Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity threats and vulnerabilities that have surfaced on December 10th. In this issue, we delve into a series of alarming data breaches and vulnerabilities that underscore the ever-evolving landscape of cyber threats.

Our journey begins with the Space Bears ransomware group, which has claimed responsibility for a data breach at Comcast via contractor Quasar Inc., highlighting the critical need for stringent security measures with third-party vendors. Meanwhile, the financial sector is not spared, as ThinkMarkets faces a severe data breach allegedly orchestrated by the Chaos ransomware group.

Petco's inadvertent exposure of sensitive personal information serves as a stark reminder of the importance of secure application settings, while the Alert Long Beach emergency notification system's offline status following a targeted attack raises concerns about the security of public safety infrastructure.

In the realm of development environments, malicious packages in VS Code, Go, npm, and Rust have been discovered, posing significant threats to software development security. Additionally, a 700% increase in hypervisor ransomware attacks has been reported, emphasizing the need for enhanced protection of virtual environments.

We also explore the vulnerabilities in the Model Context Protocol (MCP) that allow prompt injection attacks, and the insights into QuasarRAT's core functions and security techniques. Furthermore, we highlight an EU-funded project led by Johanna Karvonen, exploring how AI can protect subsea infrastructure.

Finally, we uncover critical vulnerabilities, including CVE-2023-23729 in Brainstorm Force Spectra, CVE-2025-65882 in openmptcprouter, CVE-2025-33214 in NVIDIA NVTabular, CVE-2025-64667 in Microsoft Exchange Server, and CVE-2022-46845 in Essential Plugin Slider, each posing significant security risks if left unaddressed.

Stay informed and vigilant as we navigate these complex cybersecurity challenges together.

Data Breaches

1. Space Bears Ransomware Claims Comcast Data Breach via Contractor Quasar Inc.: This incident underscores the vulnerabilities associated with third-party vendors, where a contractor's security lapse can lead to significant data breaches. The breach highlights the need for stringent security measures and oversight when dealing with external partners. Source: SC World
2. Exclusive: Online Trading Broker ThinkMarkets Suffers Alleged Data Breach: Australian online brokerage ThinkMarkets has reportedly experienced a severe data breach. The breach was claimed by a ransomware group known as Chaos, emphasizing the ongoing threat of ransomware attacks in the financial sector. Source: Cyber Daily
3. Petco Data Breach: Application Setting 'Inadvertently' Shared Personal Information Online: Petco experienced a data breach where sensitive personal information, including Social Security numbers and account details, was inadvertently exposed online. This breach highlights the critical importance of secure application settings and data protection protocols. Source: Fox 10 Phoenix
4. Alert Long Beach Emergency Notification System Taken Offline After Data Breach: The Alert Long Beach emergency notification system was taken offline following a targeted attack by an organized group. This breach raises concerns about the security of critical public safety infrastructure and the need for robust cybersecurity measures. Source: LB Post
5. Cybersecurity 'Incident' Leads to Potential Data Breach for Tigard CodeRED Subscribers: A potential data breach involving Tigard CodeRED subscribers is linked to an incident with OnSolve (Crisis24), the vendor hosting the service. This incident highlights the risks associated with third-party service providers and the need for comprehensive incident response plans. Source: KPTV

Security Research

1. Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data: Security researchers have discovered malicious packages in popular development environments like VS Code, Go, npm, and Rust. These packages are capable of stealing sensitive developer data, including screen content and WiFi credentials, posing a significant threat to software development security. Source: The Hacker News
2. Researchers Spot 700 Percent Increase in Hypervisor Ransomware Attacks: Security researchers at Huntress have reported a staggering 700% increase in ransomware attacks targeting hypervisors. This alarming trend underscores the need for enhanced security measures to protect virtual environments from increasingly sophisticated ransomware threats. Source: The Register
3. New Prompt Injection Attack Using Malicious MCP Servers Can Drain System Resources: Security researchers have identified critical vulnerabilities in the Model Context Protocol (MCP) that allow malicious servers to execute prompt injection attacks. These attacks can severely drain system resources, highlighting the importance of securing protocol implementations. Source: Cyber Press
4. Unveiling the Core Functions and Security Techniques of QuasarRAT: Researchers have delved into the security techniques and core functions of QuasarRAT, a remote access tool used in cybercrime and espionage. This research provides insights into its operational mechanisms and the security measures needed to counteract its threats. Source: Cyber Press
5. Guarding Europe's Hidden Lifelines: How AI Could Protect Subsea Infrastructure: Security researcher Johanna Karvonen is leading an EU-funded project to explore how AI can be used to protect subsea infrastructure. This research aims to enhance the security of critical underwater assets against potential threats. Source: Horizon Magazine

Top CVEs

1. CVE-2023-23729: Missing Authorization vulnerability in Brainstorm Force Spectra allows exploitation due to incorrectly configured access control security levels. This affects versions from n/a through 2.3.0, potentially allowing unauthorized access. Source.
2. CVE-2025-65882: A vulnerability in openmptcprouter through version 0.64 allows attackers to potentially write arbitrary files or execute arbitrary commands due to an issue in the sysupgrade.c file. This could lead to significant security breaches if exploited. Source.
3. CVE-2025-33214: NVIDIA NVTabular for Linux contains a deserialization vulnerability in the Workflow component. Successful exploitation might lead to code execution, denial of service, information disclosure, and data tampering. Source.
4. CVE-2025-64667: A user interface misrepresentation vulnerability in Microsoft Exchange Server allows unauthorized attackers to perform spoofing over a network. This could lead to significant security risks if not addressed. Source.
5. CVE-2022-46845: Missing Authorization vulnerability in Essential Plugin Slider a SlidersPack allows exploitation due to incorrectly configured access control security levels. This affects versions from n/a before 2.3, posing a risk of unauthorized access. Source.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the cybersecurity landscape is as dynamic and challenging as ever. From the Space Bears ransomware incident affecting Comcast through a third-party contractor to the malicious packages lurking in popular development environments, the threats are diverse and evolving. Each story serves as a reminder of the critical importance of vigilance, robust security measures, and the need for continuous learning and adaptation in our strategies.

Whether it's the alarming rise in hypervisor ransomware attacks or the vulnerabilities in widely-used software, staying informed is our best defense. The insights shared today underscore the necessity for organizations to not only protect their own systems but also ensure that their partners and vendors are equally secure. The interconnected nature of our digital world means that a breach anywhere can have far-reaching consequences.

We hope you found today's newsletter insightful and valuable. If you did, please consider sharing Secret CISO with your friends and colleagues. By spreading awareness and knowledge, we can collectively strengthen our defenses against the ever-present cyber threats. Together, we can build a more secure digital future.

Thank you for joining us today. Stay safe, stay informed, and we'll see you in the next edition of Secret CISO!