Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity breaches and vulnerabilities that are shaping the digital landscape. In this issue, we delve into a series of alarming incidents that underscore the critical importance of robust security measures across various sectors.

We begin with a legal storm brewing in Southern Oregon, where a neurosurgery clinic faces a $5 million lawsuit following a phishing attack that compromised sensitive patient data. This incident echoes across the nation to Michigan, where unauthorized access to a British influencer's medical records at a hospital raises serious internal security concerns.

Meanwhile, the IRS finds itself in hot water over an unlawful data sharing breach with the Department of Homeland Security, sparking debates on taxpayer privacy. In the aviation sector, Tulsa International Airport grapples with a ransomware attack, prompting a reevaluation of its security protocols.

On the global stage, Coupang's delayed breach disclosure has put the e-commerce giant under regulatory scrutiny, affecting its market standing. Simultaneously, a security researcher uncovers a massive data leak involving 287 Chrome extensions, highlighting the persistent risks of browser add-ons.

In the realm of emerging threats, AI-generated malware exploiting the React2Shell vulnerability presents a new challenge for cybersecurity defenses, while exposed training environments in Fortune 500 cloud infrastructures open doors for crypto-mining exploits.

Hardware vulnerabilities come to light as a Google-Intel audit reveals a severe flaw in Intel's TDX technology, capable of full system compromise. Additionally, new insights into a SolarWinds RCE attack chain emphasize the ongoing risks in software supply chains.

Finally, we explore a series of GitLab vulnerabilities that have been addressed, ensuring enhanced security and protection against unauthorized access and operations.

Stay informed and vigilant as we navigate these complex cybersecurity challenges together.

Data Breaches

1. Southern Oregon Neurosurgery Clinic Sued Over Data Breach: The Southern Oregon Neurosurgery clinic is facing a lawsuit seeking $5 million in damages due to a data breach caused by a phishing attack. The breach led to unauthorized access to sensitive patient information, raising significant privacy concerns. Source: KOBI-TV NBC5
2. Unauthorized Access of Medical Records at Michigan Hospital: A data breach at a Michigan hospital involved unauthorized access to the medical records of British influencer Josh. Multiple hospital employees reportedly accessed his private medical information without consent, highlighting issues of internal data security. Source: 9and10news
3. IRS Data Sharing with DHS Breach: The IRS has been implicated in a data breach involving the unlawful sharing of taxpayer information with the Department of Homeland Security. This breach has raised significant privacy concerns and legal challenges regarding the handling of sensitive taxpayer data. Source: Common Dreams
4. Tulsa International Airport Data Breach: Tulsa International Airport experienced a ransomware attack, leading to a data breach. Although operations were not impacted, the incident has prompted an investigation into the security measures in place at the airport. Source: KJRH
5. Coupang Data Breach Fallout: Coupang, a major e-commerce platform, disclosed a data breach affecting over 33 million users. The breach has led to regulatory scrutiny in South Korea due to delayed reporting, impacting the company's governance trust and share valuation. Source: Yahoo Finance

Security Research

1. Security researcher finds 287 Chrome extensions leaking data: A security researcher discovered that 287 Chrome extensions, with a combined 37 million installs, were leaking users' visited URLs to over 30 recipients. This significant breach highlights the ongoing risks associated with browser extensions and the need for users to be cautious about the add-ons they install. Source: The Register.
2. AI-Generated Malware Exploits React2Shell for Tiny Profit: Security researchers have identified AI-generated malware exploiting the React2Shell vulnerability. This development allows attackers with minimal technical skills to leverage AI for creating malware, posing a new challenge for cybersecurity defenses. Source: BankInfoSecurity.
3. Exposed Training Open the Door for Crypto-Mining in Fortune 500 Cloud Environments: A security researcher from Pentera Labs revealed how exposed training environments in Fortune 500 companies' cloud infrastructures can be exploited for crypto-mining. This vulnerability underscores the importance of securing training environments to prevent unauthorized resource usage. Source: The Hacker News.
4. Google-Intel Security Audit Reveals Severe TDX Vulnerability Allowing Full Compromise: A collaborative security audit by Google Cloud and Intel's security researchers uncovered a severe vulnerability in Intel's TDX technology. This flaw could allow attackers to fully compromise affected systems, emphasizing the need for robust security measures in hardware technologies. Source: SecurityWeek.
5. Researchers delve inside new SolarWinds RCE attack chain: Huntress Security researchers have published new insights into a critical vulnerability in SolarWinds Web Help Desk (WHD), detailing how it can be exploited in a remote code execution (RCE) attack chain. This research highlights the ongoing risks associated with software supply chain vulnerabilities. Source: Computer Weekly.

Top CVEs

1. CVE-2025-12073: GitLab has addressed a vulnerability in GitLab CE/EE affecting versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4. This flaw could have allowed an authenticated user to perform server-side request forgery against internal services by bypassing protections in the Git repository import functionality. This issue has been remediated to prevent unauthorized access. Source: Vulners.
2. CVE-2025-12575: GitLab has fixed a vulnerability in GitLab EE affecting versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4. Under certain conditions, an authenticated user with specific permissions could make unauthorized requests to internal network services through the GitLab server. This issue has been resolved to enhance security. Source: Vulners.
3. CVE-2025-14594: A vulnerability in GitLab CE/EE affecting versions from 17.11 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 has been addressed. This flaw could have allowed an authenticated user to view certain pipeline values by querying the API. GitLab has remediated this issue to protect sensitive information. Source: Vulners.
4. CVE-2025-14592: GitLab has resolved a vulnerability in GitLab CE/EE affecting versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4. This issue could have allowed an authenticated user to perform unauthorized operations by submitting GraphQL mutations through the GLQL API endpoint. The fix ensures that unauthorized actions are prevented. Source: Vulners.
5. CVE-2026-1080: GitLab has patched a vulnerability in GitLab EE affecting versions from 16.7 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4. This flaw could have allowed an authenticated user to access iteration data from private descendant groups by querying the iterations API endpoint. The issue has been fixed to maintain data confidentiality. Source: Vulners.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is as dynamic as ever, with new challenges and vulnerabilities emerging across various sectors. From the Southern Oregon Neurosurgery Clinic's legal battle over a data breach to the alarming discovery of Chrome extensions leaking user data, these stories remind us of the critical importance of robust cybersecurity measures.

Whether it's the IRS's controversial data sharing with DHS or the ransomware attack at Tulsa International Airport, each incident underscores the need for vigilance and proactive security strategies. The Coupang data breach fallout and the AI-generated malware exploiting React2Shell further highlight the evolving nature of threats that organizations face today.

In the realm of software vulnerabilities, the recent GitLab patches serve as a crucial reminder of the importance of timely updates and security audits. Meanwhile, the severe TDX vulnerability discovered by Google and Intel, along with the new insights into the SolarWinds RCE attack chain, emphasize the ongoing risks associated with hardware and software supply chains.

We hope you found today's insights valuable and informative. If you did, please consider sharing this newsletter with your friends and colleagues. Together, we can stay informed and better prepared to tackle the cybersecurity challenges of tomorrow.

Thank you for being a part of the Secret CISO community. Stay safe and secure!