Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity challenges and data protection dilemmas unfolding across the globe. In South Korea, SK Telecom grapples with a staggering $91.4 million fine following a massive data breach, while Coupang faces scrutiny over its own data mishap. These incidents are reshaping the nation's regulatory landscape, demanding a closer look at compliance and enforcement.

Across the pond, the UK's Information Commissioner's Office is under fire, with civil liberties groups calling for an inquiry into its enforcement efficacy after a significant Afghan data breach. Meanwhile, in the United States, a cyber attack on Jackson County's emergency warning system exposes vulnerabilities in critical infrastructure, echoing similar concerns raised by Iberia's recent breach in the aviation sector.

On the technical front, a newly discovered flaw in the glob library threatens remote code execution, emphasizing the need for vigilance in software security. Simultaneously, a new Android malware bypasses encryption in popular messaging apps, posing a severe threat to user privacy. As if that weren't enough, a critical 7-Zip vulnerability demands immediate manual updates to prevent exploitation.

In the automotive world, cybersecurity researcher Eaton Zveare warns of the hidden dangers lurking in modern vehicles, urging manufacturers to bolster their defenses. Finally, a special report sheds light on the cyberattack group BQT.Lock, linked to Hezbollah, highlighting the geopolitical implications of cyber warfare.

Join us as we delve deeper into these stories, exploring the evolving landscape of cybersecurity and the relentless pursuit of safeguarding our digital world.

Data Breaches

1. South Korea's SK Telecom Reviews Record Fine for Data Breach: Fallout from SK Telecom's massive data breach continues to mount, with the company now reviewing a record 134.8 billion won ($91.4 million) fine. The breach has sparked significant scrutiny and potential regulatory changes in South Korea's data protection landscape. Source: MLex
2. Civil Liberties Groups Call for Inquiry into UK Data Protection Watchdog: Campaigners, including the Good Law Project, are demanding an inquiry into the UK's Information Commissioner's Office (ICO) following a perceived collapse in enforcement activity after an Afghan data breach. This situation highlights concerns over the effectiveness of data protection enforcement in the UK. Source: The Guardian
3. Coupang Faces Breach Investigation in South Korea: Coupang is under investigation by South Korea's privacy regulator following a data breach that exposed personal information of approximately 4500 individuals. The investigation is focusing on the company's reporting timeline and compliance with data protection laws. Source: MLex
4. Cyber Attack Causes Data Exposure in Jackson County: A cyber attack on the emergency warning service used by the Jackson County Sheriff's Office might have exposed phone numbers and passwords of residents. This breach has raised concerns about the security of critical infrastructure systems. Source: KFVS12
5. Spanish Flag Carrier Iberia Admits to Cyber Attack: Iberia has confirmed a cyber attack that compromised customer data. The airline has activated its security protocols and is working to mitigate the impact of the breach, which underscores the ongoing vulnerability of the aviation sector to cyber threats. Source: Paddle Your Own Kanoo

Security Research

1. Weaponized file name flaw allows RCE through glob - The Register: Security researchers at AISLE have identified a critical vulnerability (CVE-2025-64756) in the glob library that allows remote code execution (RCE). This flaw, rated 7.5, doesn't affect all glob users but poses a significant risk to those impacted. The discovery highlights the importance of scrutinizing even seemingly minor components in software ecosystems. Source: The Register.
2. Hackers Bypass Signal, Telegram And WhatsApp Encryption To Read Messages - Forbes: ThreatFabric's security researchers have uncovered a new Android malware capable of bypassing encryption in popular messaging apps like Signal, Telegram, and WhatsApp. This malware allows attackers to read messages, posing a severe threat to user privacy and communication security. The discovery underscores the ongoing challenges in securing mobile communications against sophisticated threats. Source: Forbes.
3. Critical 7 Zip Vulnerability With Public Exploit Requires Manual Update - Hackread: A critical vulnerability in 7-Zip, identified as CVE-2025-11001, has been flagged by Microsoft due to its public exploit. Security researcher Dominik, known as pacbypass, has highlighted the need for users to manually update their software to mitigate the risk. This vulnerability emphasizes the importance of timely software updates to protect against potential exploits. Source: Hackread.
4. Modern car cybersecurity: a ticking time bomb for drivers - 32Cars.ru: Security researcher Eaton Zveare warns that car manufacturers are facing cybersecurity incidents that often go unnoticed. The increasing integration of digital systems in vehicles creates vulnerabilities that could be exploited by attackers, posing risks to driver safety and privacy. This research calls for heightened awareness and proactive measures in automotive cybersecurity. Source: 32Cars.ru.
5. Special Report – Hezbollah in the Digital Sphere: The Cyberattack Group BQT.Lock and Its Leader Karim Fayad - Israel Alma: This report delves into the activities of the cyberattack group BQT.Lock, linked to Hezbollah, and its leader Karim Fayad. The research highlights the group's cyber capabilities and their impact on regional security dynamics. Understanding such threats is crucial for developing effective countermeasures in the digital domain. Source: Israel Alma.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is as dynamic and challenging as ever. From South Korea's SK Telecom grappling with a record fine to the vulnerabilities in messaging apps like Signal and WhatsApp, the stories we've covered today underscore the critical importance of vigilance and proactive measures in cybersecurity.

Whether it's the scrutiny faced by the UK's ICO or the ongoing investigations into data breaches at Coupang and Iberia, these incidents remind us that no organization is immune to cyber threats. Meanwhile, the discovery of vulnerabilities in software components like the glob library and 7-Zip highlights the need for constant attention to even the smallest details in our digital ecosystems.

As we navigate these complex challenges, sharing knowledge and insights becomes more crucial than ever. If you found today's newsletter insightful, consider sharing it with your friends and colleagues. Together, we can foster a community that's better prepared to tackle the evolving threats in the cybersecurity world.

Thank you for being a part of Secret CISO. Stay informed, stay secure, and we'll see you in the next edition!