Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity threats and defenses shaping our digital world. In this issue, we delve into a series of alarming breaches and vulnerabilities that underscore the ever-present need for vigilance and robust security measures.

We begin with a staggering revelation from China, where a massive data breach has exposed 8.7 billion records, highlighting critical lapses in data protection. Meanwhile, the Dragonforce gang strikes in Germany, claiming a significant data theft from insurer HanseMerkur, with potential implications for its partner, Emirates Insurance.

In the financial sector, a breach at Marquis Vendor has rippled through 1st MidAmerica Credit Union, raising concerns over the exposure of sensitive personal information. On the healthcare front, Rebound Orthopedics faces a hefty settlement following a data breach, offering compensation to affected individuals.

Turning to technology, Google's Looker service grapples with vulnerabilities that could allow cross-tenant data exfiltration, posing a severe threat to data integrity. Simultaneously, the emergence of a private network for AI agents raises eyebrows, as experts warn of the potential security risks inherent in unmonitored AI interactions.

In the realm of cyber exploits, hackers are leveraging the React2Shell vulnerability to hijack web traffic via compromised NGINX servers, while German researchers spotlight vulnerabilities in space infrastructure, urging for fortified cybersecurity measures to protect our extraterrestrial assets.

We also bring you critical updates on vulnerabilities affecting various systems, including n8n's AI workflow platform and FacturaScripts, emphasizing the importance of timely patches to safeguard against potential exploits.

Stay informed and prepared as we navigate these complex cybersecurity challenges together. Your vigilance is our first line of defense.

Data Breaches

1. Massive Chinese Data Breach Allegedly Spills 8.7 Billion Records: One of the largest data leaks ever to occur in China has been detected, with security researchers from Cybernews reporting the exposure of 8.7 billion records. This breach highlights significant vulnerabilities in data protection within the region. Source: TechRadar.
2. Dragonforce Gang Claims Breach of German Insurer HanseMerkur, Alleging 97 GB Data Theft: The Dragonforce hacking group has claimed responsibility for a breach involving 97 GB of data from German insurer HanseMerkur. The breach may also involve data linked to Emirates Insurance, a partner organization. Source: Teiss.
3. Marquis Vendor Breach Reaches 1st MidAmerica Credit Union: A breach involving Marquis Vendor has impacted 1st MidAmerica Credit Union, potentially exposing sensitive information such as names and Social Security numbers. The full extent of the data compromised is still under investigation. Source: CU Today.
4. Rebound Orthopedics & Neurosurgery $2.5M Data Breach Settlement: Rebound Orthopedics has reached a $2.5 million settlement following a data breach. Affected individuals may be eligible to claim up to $5000 from the class action settlement. Source: Claim Depot.
5. Google Looker Bugs Allow Cross-Tenant RCE, Data Exfil: Researchers have identified critical security issues in Google's data service, Looker, which could allow attackers to execute remote code and exfiltrate data across tenants. This vulnerability poses significant risks to data integrity and privacy. Source: Dark Reading.

Security Research

1. Thousands of AI Agents Are Now Talking to Each Other on a Private Network: The emergence of a Reddit-style social network exclusively for AI agents has raised concerns among researchers and security experts. This platform allows AI agents to communicate and collaborate, potentially leading to unforeseen security risks and challenges in monitoring AI interactions. Source: nchstats.com
2. Hackers Exploit React2Shell to Hijack Web Traffic via Compromised NGINX Servers: Security researcher Ryan Simon reports a campaign targeting Asian TLDs and Chinese hosting infrastructure using the React2Shell exploit. This attack allows hackers to hijack web traffic, posing significant risks to affected servers and users. Source: The Hacker News
3. Hack-proofing our space infrastructure: German researchers at a Black Hat security conference highlighted vulnerabilities in space infrastructure. The research emphasizes the need for robust cybersecurity measures to protect satellites and other space assets from potential cyber threats. Source: The Strategist
4. Critical n8n Security Update: Public RCE Vulnerability PoC Now Available: A critical remote code execution vulnerability in n8n's AI workflow platform has been identified and patched by the SecureLayer7 Blackf0g research team. This vulnerability could have allowed attackers to execute arbitrary code, highlighting the importance of timely security updates. Source: NatLaw Review
5. Security Teams, MSSPs Will Wrestle with Agentic AI, Non-Human Identities in 2026: Recent reports focus on the evolving identity security landscape, particularly concerning AI and cyber risks. Researchers warn of challenges in managing non-human identities and the implications for security teams and managed security service providers (MSSPs). Source: MSSP Alert

Top CVEs

1. CVE-2025-22873: This vulnerability allows improper access to the parent directory of an os.Root by opening a filename ending in "../". This escape permits opening the parent directory itself, but not ancestors or files within the parent. Source.
2. CVE-2025-59818: Authenticated attackers can exploit this vulnerability to execute arbitrary commands on the underlying system using the file name of an uploaded file. Source.
3. CVE-2026-1642: A vulnerability in NGINX OSS and NGINX Plus allows an attacker with a man-in-the-middle position to inject plain text data into the response from an upstream proxied server. This occurs under specific conditions beyond the attacker's control. Source.
4. CVE-2026-25145: In melange, an attacker can read arbitrary files from the host system by influencing a configuration file. This is due to a path traversal vulnerability that allows exfiltration of sensitive data through build artifacts. The issue has been patched in version 0.40.3. Source.
5. CVE-2026-25514: FacturaScripts contains a critical SQL injection vulnerability that allows authenticated attackers to extract sensitive data from the database. This vulnerability has been patched in version 2025.81. Source.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is as dynamic as ever. From massive data breaches in China and Germany to vulnerabilities in AI networks and space infrastructure, the challenges we face are both vast and varied. The stories we've shared today highlight the critical importance of staying informed and vigilant in the ever-evolving world of cybersecurity.

Whether it's the exposure of billions of records, the exploitation of vulnerabilities in popular platforms, or the emerging risks associated with AI and non-human identities, each piece of news serves as a reminder of the importance of robust security measures and proactive threat management.

We hope you found today's insights valuable and thought-provoking. If you did, please consider sharing this newsletter with your friends and colleagues. Together, we can foster a community that is better prepared to tackle the cybersecurity challenges of tomorrow.

Thank you for joining us today. Stay safe, stay secure, and we'll see you in the next edition of Secret CISO!