Welcome to today's edition of Secret CISO, where we unravel the tangled web of cybersecurity breaches and vulnerabilities that have surfaced across various sectors. As we step into the new year, the landscape of digital threats continues to evolve, demanding our unwavering attention and proactive measures.

Our journey begins with a series of alarming data breaches, starting with the Illinois Department of Human Services, where nearly 700,000 Medicaid and Medicare recipients find their personal information exposed. This breach echoes through the corridors of a Pennsylvania law firm, where veterans' sensitive data is at risk, and extends to the telecommunications giant Brightspeed, grappling with a breach affecting over a million customers. Meanwhile, VeraBank and Designs For Vision, Inc. are under scrutiny for their own data security lapses, highlighting the urgent need for fortified defenses.

In the realm of vulnerabilities, the n8n automation platform emerges as a focal point, with critical flaws threatening enterprise systems. The specter of AI manipulation looms large as IBM's AI agent Bob falls prey to malicious code execution. Meanwhile, North Korean threat actors innovate with QR code malware, and malicious NPM packages deliver the insidious NodeCordRAT, underscoring the relentless creativity of cyber adversaries.

Our exploration concludes with a deep dive into the latest CVEs, where vulnerabilities in Google Chrome, n8n, and other platforms reveal the persistent risks lurking in our digital infrastructure. These revelations serve as a stark reminder of the importance of vigilance and timely updates to safeguard our systems.

Join us as we navigate these complex narratives, unraveling the threads of cybersecurity challenges and opportunities that define our digital age. Stay informed, stay secure.

Data Breaches

1. IDHS Data Breach: The Illinois Department of Human Services (IDHS) reported a significant data breach affecting nearly 700,000 Medicaid and Medicare savings program recipients. The breach exposed sensitive personal information, raising concerns about the security of government-managed health data. The incident has prompted calls for enhanced cybersecurity measures to protect vulnerable populations. Source: YouTube
2. Vets Allege Firm's Data Breach Jeopardizes Private Info: A Pennsylvania law firm specializing in veterans' Social Security and VA disability claims is facing a proposed class action lawsuit. The suit alleges that a data breach in November compromised sensitive personal information of veterans, potentially exposing them to identity theft and fraud. The legal proceedings highlight the critical need for robust data protection measures in firms handling sensitive client information. Source: Law360 Pulse
3. Designs For Vision Data Breach Investigation: Designs For Vision, Inc. is under investigation by Strauss Borrelli PLLC for a recent data breach. The breach has raised concerns about the security of sensitive customer data and the potential for misuse. The investigation aims to determine the extent of the breach and the adequacy of the company's data protection measures. Source: Strauss Borrelli PLLC
4. Brightspeed Data Breach: Brightspeed is investigating claims that the Crimson Collective stole data from over one million customers. The breach allegedly involves the theft of sensitive customer information, prompting an urgent review of the company's cybersecurity protocols. The incident underscores the ongoing threat of cyberattacks in the telecommunications sector. Source: eSecurity Planet
5. VeraBank Data Breach: VeraBank has reported a data breach impacting 37,000 customers, with exposed information including Social Security Numbers. The breach has led to a class action investigation, as affected individuals seek compensation for potential damages. This incident highlights the importance of stringent data security measures in the banking industry to protect customer information. Source: Class Action

Security Research

1. Greenland and Arctic Security: Separating Fact from Fiction - FPRI Events: This research delves into the geopolitical and security dynamics of the Arctic region, emphasizing the strategic importance of Greenland. It separates myths from realities, providing insights into the security challenges and opportunities in the Arctic. Source: FPRI.
2. Researchers rush to warn defenders of max-severity defect in n8n | CyberScoop: A critical vulnerability in the n8n automation platform has been identified, posing a significant risk to enterprise systems. The flaw allows attackers to potentially take over entire systems, highlighting the urgent need for patching and security measures. Source: CyberScoop.
3. IBM's AI agent Bob easily duped to run malware, researchers show - The Register: IBM's AI coding assistant, Bob, has been shown to be vulnerable to manipulation, allowing it to execute malicious code. This raises concerns about the security of AI-driven development tools and the potential for exploitation. Source: The Register.
4. North Korean Threat Actor Spreads Malware via QR Codes - KnowBe4 blog: North Korean threat actors are using QR codes to distribute malware, targeting users by impersonating delivery services. This method highlights the evolving tactics of cybercriminals and the need for vigilance in scanning QR codes. Source: KnowBe4.
5. Malicious NPM Packages Deliver NodeCordRAT | ThreatLabz - Zscaler: Malicious packages in the NPM ecosystem have been discovered delivering the NodeCordRAT malware. This attack vector underscores the importance of scrutinizing third-party packages and maintaining robust supply chain security. Source: Zscaler.

Top CVEs

1. CVE-2026-0628: Insufficient policy enforcement in the WebView tag of Google Chrome versions prior to 143.0.7499.192 allows attackers to inject scripts or HTML into a privileged page via a crafted Chrome Extension. This vulnerability could be exploited by convincing a user to install a malicious extension, posing a significant security risk. Source: Vulners.
2. CVE-2026-21877: An authenticated attacker can execute malicious code using the n8n service in versions 0.121.2 and below. This vulnerability affects both self-hosted and n8n Cloud instances, potentially leading to a full system compromise. Upgrading to version 1.121.3 is recommended to mitigate this risk. Source: Vulners.
3. CVE-2025-68637: The Uniffle HTTP client is vulnerable due to its default configuration, which trusts all SSL certificates and disables hostname verification. This exposes REST API communications to potential Man-in-the-Middle attacks. Users should upgrade to version 0.10.0 to address this issue. Source: Vulners.
4. CVE-2026-21858: Versions of n8n below 1.121.0 allow attackers to access files on the server through certain form-based workflows. This vulnerability could expose sensitive information and enable further system compromise. The issue is resolved in version 1.121.0. Source: Vulners.
5. CVE-2025-47552: A deserialization vulnerability in Digital Zoom Studio's DZS Video Gallery allows object injection, affecting versions up to 12.37. This flaw could be exploited to execute arbitrary code, posing a significant security threat. Source: Vulners.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is fraught with challenges and opportunities. From the alarming data breaches affecting government agencies and private firms to the evolving tactics of cybercriminals, the need for robust cybersecurity measures has never been more critical. Each story we covered today underscores the importance of vigilance, innovation, and collaboration in safeguarding our digital world.

Whether it's the strategic importance of the Arctic, the vulnerabilities in popular platforms like n8n and Google Chrome, or the sophisticated methods employed by threat actors, staying informed is our best defense. As cybersecurity professionals, sharing knowledge and insights with our peers is crucial in building a resilient community.

If you found today's newsletter insightful, please consider sharing it with your friends and colleagues. Together, we can foster a culture of awareness and preparedness, ensuring that we are all better equipped to face the challenges ahead.

Thank you for being a part of the Secret CISO community. Stay safe, stay informed, and we'll see you in the next edition!