Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity challenges facing the digital world. In this issue, we delve into a series of alarming data breaches and vulnerabilities that underscore the urgent need for robust security measures.

Texas takes center stage as Attorney General Ken Paxton spearheads investigations into massive health data breaches, placing the state at the forefront of national data protection discussions. Meanwhile, Gravity Payments and Odido grapple with legal and security challenges following significant breaches, highlighting the critical importance of safeguarding sensitive information.

In the realm of AI, vulnerabilities in coding platforms and the rise of AI-driven cyber warfare demand our attention. From the OpenClaw security nightmare to state-backed hackers exploiting Gemini AI, the landscape of cyber threats continues to evolve, pushing the boundaries of traditional defenses.

On the technical front, we explore critical vulnerabilities affecting PostgreSQL and Dropbear SSH server, revealing potential risks of privilege escalation and unauthorized access. These discoveries serve as a stark reminder of the ever-present need for vigilance and proactive security strategies.

Join us as we navigate these pressing issues, offering insights and strategies to fortify your defenses in an increasingly complex cyber environment.

Data Breaches

1. Texas Probes Massive Health Data Breach Impacting Millions: Texas Attorney General Ken Paxton has initiated a comprehensive investigation into a significant data breach affecting millions of residents. The breach involves sensitive health data, raising concerns about privacy and security across the state. This move places Texas at the forefront of national discussions on data protection and regulatory responses. Source: Grand Pinnacle Tribune.
2. Gravity Payments Sued In Seattle Over 2025 Data Breach: Gravity Payments faces a class-action lawsuit in Washington federal court following a data breach that compromised credit card information. The lawsuit, filed by a Tennessee resident, highlights the ongoing legal challenges companies face in safeguarding customer data. This case underscores the importance of robust cybersecurity measures in protecting financial information. Source: Law360.
3. Odido Cyber Attack: Hackers Gained Access to 6.2 Million People's Data: A cyber attack on Odido resulted in unauthorized access to data belonging to 6.2 million individuals. The breach has raised significant concerns about data security and the potential misuse of personal information. This incident highlights the critical need for companies to enhance their cybersecurity defenses to protect customer data. Source: NL Times.
4. Discord Voluntarily Pushes Mandatory Age Verification Despite Recent Data Breach: In response to a recent data breach, Discord is implementing mandatory age verification to enhance user safety. While this measure aims to protect younger users, it also raises questions about data privacy and the effectiveness of such initiatives in preventing future breaches. The move reflects the ongoing challenges platforms face in balancing security and user privacy. Source: EFF.
5. Texas AG To Investigate Conduent, BCBS For Data Breach: The Texas Attorney General's office is investigating a data breach involving Conduent and Blue Cross Blue Shield (BCBS) that exposed sensitive information of over four million Texans. The breach, which occurred over several months, has prompted concerns about data security practices and the protection of personal health information. This investigation underscores the importance of regulatory oversight in safeguarding consumer data. Source: Law360.

Security Research

1. Noodlophile Stealer: When Cybercriminals Get a Bit Salty: Security researchers have uncovered a sophisticated multi-stage stealer variant that employs DLL sideloading and uses Telegram for command and control (C2). This discovery highlights the evolving tactics of cybercriminals and the need for robust defenses against such threats. Source: Morphisec Blog.
2. AI coding platform's flaws allow BBC reporter to be hacked: Security researcher Etizaz Mohsin demonstrated vulnerabilities in an AI coding platform to the BBC, showcasing how these flaws could be exploited to hack users. This incident underscores the importance of securing AI platforms against potential cyber threats. Source: BBC News.
3. What CISOs need to know about the OpenClaw security nightmare: Security researcher Maor Dayan has identified OpenClaw as a significant security incident in AI history, with research uncovering extensive vulnerabilities. This serves as a warning for organizations to prioritize AI security measures. Source: CSO Online.
4. Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support: Security researcher Farida Shafik reported that state-backed hackers are leveraging Gemini AI for reconnaissance and attack support, creating a false sense of security. This highlights the growing use of AI in cyber warfare. Source: The Hacker News.
5. These 4 critical AI vulnerabilities are being exploited faster than defenders can respond: Security researchers have identified several critical AI vulnerabilities, such as prompt injection and deepfake fraud, which are being exploited rapidly. The lack of known fixes for these flaws poses a significant challenge for defenders. Source: ZDNet.

Top CVEs

1. CVE-2026-21722: Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This vulnerability allows one to read the entire history of annotations visible on the specific dashboard, even those outside the locked timerange. However, it does not leak any annotations that would not otherwise be visible on the public dashboard. Source: Vulners.
2. CVE-2025-14282: A flaw in Dropbear SSH server allows users to connect to any Unix socket with root's credentials when running in multi-user mode. This vulnerability bypasses file system restrictions and SOPEERCRED/SOPASSCRED checks, posing a significant security risk. Source: Vulners.
3. CVE-2026-2005: A heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. This affects versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21. Source: Vulners.
4. CVE-2026-2003: Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. While the likelihood of attacks involving confidential information is low, the vulnerability affects versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21. Source: Vulners.
5. CVE-2026-2007: A heap buffer overflow in PostgreSQL pgtrgm allows a database user to achieve unknown impacts via a crafted input string. The vulnerability could potentially lead to privilege escalation, affecting PostgreSQL 18.1 and 18.0. Source: Vulners.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is more dynamic and challenging than ever. From Texas's proactive stance on health data breaches to the evolving tactics of cybercriminals like the Noodlophile Stealer, the need for robust cybersecurity measures is undeniable. The legal battles faced by companies like Gravity Payments and the regulatory investigations into Conduent and BCBS highlight the critical importance of data protection and privacy.

Meanwhile, the rise of AI in both cyber defense and offense, as seen with the vulnerabilities in AI coding platforms and the use of Gemini AI by state-backed hackers, underscores the dual-edged nature of technological advancements. The vulnerabilities identified in PostgreSQL and other platforms remind us that vigilance and timely updates are crucial in safeguarding our digital environments.

We hope you found today's insights valuable and thought-provoking. If you did, please consider sharing this newsletter with your friends and colleagues. Together, we can foster a community that is informed, prepared, and resilient in the face of cyber threats. Stay safe, stay secure, and see you in the next edition of Secret CISO!