Welcome to today's edition of Secret CISO, where we unravel the tangled web of cybersecurity breaches and vulnerabilities that have surfaced on December 17th. In a world where data is the new currency, today's revelations are a stark reminder of the fragility of our digital fortresses.

We begin with a chilling breach in Ontario, where a school board's data, spanning decades, has been compromised, exposing sensitive information of students and staff alike. This incident echoes across borders to North Kansas City, where a hospital's data breach investigation raises alarms about the sanctity of patient information.

Meanwhile, in Montague, the breach of an emergency notification system forces a swift platform change, underscoring the critical need for robust cybersecurity in our communication networks. SoundCloud users are not spared either, as a breach affects a significant portion of its user base, shaking the trust in this popular music streaming service.

On a global scale, hackers linked to Russia have infiltrated critical infrastructure, exploiting vulnerabilities in edge devices, a stark reminder of the persistent threat of state-sponsored cyberattacks. As if that weren't enough, researchers have discovered that parked domains are increasingly serving malicious content, posing a growing threat to unsuspecting internet users.

In the realm of software, a rogue NuGet package masquerades as a legitimate tool, stealthily stealing cryptocurrency wallet data, while browser extensions quietly record AI conversations, unbeknownst to millions of users. These incidents highlight the ever-present risks of third-party software and the importance of vigilance.

Finally, we delve into the world of vulnerabilities, where Apache Commons Text, phpfm, and PimpMyLog are exposed for their security flaws, each offering a unique vector for potential exploitation. These vulnerabilities serve as a stark reminder of the need for continuous security assessments and updates.

Stay informed, stay secure, and join us as we navigate the ever-evolving landscape of cybersecurity threats and defenses.

Data Breaches

1. Ontario School Board Data Breach: A significant data breach has affected an Ontario school board, compromising sensitive information such as Social Insurance Numbers and bank accounts. The breach impacts students dating back to 1989, raising concerns about long-term data security and privacy. Source: Global News.
2. NKC Health Data Breach Investigation: North Kansas City Hospital, operating as NKC Health, is under investigation for a data breach. The breach has raised alarms about the security of patient information and the potential for unauthorized access to sensitive health data. Source: Strauss Borrelli PLLC.
3. Montague CodeRED Data Breach: The emergency notification system OnSolve CodeRED experienced a data breach, prompting the town of Montague to switch to a new emergency notification platform. This incident highlights the vulnerabilities in critical communication systems and the need for robust cybersecurity measures. Source: Recorder.
4. SoundCloud Data Breach: SoundCloud has confirmed a data breach affecting a fifth of its users, with limited data exposed by a threat actor group. The breach has caused instability and concerns over user privacy on the popular music streaming platform. Source: BetaNews.
5. Russia-linked Hackers Breach Critical Infrastructure: Hackers associated with Russia have breached critical infrastructure organizations by exploiting vulnerabilities in edge devices. This breach underscores the ongoing threat posed by state-sponsored cyberattacks on essential services and infrastructure. Source: Cybersecurity Dive.

Security Research

1. Most Parked Domains Now Serving Malicious Content: Researchers at Infoblox have discovered that a significant number of parked domains are now being used to serve malicious content. This trend poses a growing threat to internet users as these domains can be exploited to distribute malware or phishing attacks. The study highlights the need for enhanced monitoring and security measures to protect users from these evolving threats. Source: Krebs on Security.
2. Rogue NuGet Package Poses as Tracer.Fody, Steals Cryptocurrency Wallet Data: A malicious NuGet package masquerading as a legitimate .NET tracing tool has been discovered, which actually functions as a cryptocurrency wallet stealer. This package, posing as Tracer.Fody, highlights the risks associated with using third-party packages and the importance of verifying the authenticity of software components. Security researchers urge developers to exercise caution and implement robust security practices. Source: The Hacker News.
3. Six Million Users Trusted This Extension Without Knowing What It Records: Security researchers have identified that Urban-branded browser extensions have been recording users' AI conversations since July 2025 without their knowledge. Users are advised to uninstall these extensions immediately to protect their privacy. This incident underscores the importance of scrutinizing browser extensions and being aware of the potential privacy risks they pose. Source: CyberPress.
4. Researchers Expose Security Flaws In AI Agents Built On Microsoft Copilot Studio: Tenable researchers have uncovered security vulnerabilities in AI agents developed using Microsoft Copilot Studio. These agents can be compromised through prompt injection attacks, leading to data exposure and potential fraud. The findings emphasize the need for rigorous security assessments and safeguards when deploying AI-driven solutions. Source: The 420.
5. Chrome, Edge Privacy Extensions Quietly Snarf AI Chats: Research from Koi Security has revealed that certain privacy extensions for Chrome and Edge browsers are covertly capturing AI chat data. This discovery raises concerns about the privacy implications of using such extensions and highlights the necessity for users to be vigilant about the tools they install. Source: The Register.

Top CVEs

1. CVE-2025-46295: Apache Commons Text versions prior to 1.10.0 had a vulnerability in their text-substitution API that could be exploited when untrusted input was passed through. This could lead to remote code execution by triggering actions such as command execution or accessing external resources. The issue has been resolved in FileMaker Server 22.0.4. Source: Vulners.
2. CVE-2023-53894: The phpfm 1.7.9 version contains an authentication bypass vulnerability due to loose type comparison in password hash validation. Attackers can exploit this by crafting password hashes starting with 0e or 00e, allowing them to bypass authentication and upload malicious PHP files to the server. Source: Vulners.
3. CVE-2023-53895: PimpMyLog 1.7.14 has an improper access control vulnerability that lets remote attackers create admin accounts without authorization via the configuration endpoint. This is done by exploiting the unsanitized username field to inject malicious JavaScript, potentially creating a hidden backdoor account and accessing sensitive server-side log information. Source: Vulners.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is fraught with challenges and vulnerabilities. From the Ontario School Board's data breach affecting decades of student records to the sophisticated attacks on critical infrastructure by state-sponsored hackers, the need for vigilance and robust cybersecurity measures has never been more pressing.

We've also seen how seemingly innocuous tools, like browser extensions and third-party packages, can harbor hidden threats, compromising user privacy and security. The revelations about Urban-branded extensions and rogue NuGet packages serve as stark reminders of the importance of scrutinizing the software we trust with our data.

Moreover, the vulnerabilities exposed in AI agents and popular software components like Apache Commons Text highlight the ongoing battle against exploitation and the critical need for continuous security assessments and updates.

In a world where parked domains can serve malicious content and privacy extensions can quietly capture sensitive data, staying informed and proactive is key. We hope today's insights empower you to strengthen your defenses and navigate the digital realm with confidence.

If you found this newsletter valuable, please share it with your friends and colleagues. Together, we can build a more secure and informed community, ready to tackle the cybersecurity challenges of tomorrow.

Until next time, stay safe and vigilant!