Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity challenges and breakthroughs. As we dive into today's stories, a common thread emerges: the relentless pursuit of data security amidst evolving threats and vulnerabilities.

South Korea's e-commerce giant, Coupang, grapples with a massive data breach affecting 33.7 million customers, igniting a national debate on data protection laws. Meanwhile, AT&T customers face a ticking clock to claim their share of a $177 million settlement from past breaches. In the realm of healthcare, Devereux Advanced Behavioral Health finds itself under scrutiny following a data breach that raises alarms over sensitive health information.

Educational institutions aren't spared either, as the FTC mandates Illuminate Education Inc. to bolster its defenses after a student data breach. Dartmouth College joins the list of victims, with a ransomware attack compromising personal information of over 40,000 individuals.

In the digital landscape, security researcher Tuval Admoni exposes the dark side of popular browser extensions turned spyware, while hackers adopt "Living Off the Land" techniques to stealthily bypass Windows defenses. AI models show promise in blocking single attacks but falter against persistent threats, highlighting the need for continuous innovation in AI security.

Developers are reminded of the importance of secure coding practices as a researcher uncovers 17,000 secrets in public GitLab repositories. Meanwhile, a critical flaw in a new Microsoft Teams feature underscores the necessity of rigorous security testing in software development.

Finally, we delve into the technical realm with vulnerabilities like CVE-2025-3500 in Avast Antivirus, CVE-2024-39148 in KerOS, and CVE-2025-59789 in Apache bRPC, each presenting unique challenges and urging users to update and patch their systems promptly.

Stay informed, stay secure, and join us as we navigate the ever-evolving cybersecurity landscape.

Data Breaches

1. Coupang Faces Major Data Breach, Affecting 33.7 Million Customer Accounts: South Korea's largest online retailer, Coupang, has suffered a massive data breach impacting nearly 34 million customers. The breach has prompted calls for stricter penalties and highlighted significant gaps in data protection within the country. Source, Source, Source.
2. Deadline to File a Claim in AT&T Settlement is Near: AT&T is nearing the deadline for claims related to a $177 million settlement following two data breaches announced last year. Affected customers are urged to submit claims before the extended deadline. Source.
3. Devereux Advanced Behavioral Health Data Breach Investigation: Devereux Advanced Behavioral Health has reported a data breach, prompting an investigation by law firm Edelson Lechtzin LLP. The breach has raised concerns about the security of sensitive health information. Source.
4. FTC Orders Ed Tech Firm to Secure Data After Student Data Breach: Illuminate Education Inc. has been ordered by the FTC to enhance its data security measures following a breach that exposed student information. The company must implement a comprehensive data security program and delete unnecessary data. Source, Source.
5. Dartmouth Data Breach Exposes Personal Information: Dartmouth College has experienced a data breach affecting over 40,000 individuals. The breach involved a ransomware attack on Oracle E-Business Suite software, compromising personal information. Source, Source.

Security Research

1. ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into Spyware: Security researcher Tuval Admoni has uncovered that popular browser extensions, with over 4.3 million installs, have been turned into spyware. This alarming discovery highlights the vulnerability of browser extensions to malicious exploitation, posing significant privacy risks to users. Source: The Hacker News
2. Hackers Moving to “Living Off the Land” Techniques to Attack Windows Systems Bypassing EDR: Security researchers have identified a shift in hacker tactics, where attackers are now using legitimate Windows tools to bypass Endpoint Detection and Response (EDR) systems. This "Living Off the Land" approach makes it more challenging to detect and prevent attacks, as it leverages trusted system utilities. Source: CyberPress
3. AI models block 87% of single attacks, but just 8% when attackers persist: Research by Cisco's AI Threat Research and Security team reveals that AI models are highly effective at blocking single attacks, with an 87% success rate. However, their effectiveness drops drastically to just 8% when faced with persistent attackers, highlighting the need for continuous improvement in AI-based security measures. Source: VentureBeat
4. Security researcher uncovers 17,000 secrets in Public GitLab repositories: A security researcher has discovered over 17,000 exposed credentials, including API keys, in public GitLab repositories. This finding underscores the critical need for developers to implement better security practices to protect sensitive information in code repositories. Source: TechRadar
5. Guest Chat: Cyber Researchers Find Critical Flaw in New Teams Feature: A newly launched Microsoft Teams feature intended to simplify external communication has inadvertently introduced a serious security vulnerability. This flaw could potentially be exploited by attackers, emphasizing the importance of thorough security testing in software development. Source: UC Today

Top CVEs

1. CVE-2025-3500: Integer Overflow or Wraparound vulnerability in Avast Antivirus 25.1.981.6 on Windows allows Privilege Escalation. This vulnerability affects versions from 25.1.981.6 before 25.3, potentially allowing attackers to escalate privileges on affected systems. Users are advised to update to the latest version to mitigate this risk. Source: vulners.com.
2. CVE-2024-39148: The service wmp-agent of KerOS prior to version 5.12 does not properly validate ‘magic URLs’, enabling unauthenticated remote attackers to execute arbitrary OS commands as root. This vulnerability is typically mitigated by local firewall protections, but systems exposed over the network are at risk. Users should update to the latest version to secure their systems. Source: vulners.com.
3. CVE-2025-59789: Uncontrolled recursion in the json2pb component in Apache bRPC version 1.15.0 allows remote attackers to crash the server via deep recursive JSON data. The vulnerability arises from the use of rapidjson's recursive parsing method, which can lead to stack overflow. Users should upgrade to the latest version or apply the available patch to introduce a recursion depth limit. Source: vulners.com.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is ever-evolving, with new challenges and vulnerabilities emerging at every turn. From major data breaches affecting millions to the discovery of critical software flaws, the importance of robust cybersecurity measures cannot be overstated.

Whether it's the massive data breach at Coupang, the looming deadline for AT&T's settlement claims, or the alarming spyware hidden in popular browser extensions, each story serves as a reminder of the vigilance required to protect sensitive information. The shift in hacker tactics to "Living Off the Land" techniques and the limitations of AI in persistent attack scenarios further highlight the need for continuous adaptation and improvement in our security strategies.

We hope you found today's insights valuable and encourage you to share this newsletter with friends and colleagues who might benefit from staying informed about the latest cybersecurity developments. Together, we can build a more secure digital future.

Until next time, stay safe and stay informed!