Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity challenges and triumphs. In this issue, we delve into a series of alarming data breaches that have rocked various sectors, from tech companies in Florida to the healthcare industry in Beverly Hills. These incidents underscore the critical need for timely notifications and robust data protection measures.

Meanwhile, a massive breach at Proton has exposed 300 million credentials, reminding us of the ever-present vulnerabilities in data security. In the telecom sector, Ribbon Communications faces a sophisticated cyberattack, suspected to be the work of nation-state actors, highlighting the ongoing threats to sensitive data.

On the legal front, Goglia Nutrition's data breach has sparked an investigation, emphasizing the financial and legal repercussions of such incidents. In the realm of cyber espionage, new malware named Airstalk is making waves, posing significant risks through covert command-and-control channels.

As we navigate these threats, we also explore the hidden dangers lurking in GitHub repositories, where obfuscated malicious code challenges developers. In the UK, organizations lag behind in adopting Zero Trust models, leaving them vulnerable to AI-driven threats.

Finally, we spotlight the latest vulnerabilities, from DLL hijacking in Trimble SketchUp to remote code execution in Microsoft Edge, urging users to stay vigilant and update their systems. Join us as we uncover these stories and more, equipping you with the insights needed to fortify your defenses in an ever-evolving digital landscape.

Data Breaches

1. Tech Co. Employees Bring Florida Suit Over Data Breach: Employees of a tech company in Florida have filed a lawsuit, claiming they were not informed about a data breach that compromised their personal information. The case highlights the importance of timely notifications in data breach incidents. Source: Law360.
2. Beverly Hills Oncology Reports 5-Day Data Breach: Beverly Hills Oncology experienced a data breach that lasted five days, exposing sensitive information of patients and staff, including Social Security numbers and medical details. The breach underscores the critical need for robust data protection measures in healthcare. Source: Claim Depot.
3. Proton Exposes 300 Million Stolen Credentials — 49% Include Passwords: A massive data breach at Proton has resulted in the exposure of 300 million stolen credentials, with nearly half including passwords. This incident serves as a stark reminder of the vulnerabilities in data security and the importance of strong password management. Source: Forbes.
4. Ribbon Communications Breach Marks Latest Telecom Attack: Ribbon Communications has fallen victim to a cyberattack, suspected to be orchestrated by nation-state actors. The breach, which began in December, raises concerns about the security of sensitive data within the telecom sector. Source: Dark Reading.
5. Goglia Nutrition Data Breach Lawsuit Investigation: A data breach at Goglia Nutrition has prompted an investigation and potential lawsuit, as affected individuals may be entitled to compensation. This incident highlights the legal implications and financial consequences of data breaches. Source: Claim Depot.

Security Research

1. Nation-State Hackers Deploy New Airstalk Malware in Suspected Supply Chain Attack: Security researchers Kristopher Russo and Chema Garcia have identified a new malware strain named Airstalk, believed to be used by nation-state hackers in a supply chain attack. The malware leverages APIs to establish covert command-and-control (C2) channels, posing significant risks to targeted organizations. Source.
2. The Return of the Invisible Threat: Hidden PUA Unicode Hits GitHub Repositories: Security researcher Charlie Eriksen from Aikido Security has uncovered a new threat involving hidden PUA Unicode characters in GitHub repositories. These characters can be used to obfuscate malicious code, making it difficult for developers to detect and mitigate potential security risks. Source.
3. UK Organisations Trail Global Peers on Zero Trust Adoption, Research Finds: A study by Keeper Security reveals that UK organizations are lagging behind their global counterparts in adopting Zero Trust security models. Only 12% of UK respondents reported being fully prepared to handle AI-driven threats, highlighting a significant gap in cybersecurity readiness. Source.
4. Berkeley Risk and Security Lab Launches Research Tracking US-China AI Race: The Berkeley Risk and Security Lab has initiated a research project to map the development of artificial intelligence in the US and China. This project aims to provide insights into the competitive dynamics and security implications of AI advancements between these two global powers. Source.
5. Security Bite: Beware Sketchy ChatGPT-Clones Slipping Back into App Store Charts: Security researcher Alex Kleber has identified misleading AI chatbots impersonating OpenAI's branding that have resurfaced in App Store charts. These clones pose a risk to users by potentially collecting sensitive information under the guise of legitimate applications. Source.

Top CVEs

1. CVE-2025-30189: When cache is enabled, some passdb/userdb drivers incorrectly cache all users with the same cache key, leading to the use of wrong cached information for these users. After a cached login, all subsequent logins are for the same user. The recommended solution is to install a fixed version or disable caching either globally or for the impacted passdb/userdb drivers. No publicly available exploits are known. Source: Vulners.
2. CVE-2025-60749: A DLL Hijacking vulnerability in Trimble SketchUp desktop 2025 is exploitable via a crafted libcef.dll. This vulnerability allows attackers to execute arbitrary code by tricking the application into loading a malicious DLL. Users are advised to apply patches or updates provided by the vendor to mitigate this risk. Source: Vulners.
3. CVE-2025-60711: A protection mechanism failure in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code remotely. This vulnerability poses a significant risk as it can be exploited to gain control over a user's system. Users should ensure their browsers are updated to the latest version to protect against this threat. Source: Vulners.
4. CVE-2025-59501: An authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent network. This vulnerability can be exploited to impersonate users and gain unauthorized access to sensitive information. It is crucial to apply the latest security updates to mitigate this vulnerability. Source: Vulners.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is fraught with challenges and opportunities. From the legal battles over data breaches in Florida to the alarming exposure of credentials at Proton, each story serves as a crucial reminder of the importance of vigilance and proactive measures in cybersecurity.

The healthcare sector's vulnerabilities, highlighted by the Beverly Hills Oncology breach, and the telecom industry's ongoing struggles, as seen with Ribbon Communications, underscore the need for robust defenses across all industries. Meanwhile, the emergence of new threats like Airstalk malware and hidden PUA Unicode characters in GitHub repositories remind us that innovation in attack strategies is relentless.

As organizations worldwide strive to adopt Zero Trust models, the UK finds itself trailing behind, emphasizing the urgency for a global shift in security paradigms. The Berkeley Risk and Security Lab's research on the US-China AI race further illustrates the geopolitical dimensions of technological advancements.

In the realm of vulnerabilities, the recent CVEs highlight the critical need for timely updates and patches to safeguard systems against exploitation. Whether it's DLL hijacking in Trimble SketchUp or authentication bypass in Microsoft Configuration Manager, staying informed and prepared is key.

We hope today's insights have been valuable to you. If you found this newsletter informative, please share it with your friends and colleagues. Together, we can foster a more secure digital world. Until next time, stay safe and vigilant!