Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity challenges facing businesses and individuals alike. In this issue, we delve into a series of alarming data breaches and vulnerabilities that underscore the critical importance of robust security measures.

Our journey begins in South Korea, where the Coupang probe sends shockwaves through foreign businesses, highlighting the regulatory hurdles and risks in the region. Meanwhile, Canada Computers grapples with a breach that compromises customer data, raising questions about the adequacy of their security protocols.

In the healthcare sector, data breaches at Central States Dermatology Services and Alpine Ear, Nose, & Throat expose the fragility of patient data protection, while a breach at DOGE Social Security puts retirees' personal information at risk, drawing concern from lawmakers and advocates.

On the tech front, Chinese state hackers exploit Notepad++'s update system, revealing vulnerabilities in software supply chains. A deepfake scam targets an AI security firm, showcasing the evolving threat landscape, while a flaw in Instagram's privacy settings raises alarms about social media security.

We also explore the discovery of "Mutagen Astronomy," a Linux vulnerability now on CISA's radar, and a phishing campaign that cleverly uses fake PDF lures to harvest Dropbox logins, emphasizing the need for vigilance against social engineering.

Finally, we examine a series of vulnerabilities in GitLab and Wikimedia Foundation's MediaWiki, which pose significant risks to data integrity and user privacy. These incidents serve as a stark reminder of the ever-present need for proactive cybersecurity measures.

Stay informed and stay secure with Secret CISO, your daily guide to navigating the complex world of cybersecurity.

Data Breaches

1. Why Coupang probe is rattling foreign businesses: The Korean government's investigation into Coupang's massive data breach is causing significant concern among foreign companies operating in South Korea. The probe highlights the potential risks and regulatory challenges businesses may face in the region. Source: The Korea Herald.
2. Canada Computers says customer information compromised during data breach: Canada Computers Inc. has confirmed that personal information of some customers was compromised in a recent data breach. The incident raises concerns about the security measures in place to protect customer data. Source: CityNews Toronto.
3. PRIVACY ALERT: Central States Dermatology Services, LLC Under Investigation for Data Breach: Schubert Jonckheer & Kolbe LLP is investigating a data breach at Central States Dermatology Services, which led to unauthorized access to patient records. This breach underscores the vulnerability of sensitive healthcare data. Source: Morningstar.
4. PRIVACY ALERT: Alpine Ear, Nose, & Throat, P.C. Under Investigation for Data Breach: A data breach at Alpine Ear, Nose, & Throat, P.C. resulted in unauthorized access to the sensitive information of 65,648 records. The investigation highlights the ongoing challenges in securing patient data. Source: PRNewswire.
5. DOGE Social Security Data Breach Puts Retirees at Risk: New court papers reveal a data breach involving DOGE Social Security, potentially putting retirees' personal information at risk. Lawmakers and advocates express concern over the implications of this breach. Source: ThinkAdvisor.

Security Research

1. Notepad++ Update Feature Hijacked by Chinese State Hackers for Months: Chinese state-sponsored threat actors compromised the update system of the popular text editor Notepad++, leading to a significant supply chain breach. The attack lasted for almost half a year, highlighting vulnerabilities in software update mechanisms. Source: Bleeping Computer, The Tech Buzz
2. Deepfake Scammer Attempts to Infiltrate AI Security Firm: A deepfake video was used by a scammer to target Jason Rebholz, co-founder and CEO of Expel, during a job interview. This incident underscores the growing threat of deepfake technology being used for malicious purposes in corporate environments. Source: SC Media
3. Instagram Private Profile Photo Leak Claimed by Researcher: Security researcher Jatin Banga discovered a vulnerability where certain private Instagram profiles could have their photos accessed through specific mobile devices. This flaw raises concerns about the privacy and security of social media platforms. Source: SC Media
4. Mutagen Astronomy: A Linux Vulnerability's Path to CISA KEV: The Qualys Threat Research Unit identified a Linux vulnerability, dubbed "Mutagen Astronomy," which has now been added to CISA's Known Exploited Vulnerabilities (KEV) catalog. This highlights the importance of addressing vulnerabilities in widely-used operating systems. Source: Qualys Blog
5. Attackers Harvest Dropbox Logins Via Fake PDF Lures: A phishing campaign targeting corporate inboxes used fake PDF lures to steal Dropbox credentials. This malware-free attack emphasizes the need for vigilance against social engineering tactics in email communications. Source: Dark Reading

Top CVEs

1. CVE-2026-1751: A vulnerability in GitLab CE/EE could allow unauthorized edits to merge request approval rules in versions starting from 16.8 up to 18.5.0. This flaw poses a significant risk as it could enable unauthorized users to manipulate approval processes, potentially leading to unapproved changes being merged. Source: Vulners.
2. CVE-2025-6596: An XSS vulnerability in Wikimedia Foundation's Vector skin affects versions from 1.40.0 to before 1.42.7, 1.43.2, and 1.44.0. This flaw allows attackers to inject malicious scripts into web pages, potentially compromising user data and site integrity. Source: Vulners.
3. CVE-2025-6927: A vulnerability in Wikimedia Foundation MediaWiki affects versions from 1.42.0 to before 1.39.13, 1.42.7, 1.43.2, and 1.44.0. This issue could allow unauthorized access to sensitive data, posing a risk to user privacy and data security. Source: Vulners.
4. CVE-2025-6589: Another vulnerability in Wikimedia Foundation MediaWiki, affecting version 1.42.0, could lead to unauthorized access to sensitive information. This flaw highlights the importance of keeping software up to date to protect against potential data breaches. Source: Vulners.
5. CVE-2025-6590: This vulnerability in Wikimedia Foundation MediaWiki involves exposure of sensitive information to unauthorized actors, affecting versions up to 1.39.12, 1.42.76, 1.43.1, and 1.44.0. Such vulnerabilities can lead to data leaks and unauthorized data access, emphasizing the need for robust security measures. Source: Vulners.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is fraught with challenges and opportunities. From the Coupang probe shaking up foreign businesses in South Korea to vulnerabilities in widely-used platforms like GitLab and MediaWiki, the importance of robust cybersecurity measures cannot be overstated. Each story serves as a reminder of the ever-evolving threats we face and the need for vigilance in protecting sensitive data.

Whether it's the alarming data breaches affecting healthcare and social security or the innovative yet dangerous use of deepfake technology, staying informed is our best defense. As cybersecurity professionals, we must continuously adapt and learn to safeguard our digital environments.

If you found today's insights valuable, please consider sharing this newsletter with your friends and colleagues. Together, we can build a more secure digital world. Thank you for being a part of our community, and we'll see you in the next edition of Secret CISO!