. Meanwhile, Montana Blue Cross-Blue Shield finds itself in a legal tussle, claiming undue scrutiny over its own data breach. Across the nation, Minnesota's MnCHOICES program grapples with a breach affecting 300,000 individuals, raising alarms about healthcare data security.

In the realm of proactive defense, Bitsight's research on cyber risks in 2026 emphasizes the need for AI-driven tools to preemptively tackle emerging threats. Fireblocks Security Research uncovers a sophisticated impersonation scam, highlighting the cunning tactics of cybercriminals targeting tech workers.

As we explore the vulnerabilities of IoT devices in smart homes, Anna Maria Mandalari's insights remind us of the pressing need for robust security measures. Meanwhile, Eaton Zveare's ThreatsDay Bulletin alerts us to a spectrum of emerging threats, from zero-click vulnerabilities to remote code execution exploits.

On the technical front, critical vulnerabilities such as the GNU InetUtils telnetd flaw and CVE-2025-22234's timing attack issue underscore the importance of timely patching and vigilant vulnerability management. As we navigate these challenges, the message is clear: staying informed and proactive is key to safeguarding our digital future.

Data Breaches

1. AT&T Data Breach Settlement Nearing Approval: AT&T is close to finalizing a settlement for a data breach that exposed customers' Social Security numbers, addresses, and banking information. The breach affected nearly 100 million customers, and the settlement process is revealing how many have filed claims. Source.
2. Montana BCBS Claims Insurance Commissioner Targeting It Due to Data Breach: Montana Blue Cross-Blue Shield is under scrutiny for a data breach, claiming that the insurance commissioner is unfairly targeting them. The breach has led to a contested hearing, highlighting the ongoing challenges in data security for healthcare providers. Source.
3. Minnesota Health Program Faces Data Breach Affecting 300,000: The MnCHOICES program in Minnesota has experienced a data breach impacting 300,000 individuals. The breach has raised concerns about the security of health data and the steps needed to protect affected individuals. Source.
4. Mendocino Community Health Clinic Data Breach Investigation: Strauss Borrelli PLLC is investigating a data breach at Mendocino Community Health Clinic. The breach highlights the vulnerabilities in healthcare data systems and the legal implications for affected organizations. Source.
5. Manage My Health Data Breach: Fraudsters Attempting to Contact Customers: Manage My Health has reported a data breach where fraudsters are attempting to contact customers. This incident underscores the importance of vigilance and proactive measures to protect personal information from cybercriminals. Source.

Security Research

1. Cyber Risk in 2026: From Today's Pressures to Tomorrow's Threats: This research by Bitsight delves into the evolving landscape of cyber risks anticipated in 2026. It highlights the integration of AI and real-time discovery tools to identify vulnerabilities and manage cyber threats effectively. The study emphasizes the importance of proactive measures to mitigate future cyber risks. Source: Bitsight.
2. Disrupting a Recruiting Impersonation Scam: Anatomy of Operation Contagious Interview: Fireblocks Security Research uncovers a sophisticated recruiting impersonation scam targeting tech workers. The scam mimics legitimate recruitment processes, posing significant risks to personal and organizational security. This research provides insights into the operation's anatomy and offers strategies to protect against such threats. Source: Fireblocks.
3. Smart Homes to Smart Risks: Understanding IoT Security and Privacy: Anna Maria Mandalari explores the cybersecurity challenges associated with IoT devices in smart homes. The research highlights the vulnerabilities these devices introduce and the need for robust security measures to protect user privacy and data integrity. Source: Royal Institution.
4. ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories: This bulletin by Eaton Zveare provides an overview of various emerging threats, including zero-click vulnerabilities and remote code execution exploits. It underscores the importance of staying informed about the latest security threats to enhance organizational defenses. Source: The Hacker News.
5. Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access: Security researcher Kyu Neushwaistein identifies a critical flaw in GNU InetUtils telnetd that allows attackers to bypass login mechanisms and gain root access. This discovery underscores the importance of timely patching and vulnerability management to prevent unauthorized access. Source: The Hacker News.

Top CVEs

1. CVE-2025-22234: The fix applied in CVE-2025-22228 inadvertently broke the timing attack mitigation implemented in DaoAuthenticationProvider. This can allow attackers to infer valid usernames or other authentication behavior via response-time differences under certain configurations. Source.
2. CVE-2025-3839: A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit vulnerabilities within those handlers, making them appear remotely exploitable. The browser fails to properly warn or gate this action, resulting in potential code execution on the client device via trusted UI behavior. Source.
3. CVE-2025-32057: The Infotainment ECU manufactured by Bosch, installed in Nissan Leaf ZE1 – 2020, uses a Redbend service for over-the-air provisioning and updates. Due to the usage of the default configuration for the underlying SSL engine, the server root certificate is not verified. An attacker may impersonate a Redbend backend server using a self-signed certificate. Source.
4. CVE-2025-67847: A flaw was found in Moodle, where an attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of restore input, leading to unintended interpretation by core restore routines. Successful exploitation could result in a full compromise of the Moodle application. Source.
5. CVE-2025-11002: 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. The specific flaw exists within the handling of symbolic links in ZIP files, which can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. Source.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is fraught with challenges and opportunities. From the massive data breaches affecting millions to the evolving cyber threats of tomorrow, staying informed is more crucial than ever. Whether it's the legal battles faced by companies like AT&T and Montana BCBS, or the sophisticated scams targeting tech workers, each story underscores the importance of vigilance and proactive security measures.

As we look to the future, the integration of AI and real-time discovery tools offers hope in managing these threats. But with new vulnerabilities emerging, like those in IoT devices and critical software flaws, the journey to secure our digital world is ongoing. The insights shared today, from the anatomy of scams to the latest CVEs, are tools in our collective arsenal against cyber threats.

If you found this newsletter insightful, consider sharing it with your friends and colleagues. Together, we can build a community that's informed and prepared to tackle the challenges of cybersecurity. Stay safe, stay informed, and see you in the next edition of Secret CISO.