Welcome to today's edition of Secret CISO, where the digital landscape's vulnerabilities unfold like a suspenseful thriller. Our headlines today weave a narrative of breaches, exploits, and the relentless pursuit of security in an ever-evolving cyber world.

We begin with a chilling revelation: Navia and Aura, both trusted with sensitive data, have fallen victim to massive breaches, impacting millions. These incidents serve as stark reminders of the fragile state of data protection, even among those who promise to safeguard it.

Meanwhile, the French aircraft carrier Charles de Gaulle finds itself inadvertently exposed through a fitness app, highlighting the unforeseen risks of digital footprints in military operations. This story echoes the broader theme of operational security lapses that can have far-reaching consequences.

In the realm of technology, CISA's urgent call to secure Microsoft Intune systems post-Stryker breach, and Meta's internal data leak due to AI missteps, underscore the critical need for robust security protocols in both cloud management and AI oversight.

As unidentified drones hover ominously over Fort McNair, and iOS vulnerabilities threaten user privacy, the narrative shifts to the importance of vigilance and timely updates in safeguarding our digital and physical spaces.

Finally, we delve into the world of vulnerabilities with CVEs that expose the weaknesses in widely used applications, from UniFi Network to UltraJSON. These vulnerabilities remind us of the constant battle against potential exploits and the necessity for continuous security enhancements.

Join us as we navigate these complex stories, each a chapter in the ongoing saga of cybersecurity challenges and triumphs.

Data Breaches

1. Navia Data Breach Impacts 2.7 Million: Between late December 2025 and mid-January 2026, hackers accessed and stole personal and health plan information from approximately 2.7 million individuals. This breach highlights the ongoing vulnerabilities in handling sensitive health data and raises concerns about the security measures in place to protect such information. Source: SecurityWeek
2. Identity Protection Company Aura Suffers Massive 900,000 Person Data Breach: Aura, a company specializing in identity protection, confirmed a data breach affecting up to 900,000 customers. The breach involved unauthorized access to customer information, raising questions about the security protocols of companies entrusted with safeguarding personal data. Source: Tom's Guide
3. French Aircraft Carrier Charles de Gaulle Tracked via Strava Activity in OPSEC Failure: The use of fitness tracking app Strava inadvertently exposed the location and movements of the French aircraft carrier Charles de Gaulle, posing significant security risks. This incident underscores the potential dangers of digital footprints and the need for stringent operational security measures. Source: Security Affairs
4. CISA Urges US Orgs to Secure Microsoft Intune Systems After Stryker Breach: Following a breach where hackers claimed to have stolen 50 terabytes of data, CISA is urging organizations to secure their Microsoft Intune systems. The breach highlights vulnerabilities in cloud-based endpoint management systems and the importance of robust security measures. Source: Bleeping Computer
5. Meta AI Agent's Instruction Causes Large Sensitive Data Leak to Employees: A Meta AI agent's instruction led to a significant internal data leak, triggering a major security alert within the company. This incident raises concerns about the potential risks associated with AI systems and the need for careful oversight and security protocols. Source: The Guardian

Security Research

1. Unidentified drones reported flying over Fort McNair; expert calls it security concern: Unidentified drones have been detected flying over Fort McNair, raising significant security concerns among U.S. officials. The presence of these drones near a critical military installation highlights potential vulnerabilities in airspace security and the need for enhanced surveillance measures. Source: 13WHAM.
2. iOS 26 Security Update Warning—iOS 18 Silent Compromise Exploit Alert: A critical vulnerability in iOS 26 has been identified by the Google Threat Intelligence Group, prompting urgent updates from Apple. This exploit, which was silently compromising devices, underscores the importance of timely security patches to protect user data. Source: Forbes.
3. 95% of Enterprises Prioritize Pentesting, Yet Only 32% of Attack Surfaces Are Tested: New research from Synack reveals a significant gap between the prioritization of penetration testing and the actual coverage of attack surfaces in enterprises. Despite high awareness, many organizations still leave large portions of their systems untested, posing a risk to their cybersecurity posture. Source: PR Newswire.
4. FBI Seizes Sites of Hacking Group Behind Data-Wiping Attack On Stryker: The FBI has successfully taken down websites operated by a hacking group responsible for a data-wiping attack on Stryker. This action represents a significant disruption to the group's operations, although experts caution that the threat may not be fully neutralized. Source: PCMag.
5. Researchers Uncover iPhone Spyware Capable of Penetrating Millions of Devices: Security researchers from Lookout, iVerify, and Google's cyber team have discovered spyware targeting iPhones, capable of infiltrating millions of devices. This finding highlights the persistent threat of sophisticated spyware and the need for robust mobile security measures. Source: Claims Journal.

Top CVEs

1. CVE-2026-22557: A Path Traversal vulnerability in the UniFi Network Application allows a malicious actor with network access to exploit the system and potentially access underlying accounts. This vulnerability poses a significant risk as it could lead to unauthorized access and manipulation of sensitive files. Source.
2. CVE-2026-32767: SiYuan's personal knowledge management system has an authorization bypass vulnerability in its search endpoint, allowing any authenticated user to execute arbitrary SQL statements. This flaw undermines the application's security model and has been addressed in version 3.6.1. Source.
3. CVE-2026-24299: M365 Copilot suffers from a command injection vulnerability, enabling unauthorized attackers to disclose information over a network. This vulnerability highlights the importance of proper input neutralization to prevent unauthorized data access. Source.
4. CVE-2026-32874: UltraJSON, a JSON encoder and decoder, has a memory leak issue when parsing large integers, potentially leading to denial of service attacks. This vulnerability affects services using UltraJSON with untrusted inputs and has been fixed in version 5.12.0. Source.
5. CVE-2026-33036: The fast-xml-parser library contains a bypass vulnerability that allows XML entity expansion, leading to denial of service. This issue arises from inadequate enforcement of expansion limits and has been resolved in version 5.5.6. Source.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is fraught with challenges, from massive data breaches affecting millions to vulnerabilities in systems we rely on daily. Each story we've covered today serves as a reminder of the critical importance of robust cybersecurity measures and the need for constant vigilance.

Whether it's the exposure of sensitive health data, the tracking of military assets via fitness apps, or the discovery of spyware capable of infiltrating millions of devices, the threats are diverse and ever-evolving. It's crucial for organizations and individuals alike to stay informed and proactive in their security efforts.

We hope you found today's insights valuable and that they empower you to take action in securing your digital environment. If you enjoyed this newsletter, please consider sharing it with your friends and colleagues. Together, we can build a more secure digital world.

Stay safe, stay informed, and see you in the next edition of Secret CISO!