Welcome to today's edition of Secret CISO, where we unravel the tangled web of cybersecurity incidents and innovations shaping our digital landscape. In this issue, we delve into a series of alarming data breaches that have rocked various sectors, from healthcare to law enforcement, exposing vulnerabilities and sparking urgent investigations.

First, we explore the breach at Gulshan Management Services in Texas, where personal data has been compromised, followed by ManageMyHealth's unsettling loss of medical records, raising critical questions about the security of sensitive health information. Meanwhile, Flock Safety's breach has exposed police camera feeds, highlighting the risks of unauthorized surveillance access.

In the corporate realm, CRRC MA faces the theft of valuable designs, underscoring the ongoing battle to protect intellectual property from cybercriminals. Leidos QTC Health Commercial Services also grapples with a breach affecting personal and health data, prompting a thorough investigation into its impact.

On the research front, tensions rise in France as security clampdowns on researchers ignite debates over academic freedom, while the U.S. government intensifies efforts to attract researchers aligned with global priorities. GenDigital's latest findings on the AuraStealer infostealer remind us of the ever-evolving cyber threat landscape.

In the realm of vulnerabilities, we uncover critical flaws such as CVE-2026-21876 in the OWASP core rule set, which could allow attackers to bypass security measures, and CVE-2026-22028 in Preact, posing risks of HTML injection. These vulnerabilities emphasize the need for constant vigilance and timely patching to safeguard systems.

Join us as we navigate these pressing issues, offering insights and strategies to fortify your defenses in an increasingly complex digital world. Stay informed, stay secure.

Data Breaches

1. Gulshan Management Services Data Breach: Gulshan Management Services, based in Sugar Land, Texas, has reported a data breach that potentially exposed personal information of numerous individuals. The breach is currently under investigation, and affected parties are being notified about the potential risks to their data. Source: GlobeNewswire
2. ManageMyHealth Data Breach: ManageMyHealth has suffered a data breach that compromised the health records of its users. Affected individuals are facing challenges as their medical records have vanished from the portal, raising concerns about the security of sensitive health information. Source: NZ Herald
3. Flock Safety Data Breach: Flock Safety confirmed a data breach that exposed live police camera feeds to unauthorized access. Although the company claims only a small number of cameras were affected, the breach allowed outsiders to view and potentially manipulate police surveillance footage. Source: WPTV
4. Leidos QTC Health Commercial Services Data Breach: Leidos has reported a data breach involving sensitive personal and health information of an undetermined number of individuals. The breach is under investigation, and the company is working to assess the full impact on affected parties. Source: Strauss Borrelli PLLC
5. CRRC Data Breach: Hackers have reportedly accessed designs and blueprints from CRRC MA, one of 50 global companies affected by a data breach. The breach highlights vulnerabilities in protecting intellectual property and sensitive corporate data from cybercriminals. Source: MassLive

Security Research

1. France Security Clampdown on Researchers Sparks Backlash Over Academic Freedom: French research organizations are protesting against increased oversight by security services, arguing it threatens academic freedom. This move has sparked significant backlash within the academic community, highlighting the tension between national security and research autonomy. Source: Intelligence Online.
2. The Federal Government is “Doubling Down” on Attracting Researchers - Are You Ready?: The federal government is intensifying efforts to attract researchers, with a focus on integrating the UN's Sustainable Development Goals into funded projects. This initiative underscores the importance of research security and the strategic alignment of research with global priorities. Source: C Wilson.
3. GenDigital Research Exposes AuraStealer Infostealer Tactics: GenDigital's research has uncovered the tactics of the AuraStealer infostealer, emphasizing the continuous need for robust network security measures. This research provides insights into protecting organizations from evolving cyber threats. Source: eSecurity Planet.
4. Engineering without Borders: ASU Deepens Technology Collaborations in South Korea: Arizona State University is expanding its technology collaborations with South Korea, focusing on cybersecurity and vehicle systems security. This partnership highlights the global nature of research and the importance of cross-border collaborations in advancing security technologies. Source: ASU News.
5. Anthropological Perspective Assists USF Cybersecurity Researcher in Addressing SOC Burnout: A USF cybersecurity researcher is using an anthropological approach to address burnout in Security Operations Centers (SOCs). This innovative perspective aims to provide meaningful contributions to the field of security by understanding the human factors involved. Source: USF News.

Top CVEs

1. CVE-2026-21876: The OWASP core rule set (CRS) has a bug in rule 922110 when processing multipart requests with multiple parts. This flaw can lead to missing malicious charsets in earlier parts if a later part has a legitimate charset, potentially allowing attackers to bypass security measures. Versions 4.22.0 and 3.3.8 have patched this issue. Source: vulners.com
2. CVE-2025-59470: This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter. This can potentially lead to unauthorized access and control over the database. Source: vulners.com
3. CVE-2025-59469: This vulnerability allows a Backup or Tape Operator to write files as root, which could lead to unauthorized file modifications and potential system compromise. Source: vulners.com
4. CVE-2025-66002: An 'Argument Injection' vulnerability allows local users to perform arbitrary unmounts via the smb4k mount helper. This could disrupt system operations and lead to unauthorized access to file systems. Source: vulners.com
5. CVE-2026-22028: A regression in Preact 10.26.5 softened JSON serialization protection, potentially allowing HTML injection and arbitrary script execution. This vulnerability affects applications that pass unsanitized JSON payloads directly into the render tree. Versions 10.26.10, 10.27.3, and 10.28.2 have patched the issue. Source: vulners.com

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is as dynamic and challenging as ever. From data breaches affecting personal and corporate information to vulnerabilities that could compromise system integrity, the need for vigilance and proactive measures is paramount. The stories we've shared today underscore the importance of staying informed and prepared in the face of evolving cyber threats.

In addition to these pressing security concerns, we also touched on the broader implications of security in the academic and research sectors. The balance between national security and academic freedom, as well as the strategic alignment of research with global priorities, are crucial discussions that impact the future of innovation and collaboration.

We hope you found today's insights valuable and thought-provoking. If you did, please consider sharing this newsletter with your friends and colleagues. By spreading awareness, we can collectively strengthen our defenses and foster a more secure digital environment for everyone.

Thank you for being a part of the Secret CISO community. Stay safe, stay informed, and we'll see you in the next edition!