Welcome to today's edition of Secret CISO, where we unravel a web of security breaches and vulnerabilities that have shaken the digital landscape. Our lead story reveals a whistleblower's shocking claim that a former DOGE staffer had 'God-level' access to Social Security data, potentially compromising millions of Americans' personal information. This alarming revelation has sparked calls for a congressional investigation, highlighting the critical need for stringent data protection measures.

In a parallel narrative, Ericsson and AkzoNobel grapple with the aftermath of data breaches, underscoring the vulnerabilities inherent in third-party service providers and the importance of robust cybersecurity protocols. Meanwhile, the Washington State Department of Licensing faces scrutiny over potential identity theft risks, and Lynch Carpenter investigates a data breach at CommuniCare, emphasizing the legal ramifications of such incidents.

On the cutting edge of cyber threats, the 'Zombie ZIP' technique emerges as a formidable adversary, evading nearly all antivirus engines. This innovative method, alongside revelations of US military contractor-developed hacking tools used by Russian spies, paints a stark picture of the evolving cyber warfare landscape.

Security devices like FortiGate are not immune, as they are exploited to breach networks, while critical vulnerabilities in platforms like Gogs and WordPress sites are leveraged by cybercriminals to spread malware and steal sensitive information. These incidents serve as a stark reminder of the ever-present risks in our interconnected world.

Finally, we delve into a series of critical vulnerabilities, including flaws in Intel's UEFI module, Microsoft Authenticator, Windows App Installer, MCP Atlassian, and Microsoft Office. Each poses significant threats, from privilege escalation to unauthorized code execution, demanding immediate attention and remediation.

Stay vigilant and informed as we navigate these complex security challenges together.

Data Breaches

1. DOGE staffer had 'God-level' Social Security access, whistleblower says: A whistleblower has accused a former DOGE staffer of having unprecedented access to Social Security data, potentially compromising the personal information of millions of Americans. This revelation has prompted members of Congress to demand an investigation into the alleged breach. The implications of such access could be far-reaching, affecting the privacy and security of countless individuals. Source: The Independent
2. Ericsson discloses data breach after hack of third-party service provider: Ericsson Inc. has disclosed a data breach following a hack of a third-party service provider. The breach allowed attackers to access sensitive data, raising concerns about the security measures in place to protect such information. This incident highlights the vulnerabilities that can arise from relying on external service providers. Source: teiss
3. AkzoNobel Says Cyber Incident at US Location Contained After Data Breach: AkzoNobel reported a security incident at one of its US sites, which was contained after a data breach. The company has acknowledged the attack and is working to ensure that similar incidents do not occur in the future. This breach underscores the importance of robust cybersecurity measures in protecting corporate data. Source: DWM Magazine
4. WA DOL data breach claims raise fears of identity theft: The Washington State Department of Licensing is facing scrutiny over claims that its system exposed personal information for more than six years. This potential data breach has raised fears of identity theft among those affected. The department is disputing these claims, but the situation remains a concern for many. Source: YouTube
5. CommuniCare Data Breach Claims Investigated by Lynch Carpenter: Lynch Carpenter, LLP is investigating claims related to a data breach at CommuniCare. The breach has prompted legal scrutiny as affected individuals seek to understand the extent of the data compromise. This investigation highlights the legal ramifications that can follow significant data breaches. Source: GlobeNewswire

Security Research

1. New 'Zombie ZIP' technique lets malware slip past security tools: Security researcher Chris Aziz from Bombadil Systems has developed the "Zombie ZIP" technique, which successfully bypasses 50 out of 51 antivirus engines. This method allows malware to evade detection by compressing malicious files in a way that confuses security tools. Source.
2. US military contractor likely built iPhone hacking tools used by Russian spies in Ukraine: Google has identified hacking tools allegedly developed by a US military contractor, which were used by Russian espionage groups and a Chinese cybercriminal group. These tools were reportedly deployed in Ukraine, raising concerns about international cyber warfare and espionage. Source.
3. FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials: Security researchers have discovered that FortiGate network appliances, which are meant to protect environments, have been exploited to breach networks and steal service account credentials. This vulnerability highlights the risks associated with trusted security devices being turned against their intended purpose. Source.
4. Critical Gogs Vulnerability Allows Attackers to Silently Overwrite Large File Storage Objects: A critical vulnerability in Gogs, tracked as CVE-2026-25921, allows attackers to overwrite large file storage objects without detection. With a CVSS score of 9.3, this flaw affects Gogs versions 0.14.1 and earlier, posing significant risks to users of the platform. Source.
5. Crooks compromise WordPress sites, spread infostealers: Security researcher Milan Spinka has reported that cybercriminals are compromising WordPress sites to distribute infostealers. These attacks involve hijacking legitimate sites to spread malware that can steal sensitive information from unsuspecting visitors. Source.

Top CVEs

1. CVE-2025-20064: Improper input validation in the UEFI FlashUcAcmSmm module for certain Intel reference platforms may allow an escalation of privilege. This vulnerability could enable local code execution without user interaction, impacting system confidentiality, integrity, and availability. Source.
2. CVE-2026-26123: A flaw in Microsoft Authenticator allows an unauthorized attacker to disclose information locally. This vulnerability could potentially expose sensitive data to attackers with local access. Source.
3. CVE-2026-23656: Insufficient verification of data authenticity in Windows App Installer allows an unauthorized attacker to perform spoofing over a network. This could lead to data integrity issues and unauthorized access. Source.
4. CVE-2026-27826: A vulnerability in MCP Atlassian allows an unauthenticated attacker to force the server to make outbound HTTP requests to an attacker-controlled URL. This could enable theft of IAM role credentials and internal network reconnaissance. Source.
5. CVE-2026-26110: Type confusion in Microsoft Office allows an unauthorized attacker to execute code locally. This vulnerability could lead to unauthorized code execution and potential data breaches. Source.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the cybersecurity landscape is as dynamic and challenging as ever. From whistleblower revelations about unprecedented data access to the latest vulnerabilities affecting trusted platforms, the stories we've covered today highlight the critical importance of staying informed and vigilant.

Whether it's the alarming "Zombie ZIP" technique bypassing antivirus engines or the vulnerabilities in FortiGate devices and Gogs, each piece of news serves as a reminder of the evolving threats we face. The breaches at Ericsson, AkzoNobel, and the Washington State Department of Licensing further underscore the need for robust security measures and constant vigilance.

As we continue to navigate these complex challenges, sharing knowledge and insights becomes more crucial than ever. If you found today's newsletter informative, please consider sharing it with your friends and colleagues. Together, we can build a more secure digital world by staying informed and prepared.

Thank you for being a part of our community. Stay safe, stay secure, and see you in the next edition of Secret CISO!