Welcome to today's edition of Secret CISO, where the digital landscape is fraught with challenges and revelations. Our journey begins with ALT5 Sigma's legal battle against a former consultant over a data breach, a tale of trust betrayed and sensitive information mishandled. Meanwhile, Discord finds itself under the microscope as an investigation unfolds into a security incident involving a third-party vendor, raising alarms about user data exposure.

In the realm of justice, San Joaquin County Superior Court grapples with the fallout of a data breach that has compromised personal information, while Hyundai faces a cyber siege affecting 2.7 million Kia owners, spotlighting vulnerabilities in data security practices. The resignation of the Food Safety Administration head following a major data breach adds another layer to today's narrative of accountability and reform.

On the technological frontier, Samsung devices are under threat from the 'Landfall' spyware exploiting a zero-day flaw, while a US adoption organization's oversight leaves over a million records exposed online. QNAP's swift action to patch seven zero-day vulnerabilities highlights the critical need for timely security updates.

As we delve deeper, we explore the emerging challenges of prompt injections in AI systems and the security risks posed by agentic browsers, underscoring the evolving nature of cyber threats. Finally, we dissect a series of critical vulnerabilities, from Elastic Cloud Enterprise's privilege escalation flaw to Samba's remote command execution risk, each a reminder of the relentless pursuit of security in an ever-connected world.

Stay vigilant, stay informed, and join us as we navigate the intricate web of cybersecurity in today's Secret CISO.

Data Breaches

1. ALT5 Sigma sues former consultant over alleged data breach: ALT5 Sigma Corporation has initiated legal proceedings against Wellington Peel, LLC, and associated individuals, alleging a data breach. The lawsuit, filed in Delaware Chancery Court, accuses the defendants of mishandling sensitive information, potentially impacting the company's operations. Source: DataBreaches.Net
2. INVESTIGATION ALERT: Levi & Korsinsky, LLP Announces Investigation of Discord, Inc. Data Breach: Discord is under investigation following a security incident involving a third-party vendor responsible for managing its customer support operations. The breach has raised concerns about the potential exposure of user data, prompting legal scrutiny. Source: CBS42
3. San Joaquin County Superior Court concludes sensitive info leaked in data breach: A data breach at San Joaquin County Superior Court has resulted in the exposure of sensitive personal information, including Social Security numbers and credit card details. The court has acknowledged the breach and is taking steps to mitigate the impact on affected individuals. Source: Lodi News
4. Hyundai's Cyber Siege: 2.7 Million Kia Owners Caught in Data Breach Crossfire: A significant data breach has affected 2.7 million Kia owners, compromising sensitive information such as Social Security numbers and driver's license details. The breach, which occurred in March 2025, has raised serious concerns about data security practices at Hyundai. Source: WebProNews
5. Food Safety Administration head resigns following major data breach: The director of the Administration for Food Safety has resigned following a major data breach that exposed sensitive information. The incident has prompted a reevaluation of data security measures within the organization to prevent future breaches. Source: STA

Security Research

1. Samsung Zero-Day Flaw Exploited by 'Landfall' Spyware: Security researchers have identified a zero-day vulnerability in Samsung devices being exploited by the 'Landfall' spyware. This sophisticated malware includes multiple anti-analysis mechanisms to evade detection and has been targeting Samsung Galaxy users. The discovery highlights the ongoing challenges in securing mobile devices against advanced threats. Source: BankInfoSecurity.
2. Over 1 Million Records from US Adoption Organization Left Exposed Online: Security researcher Jeremiah Fowler discovered a non-password-protected, unencrypted database containing over a million records from a US adoption organization. The exposed data included sensitive information, raising significant privacy concerns and highlighting the risks of inadequate data protection measures. Source: MSN.
3. QNAP Fixes Seven NAS Zero-Day Flaws Exploited at Pwn2Own: QNAP addressed seven zero-day vulnerabilities in their network-attached storage (NAS) devices that were exploited during the Pwn2Own hacking competition. These vulnerabilities allowed attackers to gain unauthorized access and control over the devices, emphasizing the importance of timely security updates. Source: Bleeping Computer.
4. Understanding Prompt Injections: A Frontier Security Challenge: OpenAI has been advancing research into prompt injections, a new security challenge for AI systems. These attacks manipulate AI models by injecting malicious prompts, potentially leading to unintended behaviors. The research aims to develop robust defenses against such vulnerabilities. Source: OpenAI.
5. Agentic Browsers: The New Frontier in Web Security Risks: Research by Palo Alto Networks reveals that side panels in multiple AI browsers can be hijacked by malicious extensions, posing significant security risks. This new threat vector underscores the need for enhanced security measures in browser design and extension management. Source: Palo Alto Networks Blog.

Top CVEs

1. CVE-2025-37736: Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. This vulnerability affects several APIs related to security service accounts and user authentication keys, potentially allowing unauthorized access and actions. Source.
2. CVE-2025-7700: A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files, leading to a denial of service. Although it does not result in data theft or system control, it can disrupt services. Source.
3. CVE-2025-10966: curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This vulnerability prevents curl from detecting MITM attackers, potentially compromising the security of data transfers. Source.
4. CVE-2025-10230: A flaw was found in Samba, in the front-end WINS hook handling, where NetBIOS names from registration packets are passed to a shell without proper validation or escaping. This allows an unauthenticated network attacker to achieve remote command execution as the Samba Active Directory Domain Controller. Source.
5. CVE-2025-64439: LangGraph SQLite Checkpoint contains a Remote Code Execution (RCE) vulnerability in versions 2.1.2 and below when deserializing payloads saved in the "json" serialization mode. This issue arises from the JsonPlusSerializer's handling of illegal Unicode surrogate values, which is fixed in version 3.0. Source.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the landscape of cybersecurity is as dynamic as ever. From legal battles over data breaches to the discovery of zero-day vulnerabilities, the stories we've covered today highlight the critical importance of vigilance and proactive measures in safeguarding sensitive information.

Whether it's the legal implications faced by companies like ALT5 Sigma and Discord, the massive data exposures affecting millions of individuals, or the technical vulnerabilities in systems like Samsung devices and QNAP NAS, each story serves as a reminder of the complex challenges we face in the digital age. The resignation of the Food Safety Administration head and the ongoing research into AI security further underscore the need for robust security frameworks and continuous innovation.

As we continue to navigate these challenges, sharing knowledge and insights becomes crucial. If you found today's newsletter informative, please consider sharing it with your friends and colleagues. Together, we can foster a more informed and secure community, better equipped to tackle the evolving threats in cybersecurity.

Thank you for joining us today. Stay secure, stay informed, and see you in the next edition of Secret CISO!