Welcome to today's edition of Secret CISO, where we unravel the tangled web of cybersecurity breaches and vulnerabilities that have shaken the digital world. In a day marked by revelations and repercussions, we dive into the latest incidents that underscore the relentless nature of cyber threats.

DoorDash finds itself in the spotlight with a data breach linked to a social engineering attack, leading to an $18 million settlement in Chicago. Meanwhile, Eurofiber France grapples with a breach that saw hackers attempting to sell customer data, raising alarms across the industry.

The magnitude of data breaches reaches a new peak as 1.3 billion passwords are exposed, reminding us of the ever-present danger of credential stuffing. SSA Holdings faces legal scrutiny after a breach exposed Social Security Numbers, highlighting the critical need for protecting personal information.

In Africa, a breach in Somalia's e-visa system compromises the data of 35,000 travelers, including citizens from South Africa and other nations, spotlighting vulnerabilities in digital visa systems.

On the technical front, a new tool named "SilentButDeadly" emerges, capable of bypassing EDR and antivirus systems, posing a significant threat to network security. The NIH Genomics Project faces scrutiny over a security gap, while Fortinet's delayed vulnerability disclosure leaves defenders scrambling.

As we delve into these stories, we also uncover critical vulnerabilities such as CVE-2025-48593, CVE-2025-36357, and CVE-2025-13229, each presenting unique challenges and emphasizing the importance of timely updates and robust security practices.

Stay informed and vigilant as we navigate through these complex security landscapes, ensuring you're equipped with the knowledge to protect your digital assets.

Data Breaches

1. DoorDash discloses data breach and $18M Chicago settlement: DoorDash has revealed a data breach resulting from a social engineering attack targeting an employee. This breach allowed unauthorized access to sensitive information, prompting the company to settle for $18 million in Chicago. DoorDash is actively working with law enforcement and has implemented enhanced security measures to prevent future incidents. Source: TheStreet
2. Eurofiber France warns of breach after hacker tries to sell customer data: Eurofiber France has reported a data breach where hackers accessed its ticket management system. The breach was discovered when hackers attempted to sell customer data, raising significant security concerns. Eurofiber is currently investigating the incident and working to secure its systems. Source: Bleeping Computer
3. Mother of all data breaches sees 1.3 BILLION passwords exposed: A massive data breach has exposed 1.3 billion passwords, combining past breaches with credential-stuffing lists. This breach poses a significant threat as attackers can use these credentials to access multiple accounts. Users are advised to check if their passwords are compromised and update them immediately. Source: Daily Mail
4. SSA Holdings Data Breach Exposes SSNs; Attorneys Investigating: SSA Holdings has experienced a data breach that exposed Social Security Numbers (SSNs), prompting legal investigations. Affected individuals are encouraged to seek legal advice to understand their rights and potential compensation. The breach highlights the importance of safeguarding sensitive personal information. Source: Class Action
5. South Africa, 4 other African nations affected as e-visa hack exposes 35000 travelers: A cybersecurity breach in Somalia's e-visa system has compromised the personal data of 35,000 travelers, including citizens from South Africa and four other African nations. This breach underscores the vulnerabilities in digital visa systems and the need for robust cybersecurity measures. Source: Business Insider Africa

Security Research

1. SilentButDeadly: New Tool Blocks Network Traffic to Bypass EDR and Antivirus: Security researcher Ryan Framiñán has developed a tool named "SilentButDeadly" that exploits the Windows Filtering Platform to block network traffic, effectively bypassing Endpoint Detection and Response (EDR) and antivirus systems. This tool poses a significant threat as it can sever cloud communications, making it difficult for security systems to detect malicious activities. Source: GBHackers.
2. Inspector General Flags Security Gap in NIH Genomics Project: A recent report by the Inspector General has highlighted a security gap in the NIH Genomics Project, specifically within the Data and Research Center's Researcher Workbench. This gap could potentially expose sensitive participant data to unauthorized access, raising concerns about data privacy and security in genomic research. Source: BankInfoSecurity.
3. Fortinet's Delayed Alert on Actively Exploited Defect Put Defenders at a Disadvantage: Fortinet faced criticism for delaying the disclosure of a vulnerability that was actively being exploited, leaving defenders at a disadvantage. The delay in alerting users and security teams allowed attackers to exploit the defect further, highlighting the importance of timely vulnerability disclosures. Source: CyberScoop.
4. 70M+ Installs at Risk as Logic Flaw Exposes Internal Networks: Security researcher Bruno discovered a logic flaw that allows attackers to bypass standard PHP sanitization functions, putting over 70 million installations at risk. This vulnerability could expose internal networks to unauthorized access, emphasizing the need for robust input validation mechanisms. Source: Cyber Press.
5. DoorDash Email Spoofing Vulnerability Sparks Messy Disclosure Dispute: A pseudonymous security researcher, doublezero7, identified a flaw in DoorDash's email system that could be exploited for phishing attacks. The disclosure of this vulnerability led to a dispute over the handling and communication of the security issue, highlighting challenges in vulnerability management and disclosure practices. Source: BleepingComputer.

Top CVEs

1. CVE-2025-48593: This vulnerability in btahfclientcbinit of btahfclientmain.cc allows for possible remote code execution due to a use after free. No additional execution privileges or user interaction are needed, making it a critical threat for remote exploitation. Source: Vulners.
2. CVE-2025-36357: IBM Planning Analytics Local versions 2.1.0 through 2.1.14 are vulnerable to directory traversal attacks. A remote authenticated user can exploit this by sending a specially crafted URL request, potentially allowing them to view, read, or write arbitrary files on the system. Source: Vulners.
3. CVE-2025-13229: A type confusion vulnerability in V8 in Google Chrome prior to version 142.0.7444.59 could allow a remote attacker to exploit heap corruption via a crafted HTML page. This issue has been rated with high severity by Chromium security. Source: Vulners.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is as dynamic as ever, with new challenges emerging at every turn. From DoorDash's data breach settlement to the massive exposure of 1.3 billion passwords, these incidents remind us of the critical importance of robust cybersecurity measures. Whether it's the vulnerabilities in digital visa systems affecting thousands of travelers or the silent threats posed by tools like SilentButDeadly, staying informed is our best defense.

We also explored the complexities of vulnerability management, as seen in the DoorDash email spoofing dispute and Fortinet's delayed alert. These stories underscore the need for timely and transparent communication in the cybersecurity community. Meanwhile, the critical vulnerabilities like CVE-2025-48593 and CVE-2025-13229 highlight the ongoing battle against potential exploits that could have far-reaching consequences.

In a world where data breaches and security gaps can have significant impacts, sharing knowledge is key. If you found today's insights valuable, please consider sharing this newsletter with your friends and colleagues. Together, we can build a more secure digital future by staying informed and vigilant.

Thank you for joining us today. Stay safe, stay secure, and see you in the next edition of Secret CISO!