Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity challenges and triumphs shaping our digital landscape. In this issue, we delve into a series of alarming data breaches and cyberattacks that underscore the vulnerabilities organizations face in safeguarding sensitive information.

We begin with Oregon Health & Science University, now embroiled in a lawsuit following a data breach that exposed patient information, raising critical questions about their data protection protocols. Meanwhile, medtech giant Stryker finds itself in the crosshairs of pro-Iranian hackers, suffering significant operational disruptions and highlighting the persistent threat of state-affiliated cyber groups.

As we explore further, the legal scrutiny intensifies with Riddle & Butts under investigation for a data breach, while UFCW Local 342 faces potential class action due to a breach affecting 56,000 individuals. Fidelity Investments, on the other hand, has reached a $2.5 million settlement after a breach impacting over 155,000 people, marking a significant resolution in the aftermath of their security lapse.

In a chilling revelation, a pro-Iran hacktivist group claims responsibility for a data-wiping attack on a US firm, erasing data from 200,000 devices. This incident underscores the stealth and destructive potential of such cyber threats. Meanwhile, vulnerabilities in AI tools and large language models reveal the critical need for robust security measures in AI development environments.

Adding to the complexity, Microsoft uncovers a novel malware delivery method through fake job interviews, exploiting the trust of job seekers. Concerns also arise over the ownership transfer of Chrome extensions, which could lead to malicious script injections, emphasizing the risks associated with third-party extensions.

Finally, we highlight recent security patches addressing critical vulnerabilities in popular software, including GitLab, ImageMagick, Parse Server, Splunk, and Cloud CLI, underscoring the ongoing battle to secure digital infrastructures.

Stay informed and vigilant as we navigate these evolving threats together.

Data Breaches

1. Oregon University Hospital Sued Over Patient Info Data Breach: Oregon Health & Science University is facing a lawsuit due to a data breach that exposed sensitive health and personal information of patients. The breach has raised significant concerns about the hospital's data protection measures and its ability to safeguard patient information. Source: Westlaw Today
2. Medtech Firm Stryker Disrupted by Pro-Iran Hackers: Stryker, a major medtech firm, has been disrupted by a cyberattack attributed to pro-Iranian hackers. The attack has caused significant operational disruptions and highlights the ongoing threat posed by state-affiliated cyber groups. Source: GovInfoSecurity
3. Riddle & Butts Data Breach Investigation: Strauss Borrelli PLLC is investigating a data breach involving Riddle & Butts, LLP. The breach has prompted legal scrutiny and potential implications for the firm's data security practices. Source: Strauss Borrelli PLLC
4. UFCW Local 342 Data Breach Affects 56K, Exposing SSNs: A data breach at UFCW Local 342 has compromised the personal information, including Social Security Numbers, of 56,000 individuals. The incident has led to considerations for a class action lawsuit due to the severity of the data exposure. Source: ClassAction.org
5. Fidelity Investments Agrees to Pay $2.5 Million Over Data Breach: Fidelity Investments has agreed to a $2.5 million settlement following a data breach that exposed the personal information of over 155,000 individuals. The settlement marks a significant resolution in the aftermath of the breach. Source: Bloomberg Law

Security Research

1. 200,000 Devices Erased? Pro-Iran Hackers Hit US Firm With Data-Wiping Attack: A pro-Iran hacktivist group has claimed responsibility for a significant cyberattack on a US firm, resulting in the erasure of data from 200,000 devices. This attack highlights the group's strategy of infiltrating IT networks and remaining undetected for extended periods before executing their destructive actions. Source: PCMag.
2. Context7 Flaw Let Attackers Slip Commands to AI Agents: Security researchers at Noma Labs discovered a critical vulnerability in Context7, a tool used by AI coding assistants. This flaw allows attackers to inject malicious commands, potentially compromising the integrity of AI-driven processes. The discovery underscores the importance of securing AI development environments. Source: BankInfoSecurity.
3. Researchers Discover Major Security Gaps in LLM Guardrails: Unit 42 researchers identified significant security vulnerabilities in the guardrails of large language models (LLMs) used by GenAI companies. These gaps could lead to unintended consequences and misuse of AI technologies, emphasizing the need for robust security measures in AI deployments. Source: Infosecurity Magazine.
4. Contagious Interview: Malware Delivered Through Fake Developer Job Interviews: Microsoft Defender Security Research revealed a novel malware delivery method where attackers pose as recruiters conducting fake job interviews. This tactic exploits the trust of job seekers, leading to the installation of malicious software on their devices. Source: Microsoft.
5. Who Owns Your Chrome Extension? Researchers Warn Side Projects Are Being Turned Into Malware: Researchers have raised concerns about the ownership transfer of Chrome extensions, which can lead to the injection of malicious scripts. This issue highlights the risks associated with third-party extensions and the need for vigilant security practices. Source: Cybernews.

Top CVEs

1. CVE-2026-1732: GitLab has addressed a vulnerability in GitLab CE/EE affecting versions from 12.6 to 18.9.2, which could have allowed an authenticated user to disclose confidential issue titles due to improper filtering. This issue has been resolved in the latest updates. Source: Vulners.
2. CVE-2026-31853: ImageMagick, a widely used image manipulation software, had an overflow vulnerability on 32-bit systems that could cause a crash in the SFW decoder when processing large images. This has been fixed in versions 7.1.2-16 and 6.9.13-41. Source: Vulners.
3. CVE-2026-31856: Parse Server's PostgreSQL storage adapter had a SQL injection vulnerability when processing Increment operations on nested object fields. This allowed attackers to inject arbitrary SQL subqueries, bypassing security controls. The issue is resolved in versions 9.6.0-alpha.3 and 8.6.29. Source: Vulners.
4. CVE-2026-20163: In Splunk Enterprise and Splunk Cloud Platform, a high-privilege user could execute arbitrary shell commands using the unarchivecmd parameter. This vulnerability affects versions below 10.2.0 and has been addressed in the latest updates. Source: Vulners.
5. CVE-2026-31975: Cloud CLI had an OS Command Injection vulnerability via WebSocket Shell, allowing arbitrary OS command execution due to unsanitized inputs. This issue has been fixed in version 1.25.0. Source: Vulners.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is as dynamic as ever, with new challenges and vulnerabilities emerging at every turn. From hospitals and medtech firms grappling with data breaches to the evolving threats posed by state-affiliated hackers, the importance of robust cybersecurity measures cannot be overstated.

We've also seen how vulnerabilities in AI tools and software can have far-reaching implications, reminding us of the critical need for vigilance and proactive security practices. Whether it's safeguarding patient information or protecting AI-driven processes, staying informed and prepared is key to navigating these complex issues.

We hope you found today's insights valuable and thought-provoking. If you did, please consider sharing this newsletter with your friends and colleagues. By spreading the word, you help build a community of informed and empowered individuals ready to tackle the cybersecurity challenges of tomorrow.

Thank you for being a part of the Secret CISO community. Until next time, stay safe and stay secure!