Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity breaches and vulnerabilities that have shaken the digital landscape. In a dramatic turn of events, Coupang's CEO has stepped down following a massive data breach that went undetected for months, affecting thousands of customers. This incident is a stark reminder of the critical need for robust security measures in the e-commerce sector.

Meanwhile, the healthcare industry is grappling with its own set of challenges. From Henry Ford Health to MercyOne, and even Massachusetts' largest health insurer, data breaches have exposed sensitive patient information, underscoring the vulnerabilities in third-party vendor relationships.

On the technology front, urgent patches are being rolled out to address critical vulnerabilities. Ivanti Endpoint Manager and Notepad++ have both issued emergency updates to fend off potential exploits, while Google DeepMind and OpenAI are taking proactive steps to bolster cybersecurity through strategic partnerships and innovative tools.

In the realm of vulnerabilities, a series of CVEs have been identified, each posing significant risks to systems worldwide. From unauthorized access to camera configurations to unsafe DLL loading in MailEnable, these vulnerabilities highlight the ongoing battle against cyber threats and the necessity for vigilant security practices.

Join us as we delve deeper into these stories, providing insights and expert analysis to help you navigate the ever-evolving cybersecurity landscape.

Data Breaches

1. Coupang CEO resigns over massive data breach: Coupang, a major South Korean e-commerce company, faced a significant data breach that led to the resignation of CEO Park Dae-jun. The breach, which went unnoticed for several months, affected over 4,500 customers, prompting a leadership change. Source: The Korea Herald, The Straits Times, TechCrunch.
2. North Atlantic States Carpenters Benefit Funds Data Breach: The North Atlantic States Carpenters Benefit Funds (NASCBF) experienced a data breach, leading to an investigation by Lynch Carpenter, LLP. The breach has raised concerns about the security of sensitive information held by the organization. Source: GlobeNewswire.
3. Henry Ford Health reports data breach: Henry Ford Health disclosed a data breach involving unauthorized access to 1,984 patient records. The organization is offering free credit monitoring to those affected as part of their response to the incident. Source: Becker's Hospital Review.
4. Vendor cyber breach may have exposed patient information, MercyOne says: MercyOne has informed patients about a data breach involving their third-party technology vendor. The breach, which occurred nearly a year ago, may have exposed sensitive patient information. Source: KCCI.
5. Major data breach involving Mass.' largest health insurer exposes Social Security numbers: A significant data breach at Conduent Services, a third-party service provider for Blue Cross Blue Shield, has exposed Social Security numbers and other sensitive information of patients. The incident highlights vulnerabilities in third-party vendor relationships. Source: MassLive.

Security Research

1. Act now! Analysts recommend immediate patching of critical Ivanti Endpoint Manager vulnerability: A cybersecurity researcher at Rapid7 has discovered a critical vulnerability in Ivanti Endpoint Manager, which could allow attackers to execute remote code. This vulnerability poses a significant risk to organizations using the platform, and experts are urging immediate patching to prevent potential exploitation. Source: Cyber Daily.
2. Notepad++ releases emergency patch as hackers exploit updater to deploy malware: Security researcher Kevin Beaumont reported that hackers have been exploiting a vulnerability in the Notepad++ updater to deploy malware. This has led to compromises in at least three organizations in East Asia, prompting an emergency patch release to mitigate the threat. Source: CyberNews.
3. Deepening our partnership with the UK AI Security Institute - Google DeepMind: Google DeepMind has announced a strengthened collaboration with the UK AI Security Institute, focusing on critical safety and security research. This partnership aims to address the growing challenges posed by AI advancements and enhance cybersecurity measures. Source: Google DeepMind Blog.
4. The Fragile Lock: Novel Bypasses For SAML Authentication: Researchers at PortSwigger have uncovered new bypass techniques for SAML authentication, highlighting vulnerabilities in XML Signature Wrapping (XSW) attacks. These findings emphasize the need for improved security measures in SAML implementations to prevent authentication bypasses. Source: PortSwigger Research.
5. Strengthening cyber resilience as AI capabilities advance | OpenAI: OpenAI has introduced Aardvark, an agentic security researcher designed to help developers and security teams identify and fix vulnerabilities at scale. This tool is part of OpenAI's efforts to enhance cyber resilience as AI technologies continue to evolve. Source: OpenAI.

Top CVEs

1. CVE-2025-13607: A vulnerability allows malicious actors to access camera configuration information, including account credentials, without authentication by exploiting a vulnerable URL. This poses a significant risk as attackers can potentially manipulate camera settings or gain unauthorized access to sensitive data. Source.
2. CVE-2025-67642: Jenkins HashiCorp Vault Plugin versions 371.v884a4dd60fb6 and earlier fail to set the appropriate context for Vault credentials lookup. This oversight allows attackers with Item/Configure permission to access and potentially capture Vault credentials they are not entitled to, posing a serious security threat. Source.
3. CVE-2025-14390: The Video Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 5.0.4 due to missing or incorrect nonce validation. This flaw enables unauthenticated attackers to upload arbitrary files, potentially leading to remote code execution if a site administrator is tricked into performing certain actions. Source.
4. CVE-2025-34422: MailEnable versions prior to 10.54 suffer from an unsafe DLL loading vulnerability, allowing local arbitrary code execution. A local attacker with write access can plant a malicious DLL, which is then executed with the privileges of the process, leading to potential system compromise. Source.
5. CVE-2025-41732: An unauthenticated remote attacker can exploit unsafe sscanf calls within the checkcookie function to write arbitrary data into fixed-size stack buffers, leading to full device compromise. This vulnerability highlights the critical need for secure coding practices to prevent buffer overflow attacks. Source.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape remains as dynamic and challenging as ever. From high-profile data breaches leading to leadership changes, like the resignation of Coupang's CEO, to vulnerabilities in widely-used software such as Ivanti Endpoint Manager and Notepad++, the need for vigilance and proactive measures in cybersecurity is more pressing than ever.

We've also seen how partnerships, like Google DeepMind's collaboration with the UK AI Security Institute, are crucial in addressing the evolving threats posed by AI advancements. Meanwhile, OpenAI's introduction of Aardvark underscores the importance of innovative tools in enhancing cyber resilience.

In the world of vulnerabilities, the recent discoveries in SAML authentication and various CVEs remind us of the constant need for secure coding practices and timely patching to protect sensitive information and systems from exploitation.

We hope you found today's insights valuable and urge you to stay informed and prepared. If you enjoyed this newsletter, please share it with your friends and colleagues. Together, we can build a more secure digital future.

Until next time, stay safe and vigilant!