Welcome to today's edition of Secret CISO, where we unravel the tangled web of cybersecurity incidents and vulnerabilities that are shaping the digital landscape. In this issue, we delve into a series of unsettling data breaches, from AT&T's hefty $177 million settlement to DoorDash's recurring security woes, and the alarming exposure of 1.2 million records at Doctor Alliance, LLC.

As we navigate through these breaches, we also spotlight the sophisticated tactics employed by cybercriminals, such as the 150,000 malicious packages detected by Amazon Inspector and the 4,300 fake travel sites orchestrated by Russian hackers. These incidents underscore the relentless evolution of cyber threats and the critical need for advanced detection tools.

On the vulnerability front, we explore critical flaws affecting PostgreSQL and Zoom, highlighting the potential for denial of service and privilege escalation. These vulnerabilities serve as a stark reminder of the importance of timely updates and vigilant monitoring to safeguard our digital infrastructures.

Join us as we connect the dots between these stories, revealing the broader implications for businesses and individuals alike. Stay informed, stay secure, and let's navigate the complexities of cybersecurity together.

Data Breaches

1. AT&T to Pay $177M in Data Breach Settlement: AT&T has agreed to a $177 million settlement following two significant data breaches that exposed customer information. Affected customers may be eligible for compensation up to $7,500. The settlement aims to address the financial and privacy impacts on those affected. Source
2. DoorDash Hit by Yet Another Data Breach: DoorDash has experienced another data breach, affecting users' personal information, including email addresses. The company is enhancing its security measures and has engaged a cybersecurity forensic firm to investigate the breach. Source
3. Doctor Alliance, LLC Under Investigation for Data Breach: Doctor Alliance, LLC is under investigation for a data breach that compromised 1.2 million records. The breach has raised concerns about the security of sensitive personal and health information. Source
4. Afghan Data Breach: MoD Criticized: The Ministry of Defence (MoD) has been criticized for not doing enough to prevent future data breaches after 49 incidents involving Afghan citizens' relocation applications were disclosed. The breaches highlight significant security lapses in handling sensitive data. Source
5. Healthcare Therapy Services, Inc. Data Breach Investigation: Levi & Korsinsky, LLP is investigating a data breach at Healthcare Therapy Services, Inc., which has raised concerns over the security of sensitive personal and health information. The breach underscores the vulnerabilities in healthcare data protection. Source

Security Research

1. Amazon Inspector Detects Over 150,000 Malicious Packages Linked to Token Farming Campaign: On October 24, 2025, Amazon Inspector security researchers deployed a new detection rule, paired with AI, to identify a massive token farming campaign involving over 150,000 malicious packages. This highlights the growing sophistication of cyber threats and the importance of advanced detection tools. Source: AWS Blog.
2. Russian Hackers Create 4,300 Fake Travel Sites to Steal Hotel Guests' Payment Data: Security researcher Andrew Brandt from Netcraft uncovered a campaign by Russian hackers targeting the hospitality industry. They created 4,300 fake travel sites to steal payment data from hotel guests, showcasing the persistent threat to consumer data in the travel sector. Source: The Hacker News.
3. New 'IndonesianFoods' Worm Floods npm with 100,000 Packages: Security researcher Paul McCarty reported a spam campaign flooding npm with 100,000 packages, dubbed the IndonesianFoods worm. This incident underscores the vulnerabilities in open-source ecosystems and the need for vigilant monitoring. Source: Bleeping Computer.
4. Cohesity Research Finds Financial Ripples from Cyberattacks: A global study by Cohesity reveals that the financial impacts of cyberattacks extend beyond immediate losses, affecting long-term business operations and financial stability. This research emphasizes the broader economic implications of cyber threats. Source: Security Systems News.
5. DOJ Revives China Initiative Tactics: Investigating Academic Researchers: The Department of Justice has renewed its focus on research security, targeting academic researchers with undisclosed Chinese affiliations. This move highlights the ongoing geopolitical tensions and the importance of safeguarding intellectual property. Source: WilmerHale.

Top CVEs

1. CVE-2025-12817: Missing authorization in the PostgreSQL CREATE STATISTICS command allows a table owner to cause a denial of service against other users by creating in any schema. This vulnerability affects versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23. Source.
2. CVE-2025-12818: An integer wraparound in multiple PostgreSQL libpq client library functions can lead to undersized allocations and out-of-bounds writes, resulting in a segmentation fault for applications using libpq. This affects versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23. Source.
3. CVE-2025-64740: The Zoom Workplace VDI Client for Windows has an improper verification of cryptographic signatures in its installer, potentially allowing an authenticated user to escalate privileges locally. Source.
4. CVE-2025-12762: pgAdmin versions up to 9.9 are vulnerable to Remote Code Execution (RCE) when running in server mode and restoring from PLAIN-format dump files. This allows attackers to execute arbitrary commands on the server, posing a critical risk to the database management system. Source.
5. CVE-2025-47913: SSH clients that receive SSH_AGENT_SUCCESS when expecting a typed response will panic, causing early termination of the client. Source.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is as dynamic as ever. From major corporations like AT&T and DoorDash grappling with data breaches to the sophisticated tactics of cybercriminals targeting the hospitality industry, the need for robust cybersecurity measures has never been more pressing.

We've also seen the vulnerabilities in open-source ecosystems with the IndonesianFoods worm and the financial ripples of cyberattacks as highlighted by Cohesity's research. These stories remind us of the interconnected nature of our digital world and the importance of staying informed and vigilant.

Whether it's the latest vulnerabilities affecting PostgreSQL and Zoom or the geopolitical implications of the DOJ's renewed focus on research security, each piece of news underscores the critical role we all play in safeguarding our digital environments.

If you found today's insights valuable, please consider sharing this newsletter with your friends and colleagues. Together, we can build a more secure digital future. Stay safe and see you in the next edition of Secret CISO!