Welcome to today's edition of Secret CISO, where we unravel the tangled web of data breaches and cybersecurity threats that are reshaping our digital landscape. In a world where personal information is as valuable as gold, today's stories highlight the vulnerabilities that continue to plague both individuals and organizations.

We begin with a staggering revelation: a data breach at Conduent has compromised the personal information of 25 million Americans, including half of Texas' population. As if that weren't enough, SoundCloud and Discord have also fallen victim to cybercriminals, exposing millions of user accounts and raising serious questions about their security practices.

Meanwhile, Senegal's national ID card department has been breached by the Green Blood Group, underscoring the global reach of cyber threats. In the healthcare sector, Gryphon Healthcare has settled a $2.8 million lawsuit following a data breach, offering a stark reminder of the financial and reputational costs of inadequate security measures.

On the offensive side, a new tool called "RecoverIt" is making waves by exploiting Windows service failure recovery functions, providing cybersecurity professionals with innovative methods to test defenses. However, the threat landscape continues to evolve, with AI-enabled romance scams and sophisticated ransomware tactics challenging traditional security measures.

In the realm of vulnerabilities, a zero-click flaw in Claude Extensions remains unpatched, and a Firebase misconfiguration has exposed 300 million messages from an AI chat app. These incidents highlight the critical need for vigilance and proactive measures in securing digital platforms.

Finally, we delve into the technical intricacies of recent vulnerabilities, including flaws in Keycloak, Harden-Runner, and DNS infrastructure, each presenting unique challenges and emphasizing the importance of robust cybersecurity practices.

Stay informed, stay secure, and join us as we navigate the ever-changing world of cybersecurity.

Data Breaches

1. Conduent Data Breach Exposed 25 Million Americans: A massive data breach at tech firm Conduent has compromised the personal information of at least 25 million Americans, including roughly half of Texas' population. The breach has raised significant concerns about data security practices at the company. Source: NY Post
2. SoundCloud Data Breach Affects 28 Million Users: SoundCloud's network was breached by the ShinyHunters cybercriminal group, exposing the data of 28 million users. The breach highlights vulnerabilities in the platform's security measures and has led to a lawsuit. Source: Westlaw
3. Discord Data Breach Exposes 70,000 IDs: Discord faced backlash after a data breach exposed 70,000 user IDs, prompting the company to enhance security measures. The incident has raised concerns about the platform's ability to protect user data. Source: Ars Technica
4. Senegal National ID Card Department Breach: A ransomware gang known as Green Blood Group claimed responsibility for breaching Senegal's national ID card department, stealing 139 GB of data. The breach has significant implications for national security and data privacy. Source: The Record
5. Gryphon Healthcare Data Breach Settlement: Gryphon Healthcare reached a $2.8 million settlement following a data breach that compromised patient information. Affected individuals may be eligible for compensation as part of the class action settlement. Source: Top Class Actions

Security Research

1. New RecoverIt Tool Exploits Windows Service Failure Recovery Functions to Execute Payload: A new open-source offensive security tool named "RecoverIt" has been released, offering Red Teamers and penetration testers a novel method for exploiting Windows service failure recovery functions to execute payloads. This tool provides a fresh approach to security testing, enhancing the capabilities of cybersecurity professionals. Source: Cybersecurity News
2. Valentine's Day is coming: How vulnerable are you to AI-enabled romance scams?: Deepfakes and AI chatbots are transforming romance scams into an industrial-scale threat that extracts millions from Australian victims each year. This research highlights the growing sophistication of scams and the need for increased awareness and protective measures. Source: UNSW Sydney
3. Hackers Deliver Global Group Ransomware Offline via Phishing Emails: The attack uses deceptive Windows shortcut files (.lnk) and a unique 'mute' mode to encrypt data offline and evade traditional security detection. This method represents a significant evolution in ransomware tactics, challenging existing security defenses. Source: Hackread
4. New Zero-Click Flaw in Claude Extensions, Anthropic Declines Fix: Security researchers from LayerX identified a new flaw in 50 Claude Desktop Extensions that could lead to unauthorized remote code execution. Despite the potential risks, Anthropic has declined to fix the vulnerability, raising concerns about user safety. Source: Infosecurity Magazine
5. AI chat app leak exposes 300 million messages tied to 25 million users: A security researcher found an exposed database belonging to the Chat & Ask AI app, once again traced back to a Firebase misconfiguration. This incident underscores the ongoing challenges of securing user data in AI applications. Source: Malwarebytes

Top CVEs

1. CVE-2026-1529: A vulnerability in Keycloak allows attackers to exploit a flaw by modifying the organization ID and target email within a legitimate invitation token's JSON Web Token (JWT) payload. This lack of cryptographic signature verification enables unauthorized self-registration into organizations, leading to potential unauthorized access. Source: Vulners.
2. CVE-2026-25598: Harden-Runner, a CI/CD security agent for GitHub Actions runners, has a vulnerability in its Community Tier prior to version 2.14.2. This flaw allows outbound network connections to bypass audit logging, specifically through the sendto, sendmsg, and sendmmsg socket system calls, when using egress-policy: audit. The issue is resolved in version 2.14.2. Source: Vulners.
3. CVE-2025-59024: Crafted delegations or IP fragments can poison cached delegations in Recursor, potentially leading to incorrect DNS resolutions and security risks. This vulnerability highlights the importance of securing DNS infrastructure against such attacks. Source: Vulners.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is fraught with challenges and opportunities alike. From the massive data breaches affecting millions of users across platforms like Conduent, SoundCloud, and Discord, to the innovative tools like RecoverIt that are reshaping cybersecurity strategies, the need for vigilance and adaptation has never been more pressing.

We also explored the evolving threats posed by AI-enabled scams and sophisticated ransomware tactics, underscoring the importance of staying informed and prepared. The vulnerabilities in widely-used systems, such as Keycloak and GitHub Actions, remind us of the critical need for robust security measures and timely updates.

In this interconnected world, sharing knowledge is key to strengthening our defenses. If you found today's insights valuable, please consider sharing this newsletter with your friends and colleagues. Together, we can build a more secure digital future.

Stay safe, stay informed, and see you in the next edition of Secret CISO!