Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity incidents and innovations shaping our digital landscape. On December 19th, we delve into a series of unsettling data breaches and vulnerabilities that have captured the attention of legal experts and security researchers alike.

In a striking parallel, Lynch Carpenter, LLP is at the forefront of investigating data breaches at both Parexel and Richmond Behavioral Health Authority, raising alarms about data security practices. Meanwhile, the Heart of Texas Behavioral Health Network and MedStar Health are grappling with their own data breach challenges, highlighting the critical need for robust data protection measures.

As we navigate these breaches, the House Science Committee's review of the CHIPS Act underscores the importance of safeguarding technological advancements amidst global competition. In a bid to bolster software security, Apiiro's new AI-powered SAST tool emerges as a beacon of hope, promising to detect and fix vulnerabilities with unprecedented efficiency.

On the international front, a China-aligned threat group exploits Windows Group Policy for espionage, while North Korean hackers intensify their cryptocurrency theft operations, underscoring the evolving threat landscape. Adding to the urgency, a critical vulnerability in Apache Commons Text demands immediate attention to prevent remote code execution.

Finally, we spotlight a series of CVEs, including vulnerabilities in SonicWall, Microsoft Edge, FFmpeg, NI LabVIEW, and WatchGuard Fireware OS, each posing significant risks if left unaddressed. As we dissect these developments, today's newsletter serves as a stark reminder of the relentless pursuit of security in an ever-evolving digital world.

Data Breaches

1. Parexel Data Breach Claims Investigated by Lynch Carpenter: Lynch Carpenter, LLP is actively investigating claims against Parexel following a data breach incident. The firm is offering legal reviews for affected individuals to explore potential claims. This breach has raised significant concerns about data security practices within the company. Source: GlobeNewswire
2. Richmond Behavioral Health Authority Data Breach Claims Investigated by Lynch Carpenter: Similar to the Parexel incident, Lynch Carpenter, LLP is also investigating a data breach involving the Richmond Behavioral Health Authority. The breach has prompted legal scrutiny and potential claims from affected parties. The investigation aims to address the breach's impact on personal data security. Source: GlobeNewswire
3. Heart of Texas Behavioral Health Network Warns of Security & Data Breach: The Heart of Texas Behavioral Health Network has issued a warning regarding a security and data breach incident. As a HIPAA-covered entity, the breach has significant implications for patient privacy and data security. The network is taking steps to notify affected individuals and mitigate the breach's impact. Source: FOX 44
4. Canary Data Breach Investigation: Strauss Borrelli PLLC is investigating a data breach involving Canary Benefits Inc. The breach has prompted legal action to determine the extent of the data compromise and potential remedies for affected individuals. This incident highlights ongoing vulnerabilities in data protection practices. Source: Strauss Borrelli PLLC
5. MedStar Health Notifying Patients of Data Theft Breach: MedStar Health is in the process of notifying patients about a data theft breach that resulted in sensitive files being uploaded to public access. The breach has led to a consolidated lawsuit and raised concerns about the security of patient information. MedStar is working to address the breach and prevent future incidents. Source: GovInfoSecurity

Security Research

1. House Science Committee Reviews Research Security and CHIPS Act Implementation: The House Science, Space, and Technology Committee recently held a hearing to examine the implementation of the CHIPS Act and its implications for research security. This discussion is crucial as it addresses the safeguarding of technological advancements and intellectual property in the U.S. amidst global competition. Source: NTD
2. Apiiro Launches AI-SAST That Detects, Validates and Fixes: Apiiro has introduced a new AI-powered Static Application Security Testing (SAST) tool that mimics the cognitive processes of expert security researchers. This technology aims to enhance software security by detecting, validating, and fixing code vulnerabilities efficiently, leveraging a combination of AST and LLM symbiosis. Source: GlobeNewswire
3. China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware: Security researchers have identified a China-aligned threat group exploiting Windows Group Policy to deploy espionage malware. This method allows attackers to manage settings and permissions on Windows systems, posing significant risks to targeted organizations. Source: The Hacker News
4. Bigger attacks, fewer targets: North Korea steals 51% more crypto in 2025: North Korean hackers have increased their cryptocurrency theft by 51% in 2025, focusing on fewer but more significant targets. This trend highlights the growing sophistication and impact of North Korean cyber operations in the financial sector. Source: DL News
5. Critical Apache Commons Text Vulnerability Enables Remote Code Execution: A critical vulnerability in Apache Commons Text has been disclosed, allowing for remote code execution. This flaw, responsibly reported by an anonymous security researcher, underscores the importance of timely patching and vulnerability management in software development. Source: Cyber Press

Top CVEs

1. CVE-2025-40602: A local privilege escalation vulnerability exists in the SonicWall SMA1000 appliance management console AMC due to insufficient authorization. This flaw allows attackers to gain elevated privileges, potentially leading to unauthorized access and control over the system. Organizations using this appliance should prioritize patching to mitigate potential exploitation. Source: Vulners.
2. CVE-2025-65046: Microsoft Edge Chromium-based browsers are affected by a spoofing vulnerability. This issue could allow attackers to deceive users by presenting misleading information, potentially leading to phishing attacks or other forms of social engineering. Users are advised to update their browsers to the latest version to protect against this vulnerability. Source: Vulners.
3. CVE-2025-63757: An integer overflow vulnerability in the yuv2ya16Xctemplate function in FFmpeg 8.0 could lead to unexpected behavior or crashes. This flaw may be exploited by attackers to execute arbitrary code, making it critical for users to update to a patched version of FFmpeg. Source: Vulners.
4. CVE-2025-64463: NI LabVIEW is vulnerable to an out-of-bounds read in LVResource::DetachResource when parsing corrupted VI files. This vulnerability could result in information disclosure or arbitrary code execution if a user opens a specially crafted file. Users should ensure they are using the latest version to avoid exploitation. Source: Vulners.
5. CVE-2025-14733: WatchGuard Fireware OS contains an out-of-bounds write vulnerability that may allow remote unauthenticated attackers to execute arbitrary code. This affects both Mobile User VPN and Branch Office VPN configurations using IKEv2 with a dynamic gateway peer. Users should apply the latest updates to secure their systems. Source: Vulners.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is as dynamic as ever. From data breaches affecting major organizations like Parexel and MedStar Health to critical vulnerabilities in widely-used software, the importance of staying informed and vigilant cannot be overstated. These incidents remind us of the ever-present need for robust security measures and proactive risk management.

Whether it's the legal investigations by Lynch Carpenter, the technological advancements in AI-powered security tools by Apiiro, or the geopolitical implications of cyber threats from state-aligned groups, each story underscores the multifaceted challenges we face in cybersecurity today. The ongoing discussions in the House Science Committee about research security and the CHIPS Act further highlight the intersection of policy and technology in safeguarding our digital future.

We hope you found today's insights valuable and encourage you to share this newsletter with your friends and colleagues. By spreading awareness and fostering a community of informed professionals, we can collectively enhance our defenses against the evolving threats in the cyber world.

Stay secure, stay informed, and see you in the next edition of Secret CISO!