Welcome to today's edition of Secret CISO, where we unravel the tangled web of cybersecurity threats and vulnerabilities that have surfaced. In a world where data breaches are becoming alarmingly frequent, today's issue highlights a series of unsettling incidents that underscore the fragility of our digital defenses.

First, we delve into the ongoing investigation by Edelson Lechtzin LLP into a data breach at Decisely Insurance Services, a stark reminder of the legal ramifications that follow such incidents. Meanwhile, Discord users face a new threat as 70,000 government-ID photos have been exposed, linked to a third-party vendor's oversight.

In a shocking revelation, SonicWall's cloud backup service breach has compromised all firewall backups, raising questions about the security of cloud services. Similarly, Brightstar's breach has affected over 100,000 individuals, while Harrods grapples with a third-party vendor compromise that exposed 430,000 customer records.

On the AI front, GitHub Copilot's 'CamoLeak' vulnerability and Google's decision not to fix the Gemini ASCII smuggling attack highlight the potential risks of AI-driven tools. Meanwhile, a fake VPN app is wreaking havoc by draining bank accounts, emphasizing the need for vigilance in app downloads.

In the realm of vulnerabilities, we uncover critical flaws in popular platforms like Grafana, Better Auth, Perfex CRM, and Juniper Networks, each presenting unique challenges to cybersecurity professionals.

Stay informed and vigilant as we navigate these turbulent waters, ensuring that you remain one step ahead in the ever-evolving landscape of cybersecurity threats.

Data Breaches

1. DATA BREACH ALERT: Edelson Lechtzin LLP is Investigating
2. : Edelson Lechtzin LLP is investigating claims on behalf of Decisely Insurance Services customers whose data may have been compromised in a recent breach. The breach was discovered on or about December 17, 2024, and affected customers are encouraged to discuss their case with a lawyer. Source:
3. GlobeNewswire
4. .
5. 70,000 government-ID photos exposed in Discord user hack
6. : A data breach involving Discord has exposed 70,000 government-ID photos, leaving users vulnerable to further security risks. The breach is linked to a third-party vendor used by Discord for age-related appeals. Source:
7. NBC News
8. .
9. SonicWall: 100% of Firewall Backups Were Breached
10. : SonicWall's cloud backup service suffered a significant data breach, affecting all customers who used the service. The breach, initially disclosed last month, is more severe than first reported, compromising firewall backups. Source:
11. Dark Reading
12. .
13. Brightstar data breach affects over 100,000 people
14. : Brightstar, formerly known as IGT, experienced a data breach affecting over 100,000 individuals. The company, a tech provider for the Rhode Island lottery, has alerted the Attorney General about the incident. Source:
15. YouTube
16. .
17. Harrods Data Breach
18. : A third-party vendor compromise has led to a data breach at Harrods, exposing around 430,000 customer records, including names and contact information. The breach highlights the risks associated with third-party service providers. Source:
19. LinkedIn
20. .

Security Research

1. GitHub Copilot 'CamoLeak' AI Attack Exfiltrates Data: Security researcher Omer Mayraz from Legit Security discovered a complex vulnerability in GitHub Copilot, dubbed 'CamoLeak,' which could be exploited to exfiltrate sensitive data. The attack involved a series of intricate steps to bypass GitHub's security measures, highlighting the potential risks associated with AI-driven coding tools. Source: Dark Reading.
2. Fake VPN and Streaming App Drops Malware That Drains Your Bank Account: Security researchers have identified a malicious fake VPN and streaming app targeting Android users. This app, once installed, allows cybercriminals to take control of the victim's phone and potentially drain their bank accounts, underscoring the importance of downloading apps only from trusted sources. Source: Malwarebytes.
3. SMU Lands $2.7M Federal Grant to Test Autonomous Systems Against 'New Class' of Cyber Threats: Southern Methodist University has received a $2.7 million federal grant to enhance the resilience and safety of autonomous systems against emerging cyber threats. The research aims to identify vulnerabilities and develop robust defenses before these systems are widely deployed. Source: Dallas Innovates.
4. Google: No Fixes Slated for Gemini ASCII Smuggling Attack: Despite the discovery of a security flaw in Google's Gemini AI assistant that makes it vulnerable to ASCII smuggling attacks, Google has decided not to issue a fix. This decision raises concerns about the security of AI systems and the potential risks they pose to users. Source: SC Media.
5. Reflection AI Lands $2B at $8B Valuation to Expand Frontier AI Infrastructure and Safety Research: Reflection AI has secured $2 billion in funding to advance its AI infrastructure and safety research. The company aims to pioneer autonomous coding technologies, emphasizing the importance of responsible AI deployment and security. Source: SiliconANGLE.

Top CVEs

1. CVE-2025-11539: Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. The vulnerability arises from the lack of validation of the filePath parameter at the /render/csv endpoint, allowing attackers to save a shared object to an arbitrary location. This can be exploited if the default token is unchanged or known to the attacker, and they can access the image renderer endpoint. Affected versions range from 1.0.0 onwards. Source: vulners.com
2. CVE-2025-61928: Better Auth, a TypeScript library, has a critical authentication bypass vulnerability in versions prior to 1.3.26. Unauthenticated attackers can create or modify API keys for any user by manipulating the user ID in the request body. This allows attackers to gain complete authenticated access and perform actions as the victim user. The issue is patched in version 1.3.26. Source: vulners.com
3. CVE-2025-60375: Perfex CRM's authentication mechanism before version 3.3.1 allows attackers to bypass login credentials due to insufficient server-side validation. By sending empty username and password parameters, attackers can gain unauthorized access to user accounts, including administrative ones, without providing valid credentials. Source: vulners.com
4. CVE-2025-11198: Juniper Networks Security Director Policy Enforcer has a vulnerability that allows unauthenticated, network-based attackers to replace legitimate vSRX images with malicious ones. If a trusted user initiates deployment, the attacker’s uploaded image is delivered instead of a legitimate one. This affects all versions before 23.1R1 Hotpatch v3. Source: vulners.com
5. CVE-2025-11522: The Search & Go - Directory WordPress Theme is vulnerable to authentication bypass via account takeover in all versions up to 2.7. Insufficient user validation in the search_and_go_elated_check_facebook_user() function allows unauthenticated attackers to gain access to other users' accounts, including administrators, when Facebook login is used. Source: vulners.com

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is as dynamic as ever, with new challenges and opportunities emerging at every turn. From data breaches affecting thousands to vulnerabilities in AI systems and software, staying informed is crucial for safeguarding our digital lives.

We explored the ongoing investigations into data breaches at companies like Decisely Insurance Services and Harrods, highlighting the importance of vigilance and legal recourse for affected individuals. Meanwhile, the exposure of government-ID photos on Discord and the SonicWall firewall backup breach remind us of the persistent threats posed by third-party vendors and cloud services.

On the frontier of technology, we delved into the vulnerabilities discovered in GitHub Copilot and Google's Gemini AI, emphasizing the need for robust security measures in AI-driven tools. The malicious fake VPN app serves as a stark reminder to download apps only from trusted sources, while Southern Methodist University's federal grant underscores the importance of proactive research in autonomous systems.

In the realm of cybersecurity vulnerabilities, we covered critical CVEs affecting popular platforms like Grafana, Better Auth, and Perfex CRM, urging developers and users to apply patches and updates promptly to mitigate risks.

As we continue to navigate this complex digital world, remember that knowledge is power. If you found today's insights valuable, please share this newsletter with your friends and colleagues. Together, we can build a more secure and informed community.

Stay safe, stay informed, and see you in the next edition of Secret CISO!