Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity threats and innovations shaping our digital landscape. In this issue, we delve into a series of alarming breaches and groundbreaking developments that underscore the ever-evolving nature of cyber threats.

Our journey begins on the high seas, where hackers are commandeering freighters using Remote Monitoring and Management tools, a tactic that has seen a surge in recent months. This maritime menace is a stark reminder of the vulnerabilities lurking in our global supply chains.

Meanwhile, on the digital front, Google has sounded the alarm for Gmail users, urging them to abandon compromised passwords in the wake of a significant security breach. This incident reignites the debate on the efficacy of password-based security systems and the urgent need for more robust authentication methods.

In Australia, while data breaches are on the decline, human error has emerged as a formidable foe, particularly in the health sector. This trend highlights the critical need for comprehensive training and awareness programs to fortify defenses against inadvertent data leaks.

Healthcare systems in the U.S. are also under siege, with data breaches impacting behavioral health networks and oncology groups, exposing sensitive patient information. These incidents underscore the pressing need for enhanced cybersecurity measures in protecting healthcare data.

Law enforcement surveillance systems are not immune either, as stolen police logins are being peddled on cybercrime forums, potentially compromising Flock surveillance cameras. This breach raises significant concerns about the security of public safety systems.

On the innovation front, OpenAI's launch of Aardvark, an AI agent designed to autonomously identify and fix software vulnerabilities, marks a significant leap forward in cybersecurity practices. However, the discovery of a novel backdoor, SesameOp, leveraging OpenAI Assistants API for command and control, highlights the dual-use nature of AI technologies in cyber threats.

Finally, we spotlight critical vulnerabilities, including OS command injection in the Metro Development Server and SQL injection in Geutebruck G-Cam E-Series Cameras, emphasizing the need for vigilance and proactive measures to safeguard digital infrastructures.

Stay informed and stay secure with Secret CISO, as we continue to navigate the complex and ever-changing world of cybersecurity.

Data Breaches

1. Hackers use RMM tools to breach freighters and steal cargo shipments: Hackers have been increasingly using Remote Monitoring and Management (RMM) tools to infiltrate freighter systems and steal cargo shipments. This method has gained traction with nearly two dozen campaigns recorded since August, highlighting a growing trend in cybercriminal tactics. The attacks underscore the need for enhanced security measures in the shipping industry to protect against such breaches. Source: Bleeping Computer
2. 'Gmail Security Breach'—Stop Using Your Password, Warns Google: Google has issued a warning to Gmail users following reports of breached passwords, urging them to stop using their current passwords. The breach has prompted Google to implement changes in its security protocols to better protect user accounts. This incident highlights the ongoing vulnerabilities in password-based security systems and the need for more robust authentication methods. Source: Forbes
3. Fewer data breaches in Australia, but human error now a bigger threat: While the number of data breaches in Australia has decreased, human error has emerged as a significant threat, accounting for a large portion of incidents. Malicious or criminal attacks remain the primary cause of breaches, but the rise in human error highlights the need for better training and awareness programs. The health sector continues to be a major target, emphasizing the importance of securing sensitive information. Source: Computer Weekly
4. Data Theft Hits Behavioral Health Network in 3 States: A data breach has impacted a behavioral health network operating in three states, compromising personal information. The breach was detected on June 6, and the network has since been working with regulators to address the incident. This breach underscores the vulnerabilities in healthcare systems and the critical need for robust cybersecurity measures to protect sensitive patient data. Source: Bank Info Security
5. Beverly Hills Oncology Data Breach Exposes Personal Information: The Beverly Hills Oncology Medical Group has experienced a data breach, exposing personal information of patients. The breach occurred between February 7 and February 11, 2025, and is currently under investigation by legal authorities. This incident highlights the ongoing risks faced by healthcare providers in safeguarding patient data against cyber threats. Source: GlobeNewswire

Security Research

1. Lawmakers say stolen police logins are exposing Flock surveillance cameras to hackers: A recent investigation revealed that stolen police logins are being sold on a Russian cybercrime forum, potentially exposing Flock surveillance cameras to unauthorized access. This breach raises significant concerns about the security of law enforcement surveillance systems and the potential misuse of sensitive data. Lawmakers are urging for a thorough investigation to address these vulnerabilities and protect public safety. Source: TechCrunch
2. MIT Sloan shelves paper about AI-driven ransomware: MIT Sloan and Safe Security researchers have withdrawn a paper discussing AI-driven ransomware due to concerns over its implications. The paper highlighted how AI could be used to enhance ransomware attacks, raising ethical and security questions. This move underscores the ongoing debate about the dual-use nature of AI technologies in cybersecurity. Source: The Register
3. Cyber-enabled cargo theft targeting North American ports: A new wave of cyber-enabled cargo theft is targeting ports across North America, exploiting vulnerabilities in logistics and supply chain systems. Cybercriminals are using sophisticated techniques to intercept and reroute shipments, causing significant financial losses. This trend highlights the urgent need for enhanced cybersecurity measures in the transportation sector. Source: SC Media
4. OpenAI Launches AI Agent for Cybersecurity: OpenAI has introduced Aardvark, an AI agent designed to function like a human security researcher. This tool autonomously identifies and fixes software vulnerabilities, potentially revolutionizing cybersecurity practices. Aardvark's development marks a significant step forward in leveraging AI to enhance digital security and reduce human error. Source: AI Business
5. SesameOp: Novel backdoor uses OpenAI Assistants API for command and control: Microsoft security researchers have identified a novel backdoor named SesameOp that utilizes the OpenAI Assistants API for command and control operations. This malware represents a new frontier in cyber threats, leveraging AI technologies to enhance its capabilities. The discovery calls for increased vigilance and adaptation in cybersecurity strategies to counter such advanced threats. Source: Microsoft Security Blog

Top CVEs

1. CVE-2025-11953: The Metro Development Server, used by the React Native Community CLI, is vulnerable to OS command injection due to its default binding to external interfaces. This flaw allows unauthenticated network attackers to execute arbitrary executables by sending a POST request to the server. On Windows systems, attackers can run arbitrary shell commands, posing a significant security risk. Source: Vulners.
2. CVE-2025-12463: An unauthenticated SQL Injection vulnerability was found in Geutebruck G-Cam E-Series Cameras, specifically through the Group parameter in the /uapi-cgi/viewer/Param.cgi script. This vulnerability affects the EFD-2130 camera running a specific firmware version, potentially allowing attackers to manipulate database queries and access sensitive information. Source: Vulners.
3. CVE-2025-60503: A cross-site scripting (XSS) vulnerability in the administrative interface of UltimatePOS 4.8 allows authenticated attackers to execute arbitrary JavaScript. The flaw occurs in the purchase functionality, where input is reflected without proper escaping in the admin log panel's 'reference No.' field. This could lead to session hijacking or other malicious activities within an administrator's browser session. Source: Vulners.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the cybersecurity landscape is as dynamic and challenging as ever. From hackers exploiting RMM tools to breach freighters, to the vulnerabilities exposed in healthcare and law enforcement systems, the need for robust security measures is more pressing than ever. Google's warning about password breaches and the rise of AI-driven threats further emphasize the evolving nature of cyber risks.

While the number of data breaches in Australia may have decreased, the rise in human error as a significant threat reminds us that cybersecurity is not just about technology, but also about people. The incidents affecting behavioral health networks and oncology groups highlight the critical need for vigilance in protecting sensitive information.

In the world of vulnerabilities, the recent discoveries of CVEs affecting various systems serve as a stark reminder of the importance of staying informed and proactive in patching and securing our digital environments. The introduction of OpenAI's Aardvark offers a glimpse into the future of AI-enhanced cybersecurity, promising new ways to tackle these challenges.

We hope you found today's insights valuable. If you did, please consider sharing this newsletter with your friends and colleagues. Together, we can build a more secure digital world by staying informed and prepared. Until next time, stay safe and vigilant!