Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity challenges and breakthroughs. In this issue, we delve into a series of alarming data breaches that have left both individuals and organizations grappling with the aftermath.

We begin with the shocking revelation that Covenant Health's data breach has impacted over 284,000 Mainers, a stark reminder of the vulnerabilities in healthcare data security. Meanwhile, a breach at 700 Credit has exposed the data of over 108,000 South Carolinians, highlighting the automotive sector's data management challenges.

In the realm of healthcare, Oracle Health's legacy systems have fallen victim to a breach affecting numerous hospitals, underscoring the persistent issues in securing patient information. On the corporate front, Chipotle faces legal action over a breach compromising employee privacy, while Community First Medical Center settles a $1 million lawsuit following a data compromise.

As we shift focus to technological advancements, Samsung's CES 2026 session emphasizes the critical role of trust and security in AI's future. Yet, the resurgence of a Fortinet firewall vulnerability and a malware campaign targeting Booking.com remind us of the ever-present threats in cybersecurity.

The Kimwolf botnet's exploitation of proxy networks and the NeoShadow npm supply-chain attack further illustrate the sophisticated tactics employed by cybercriminals. Lastly, we explore a series of vulnerabilities, including CVE-2023-50897 and CVE-2023-49186, which pose significant risks to web applications and user data.

Join us as we navigate these pressing issues, offering insights and strategies to fortify your defenses in an increasingly digital world.

Data Breaches

1. Covenant Health Data Breach Impacts Over 284K Mainers: Covenant Health's data breach initially thought to affect just over 4,000 Maine residents has now been revealed to impact more than 284,000 individuals. This significant increase highlights the severity and scale of the breach, raising concerns about healthcare data security. Source: News Center Maine.
2. Major Data Breach at Auto Services Firm Impacts South Carolinians: A data breach involving Michigan-based automotive services company 700 Credit has potentially affected over 108,000 South Carolinians. The breach underscores the vulnerabilities in data management within the automotive services sector. Source: YouTube.
3. 12 Health Systems Affected by Oracle Health Data Breach: Oracle Health's legacy Cerner systems experienced a data breach in 2025, compromising patient data across dozens of hospitals. This incident highlights the ongoing challenges in securing healthcare information systems. Source: Becker's Hospital Review.
4. Chipotle Hit With Worker Privacy Suit Over Data Breach: Chipotle Mexican Grill Inc. faces a lawsuit following a data breach that allowed cybercriminals to infiltrate its employees' Workday accounts. The breach raises questions about the company's data security measures and employee privacy protection. Source: Law360.
5. Community First Medical Center $1M Data Breach Settlement: Community First Medical Center has reached a $1 million settlement following a data breach that compromised individuals' data. Affected individuals may be eligible to claim up to $5,000 from the class action settlement, emphasizing the financial implications of data breaches. Source: Claim Depot.

Security Research

1. Samsung Explores How Trust, Security and Privacy Shape the Future of AI at CES 2026: Samsung's session at CES 2026 in Las Vegas brought together global experts to discuss the critical role of trust, security, and privacy in the evolution of AI technologies. The event highlighted the growing importance of these elements in fostering consumer confidence and ensuring ethical AI development. Source: Samsung Newsroom.
2. Thousands of firewalls at risk as legacy flaw in Fortinet faces renewed threat: A longstanding vulnerability in Fortinet firewalls has resurfaced, putting thousands of devices at risk. Despite being over five years old, this flaw is still being exploited by attackers, underscoring the need for organizations to prioritize patch management and security updates. Source: Cybersecurity Dive.
3. Malware Campaign Abuses Booking.com Against Hospitality Sector: Security researchers have identified a malware campaign targeting the hospitality sector by exploiting Booking.com. The campaign leverages the platform's popularity during peak travel seasons, highlighting the need for enhanced cybersecurity measures in the industry. Source: Security Boulevard.
4. 2M Devices at Risk as Kimwolf Botnet Abuses Proxy Networks: The Kimwolf botnet has compromised two million devices, using them to create a global proxy network. This development poses significant security risks, as attackers can bypass domain restrictions and conduct malicious activities undetected. Source: eSecurity Planet.
5. NeoShadow npm Supply-Chain Attack: JavaScript, MSBuild & Blockchain: The NeoShadow attack targets the npm supply chain, exploiting JavaScript and MSBuild to infiltrate blockchain projects. This sophisticated attack underscores the vulnerabilities in software supply chains and the need for robust security practices. Source: Aikido Security.

Top CVEs

1. CVE-2023-50897: Unrestricted Upload of File with Dangerous Type vulnerability in Meow Apps Media File Renamer allows the use of malicious files. This vulnerability can be exploited by attackers to upload harmful files, potentially leading to unauthorized access or data breaches. Source: Vulners.
2. CVE-2023-49186: Improper Neutralization of Input During Web Page Generation XSS vulnerability in KlbTheme Machic Core allows DOM-Based XSS. This flaw can be exploited to execute arbitrary scripts in the context of the user's browser, leading to potential data theft or session hijacking. Source: Vulners.
3. CVE-2024-30461: Improper Neutralization of Input During Web Page Generation XSS vulnerability in Tumult Inc Tumult Hype Animations allows DOM-Based XSS. Attackers can exploit this to inject malicious scripts, compromising the security of web applications using this software. Source: Vulners.
4. CVE-2024-30516: Improper Validation of Specified Quantity in Input vulnerability in SaasProject Booking Package allows accessing functionality not properly constrained by ACLs. This can lead to unauthorized access to sensitive functions, posing a significant security risk. Source: Vulners.
5. CVE-2023-52212: Cross-Site Request Forgery (CSRF) vulnerability in Automattic WP Job Manager allows attackers to perform actions on behalf of authenticated users without their consent. This can result in unauthorized changes to user data or settings. Source: Vulners.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is fraught with challenges and opportunities. From the massive data breaches affecting healthcare and automotive sectors to the evolving threats in AI and cybersecurity, the need for robust security measures has never been more critical. Each story we covered today underscores the importance of vigilance, proactive defense strategies, and the continuous adaptation to new threats.

Whether it's the alarming rise in data breaches impacting hundreds of thousands, the innovative discussions at CES 2026 on AI's future, or the persistent vulnerabilities in software and hardware systems, staying informed is your first line of defense. Knowledge empowers us to make better decisions, protect our data, and safeguard our organizations against potential threats.

If you found today's insights valuable, please consider sharing this newsletter with your friends and colleagues. Together, we can build a community that is better prepared to tackle the challenges of cybersecurity. Let's spread the word and ensure that everyone is equipped with the knowledge to stay secure in this ever-evolving digital world.

Thank you for joining us today. Stay safe, stay informed, and we'll see you in the next edition of Secret CISO!