Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity threats and vulnerabilities impacting our world. In this issue, we delve into a series of alarming data breaches and cyberattacks that have shaken various sectors, from sports and healthcare to e-commerce and education.

Olympique Marseille has confirmed a cyberattack, echoing a disturbing trend of breaches in the sports industry, while a massive health data leak in France has compromised the privacy of millions, including political figures. Meanwhile, in the U.S., a congressional report highlights the staggering $20 billion cost of data broker breaches, fueling urgent calls for stronger data protection measures.

On the corporate front, Coupang faces a financial hit following a significant data breach, and Americans are urged to act swiftly to claim compensation from a Continuum Health settlement. In the realm of international relations, reports suggest the U.S. may have paused prosecutions of Chinese scientists, raising questions about the balance between security and diplomacy.

In the tech world, a vulnerability in Google Cloud API keys poses a new security risk, while suspected North Korean hackers target U.S. healthcare and education sectors. The ScarCruft group employs sophisticated tactics to breach air-gapped networks, and trojanized gaming tools spread a Java-based RAT, threatening user data.

Finally, we spotlight critical vulnerabilities, including flaws in Centreon, Keycloak, uv, and Foreman's GraphQL API, each posing unique risks to system integrity and data security. Stay informed and vigilant as we navigate these evolving threats together.

Data Breaches

1. Olympique Marseille confirms cyberattack after data breach claims: Olympique Marseille has confirmed a cyberattack following claims of a data breach. This incident is part of a worrying trend of cyberattacks targeting sports organizations, as seen with a similar breach at the French Football Federation. The breach has raised concerns about the security measures in place to protect sensitive data within sports entities. Source: SC Media.
2. French political figures among millions affected by massive health data leak: A massive medical data breach in France has affected approximately 15 million people, including prominent political figures. The breach has raised significant privacy concerns and highlighted vulnerabilities in the country's healthcare data management systems. The French health ministry is currently investigating the breach to mitigate further risks. Source: The Brussels Times.
3. Act fast! Last chance to get up to $5000 from data breach settlement: Americans have a limited time to claim up to $5000 from a data breach settlement involving Continuum Health. The settlement is part of a class-action lawsuit addressing the breach that compromised sensitive health information. Affected individuals are urged to file their claims promptly to receive compensation. Source: The US Sun.
4. Congress Finds 4 Data Breaches Cost Public $20 Billion, Fueling Calls for Action to 'Protect': A congressional report reveals that four major data broker breaches have cost U.S. consumers over $20 billion. The findings have intensified calls for stronger data protection measures and regulatory action to prevent future breaches. Senator Maggie Hassan is among those advocating for increased consumer data security. Source: Common Dreams.
5. Coupang hit by loss after data breach: Coupang, a major e-commerce company, reported a $26 million loss in the fourth quarter due to a significant data breach. The breach has impacted customer trust and revenue, reversing the company's previous year's profit. Coupang is working to address the breach's consequences and restore its financial standing. Source: MSN.

Security Research

1. U.S. Prosecution of Chinese Scientists May Have Been Abandoned in Negotiations With Beijing: Recent reports suggest that the U.S. may have halted prosecutions of Chinese scientists as part of diplomatic negotiations with Beijing. This move has sparked discussions on the balance between national security and international diplomacy. The decision could have significant implications for research security and international relations. Source: FDD
2. Your Google Maps Key Might Now Be a Security Risk — Here's Why: Security researchers at Truffle Security have identified a privilege escalation vulnerability affecting Google Cloud API keys. This issue could potentially allow unauthorized access to sensitive data, posing a significant risk to organizations using these keys. The discovery highlights the importance of securing API keys to prevent data breaches. Source: C3 UNU
3. Suspected Nork Intruders Infecting US Healthcare, Education: Security researchers have uncovered a campaign by suspected North Korean hackers targeting U.S. healthcare and education sectors. The attackers have been infecting systems with malware, raising concerns about the security of sensitive data in these critical industries. This incident underscores the ongoing threat posed by state-sponsored cyberattacks. Source: The Register
4. ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks: The ScarCruft group has been found using Zoho WorkDrive and USB malware to infiltrate air-gapped networks. This sophisticated attack method allows them to bypass traditional security measures and access sensitive information. The discovery highlights the need for enhanced security protocols to protect isolated networks. Source: The Hacker News
5. Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms: A new threat has emerged where trojanized gaming tools are being used to distribute a Java-based Remote Access Trojan (RAT) through browsers and chat platforms. This malware allows attackers to exfiltrate data and harvest credentials, posing a significant risk to users. The incident emphasizes the importance of vigilance in downloading and using gaming tools. Source: The Hacker News

Top CVEs

1. CVE-2026-2749: A vulnerability in Centreon Centreon Open Tickets on Central Server affects versions before 25.10.3, 24.10.8, and 24.04.7. This flaw could potentially allow unauthorized access or manipulation of ticketing data on the server, posing a risk to the integrity and confidentiality of the system. Source.
2. CVE-2025-12150: A flaw in Keycloak’s WebAuthn registration component allows attackers to bypass attestation policies and register untrusted authenticators. This vulnerability undermines authentication integrity, potentially leading to unauthorized access. Source.
3. CVE-2025-13327: A vulnerability in uv allows attackers to execute malicious code during package resolution or installation through specially crafted ZIP archives. This requires user interaction, making it a significant threat during package installations. Source.
4. CVE-2025-9572: An authorization flaw in Foreman's GraphQL API permits low-privileged users to access metadata beyond their permissions. This issue arises from improper filtering, leading to potential unauthorized data access. Source.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is constantly evolving, with new threats and vulnerabilities emerging at every turn. From the cyberattack on Olympique Marseille to the massive health data breach in France, these incidents highlight the critical need for robust security measures across all sectors.

In the U.S., the call for stronger data protection is louder than ever, especially in light of the $20 billion cost from recent data broker breaches. Meanwhile, the international scene is no less complex, with diplomatic negotiations influencing security decisions and state-sponsored attacks targeting key industries.

On the technical front, vulnerabilities like CVE-2026-2749 and CVE-2025-12150 remind us of the importance of staying vigilant and proactive in our cybersecurity efforts. Whether it's securing API keys or protecting air-gapped networks, every step counts in safeguarding our digital world.

We hope you found today's insights valuable and urge you to share this newsletter with friends and colleagues who are equally passionate about cybersecurity. Together, we can build a more secure future. Stay safe, stay informed, and see you in the next edition of Secret CISO!