Welcome to today's edition of Secret CISO, where we unravel the tangled web of cybersecurity breaches and vulnerabilities that have shaken the digital world. On this Veterans Day, as we honor those who have served, we also turn our attention to the battles being fought in cyberspace.

Hyundai finds itself in the spotlight with a massive data breach affecting 2.7 million Social Security numbers, raising alarms about the automotive industry's cybersecurity defenses. Meanwhile, Conduent's breach has left 10 million individuals, including many Texans, exposed, underscoring the widespread impact of such incidents.

In Montana, the Insurance Commissioner is turning to AI to help navigate the aftermath of a breach affecting over 460,000 residents, illustrating the growing role of technology in damage control. Similarly, CarePro Health Services faces the financial consequences of a breach with a $1.3 million settlement, highlighting the legal repercussions in the healthcare sector.

On the threat landscape, Konni hackers have weaponized Google's Find Hub, while GlassWorm resurfaces to target VS Code extensions, reminding us of the relentless evolution of cyber threats. Military experts warn of vulnerabilities in AI chatbots, including ChatGPT Atlas, that could sow chaos, while a critical flaw in the JavaScript library expr-eval poses severe risks to applications.

Security concerns extend to Docker containers, with multiple vulnerabilities identified, and Milvus, Triofox, and Google Chrome facing their own security challenges. These vulnerabilities highlight the urgent need for continuous vigilance and updates to safeguard our digital environments.

Stay informed and stay secure with Secret CISO, where we bring you the latest insights and analysis from the frontlines of cybersecurity.

Data Breaches

1. Hyundai Data Breach Exposes 2.7 Million Social Security Numbers: Hyundai has alerted millions of customers about a significant data breach that exposed sensitive information, including Social Security numbers and driver's licenses. This breach has raised concerns about the company's cybersecurity measures and the potential risks to affected individuals. Source: Forbes
2. Massive Data Breach Exposed 10 Million Nationwide, Including Texans: A data breach at Conduent, a company with ties to Texas, has compromised the personal information of over 10 million individuals. This incident highlights the ongoing challenges in protecting sensitive data and the widespread impact such breaches can have. Source: Chron
3. Montana Insurance Commissioner Adds AI Tool to Help Customers Navigate Data Breach: In response to a data breach that may have exposed the financial and health information of more than 460,000 Montanans, the Montana Insurance Commissioner has introduced an AI tool to assist affected customers. This move underscores the importance of leveraging technology to mitigate the effects of data breaches. Source: News from the States
4. Hyundai, Kia, And Genesis Suffer Massive Customer Data Breach: Despite assurances from the automotive industry about prioritizing cybersecurity, Hyundai, Kia, and Genesis have experienced a significant data breach affecting customer information. This incident raises questions about the effectiveness of current cybersecurity practices in the automotive sector. Source: The Truth About Cars
5. $1.3M CarePro Health Services Data Breach Class Action Settlement: CarePro Health Services has reached a $1.3 million settlement following a data breach that compromised unencrypted personal information of patients. The settlement includes cash and credit monitoring for those affected, highlighting the legal and financial repercussions of data breaches in the healthcare sector. Source: Top Class Actions

Security Research

1. Konni Hackers Turn Google's Find Hub into a Remote Data-Wiping Weapon: Security researchers have identified a new malware, EndRAT, which is being used by Konni hackers to exploit Google's Find Hub. This malware allows attackers to remotely wipe data, posing a significant threat to data integrity and security. The discovery highlights the ongoing evolution of cyber threats and the need for robust security measures. Source: The Hacker News.
2. GlassWorm Returns, Slices Back into VS Code Extensions: GlassWorm, a notorious malware, has resurfaced, targeting Visual Studio Code extensions. Security researchers gained insights into the attacker's infrastructure, revealing sophisticated techniques used to infiltrate developer environments. This resurgence underscores the importance of securing development tools against advanced threats. Source: Dark Reading.
3. Military Experts Warn Security Hole in Most AI Chatbots Can Sow Chaos: A significant security vulnerability has been identified in AI chatbots, including OpenAI's ChatGPT Atlas. This flaw allows for prompt injection attacks, which can manipulate chatbot responses, potentially leading to misinformation and chaos. The discovery calls for urgent attention to AI security protocols. Source: Defense News.
4. Popular JavaScript Library expr-eval Vulnerable to RCE Flaw: A critical remote code execution (RCE) vulnerability has been discovered in the popular JavaScript library expr-eval, tracked as CVE-2025-12735. This flaw could allow attackers to execute arbitrary code, posing a severe risk to applications using the library. Developers are urged to update to the latest version to mitigate this threat. Source: Bleeping Computer.
5. Some Docker Containers May Not Be as Secure as They Like, Experts Warn: Security researchers have identified multiple vulnerabilities in Docker containers, including CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881. These flaws could compromise container security, highlighting the need for continuous monitoring and patching of containerized environments. Source: TechRadar.

Top CVEs

1. Milvus Authentication Bypass Vulnerability (CVE-2025-64513): An unauthenticated attacker can exploit a vulnerability in Milvus versions prior to 2.4.24, 2.5.21, and 2.6.5 to bypass all authentication mechanisms in the Milvus Proxy component. This grants full administrative access to the Milvus cluster, allowing the attacker to read, modify, or delete data, and perform privileged operations. The issue is fixed in the latest versions, and a temporary mitigation involves removing the sourceID header from incoming requests. Source: Vulners.
2. Triofox Improper Access Control (CVE-2025-12480): Triofox versions prior to 16.7.10368.56560 are vulnerable to an improper access control flaw. This allows unauthorized access to initial setup pages even after the setup is complete, potentially exposing sensitive configuration details. Source: Vulners.
3. Google Chrome UI Spoofing Vulnerability (CVE-2025-12430): An object lifecycle issue in Media in Google Chrome versions prior to 142.0.7444.59 allows a remote attacker to perform UI spoofing via a crafted HTML page. This vulnerability could be exploited to deceive users into interacting with malicious content. Source: Vulners.
4. Google Chrome Arbitrary Read/Write Vulnerability (CVE-2025-12429): An inappropriate implementation in V8 in Google Chrome versions prior to 142.0.7444.59 allows a remote attacker to perform arbitrary read/write operations via a crafted HTML page. This could lead to unauthorized data access or modification. Source: Vulners.
5. Google Chrome Heap Corruption Vulnerability (CVE-2025-12432): A race condition in V8 in Google Chrome versions prior to 142.0.7444.59 allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could be leveraged to execute arbitrary code on the affected system. Source: Vulners.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the world of cybersecurity is as dynamic and challenging as ever. From massive data breaches affecting millions to the discovery of new vulnerabilities in popular software, the landscape is constantly evolving. These incidents remind us of the critical importance of staying informed and vigilant in our efforts to protect sensitive information.

Whether it's the automotive industry grappling with data security or the tech sector facing sophisticated malware attacks, the need for robust cybersecurity measures is undeniable. As we navigate these challenges, leveraging technology like AI tools and ensuring timely updates and patches can make a significant difference in mitigating risks.

We hope you found today's insights valuable and that they help you stay ahead in the ever-changing cybersecurity environment. If you enjoyed this newsletter, please consider sharing it with your friends and colleagues. Together, we can build a more secure digital world.

Thank you for being a part of our community. Until next time, stay safe and secure!