Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity challenges and breakthroughs. Our journey begins in the Netherlands, where Odido, a telecom giant, finds itself at the center of a storm. A massive data breach has left 6.2 million customers vulnerable, with their information now deemed "gold" for criminals. This incident raises critical questions about the robustness of security measures in place to protect sensitive data.

As we shift our focus to the United States, Nevada takes a proactive stance by unveiling a new statewide data classification policy. This move comes on the heels of a recent cyberattack, marking a significant step towards fortifying the state's cybersecurity defenses. Meanwhile, Texas Attorney General Ken Paxton is on a quest for answers following a data breach involving Blue Cross Blue Shield and Conduent Business Services, highlighting the ongoing battle for data protection compliance.

In the realm of education, a concerning trend emerges as cyberattacks on schools plateau, yet the number of exposed records continues to climb. This underscores the persistent vulnerabilities within educational institutions, demanding immediate attention and action.

On the global stage, the Royal Oman Police launches an ambitious Security Research Competition, aiming to drive innovation in cybersecurity. Simultaneously, a security researcher takes a bold step by testing a device linked to the enigmatic 'Havana syndrome' on himself, fueling the debate surrounding this mysterious condition.

In the digital landscape, a staggering revelation comes to light as 287 Chrome extensions are caught harvesting browsing data from 37 million users. This discovery raises significant privacy concerns and calls for stricter oversight of browser extensions. Additionally, the DJI Romo robovac's poor security allows remote access to thousands of devices, serving as a stark reminder of the vulnerabilities inherent in IoT devices.

Finally, Brave's research team shines a spotlight on the security risks within the zkLogin authorization system used in blockchain transactions. This research highlights the urgent need for enhanced security protocols in the rapidly evolving world of blockchain technology.

Stay with us as we delve deeper into these stories, exploring the implications and solutions that shape the future of cybersecurity.

Data Breaches

1. Stolen Odido Data Worth “Gold” for Criminals: The Dutch telecom provider Odido suffered a significant data breach, exposing information from 6.2 million customers. Experts have labeled the stolen data as highly valuable for criminals, emphasizing the potential for misuse in fraudulent activities. Source: NL Times.
2. Dutch Phone Giant Odido Says Millions of Customers Affected by Data Breach: Odido, a major Dutch telecom company, confirmed a data breach impacting millions of customers. The breach has raised concerns about the security measures in place to protect sensitive customer information. Source: DataBreaches.net.
3. Nevada Unveils New Statewide Data Classification Policy Months After Cyberattack: Following a recent cyberattack, Nevada has introduced a new data classification policy aimed at enhancing the state's cybersecurity posture. This move is part of a broader effort to prevent future breaches and protect sensitive data. Source: DataBreaches.net.
4. Cyber Attacks on Schools Plateaued in 2025, but More Records Exposed: Despite a plateau in the number of cyberattacks on schools in 2025, the volume of exposed records continues to rise. Experts predict further increases as more disclosures are made, highlighting the ongoing vulnerability of educational institutions. Source: DataBreaches.net.
5. AG Paxton Seeks Information for BCBS; Conduent Data Breach: Texas Attorney General Ken Paxton is seeking information from Blue Cross Blue Shield of Texas and Conduent Business Services following a data breach. The inquiry aims to understand the breach's impact and ensure compliance with data protection regulations. Source: MSN.

Security Research

1. 287 Chrome Extensions Caught Harvesting Browsing Data from 37M Users: A security researcher named Q Continuum has uncovered a massive data harvesting operation involving 287 Chrome extensions. These extensions have been secretly collecting browsing data from 37 million users, raising significant privacy concerns. Source: Hackread.
2. ROP launches 2025 Security Research Competition: The Royal Oman Police (ROP) has initiated the 2025 Security Research Competition to foster innovation and advancements in cybersecurity. This initiative aims to encourage research that enhances sustainable security measures. Source: Oman Observer.
3. Researcher skeptical of 'Havana syndrome' tested secret weapon on himself: A security researcher conducted an experiment on himself to test a device related to the controversial 'Havana syndrome.' This self-experimentation highlights the ongoing debate and investigation into the mysterious condition affecting diplomats. Source: The Washington Post.
4. The DJI Romo robovac had security so poor, this man remotely accessed thousands of them: Security researcher Kevin Finisterre revealed vulnerabilities in the DJI Romo robovac, allowing remote access to thousands of devices. This discovery underscores the importance of robust security measures in IoT devices. Source: The Verge.
5. Brave Research Highlights Security Risks in zkLogin Authorization System: Brave's research team has identified significant security and privacy risks in the zkLogin authorization system used in blockchain transactions. This research emphasizes the need for improved security protocols in blockchain technology. Source: Phemex.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is as dynamic as ever. From the alarming breach at Odido affecting millions, to Nevada's proactive steps in fortifying its cybersecurity framework, the stories we've shared highlight the critical importance of staying informed and vigilant in the face of evolving threats.

Whether it's the unsettling revelation of Chrome extensions harvesting data from millions or the innovative strides in cybersecurity research competitions, each piece of news serves as a reminder of the delicate balance between technological advancement and security. The ongoing investigations into 'Havana syndrome' and the vulnerabilities found in IoT devices like the DJI Romo robovac further underscore the need for robust security measures and continuous research.

We hope today's insights have equipped you with valuable knowledge and sparked conversations about the importance of cybersecurity in our daily lives. If you found this newsletter informative, please consider sharing it with your friends and colleagues. Together, we can build a more secure digital world.

Stay safe, stay informed, and see you in the next edition of Secret CISO!