Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity threats and vulnerabilities that continue to challenge our digital landscape.

Our journey begins with the alarming Navia data breach, which compromised the personal and health plan information of 2.7 million individuals, raising the specter of identity theft. Meanwhile, Aura, a digital security provider, fell victim to a targeted phishing attack, exposing 900,000 consumer records and underscoring the vulnerabilities even within companies specializing in identity protection.

In a surprising twist, the French aircraft carrier Charles de Gaulle's movements were inadvertently revealed through Strava, a fitness tracking app, highlighting the unforeseen risks of seemingly innocuous data. This theme of unexpected exposure continues as a Meta AI agent's instruction led to a significant internal data leak, emphasizing the potential dangers of AI systems.

On the frontlines of cybersecurity, CISA has issued a warning following a breach involving Stryker, urging organizations to secure Microsoft Intune systems. The FBI's seizure of sites operated by a hacking group responsible for a data-wiping attack on Stryker devices marks a temporary victory against cybercriminals.

As we delve deeper, we uncover a sophisticated spyware capable of penetrating millions of iPhones, a stark reminder of the ever-present threat to user privacy. Meanwhile, the discovery of vulnerabilities such as CVE-2026-22557 and CVE-2026-32767 in the UniFi Network Application and SiYuan, respectively, highlight the ongoing battle against exploitation.

Finally, we explore the vulnerabilities in M365 Copilot and UltraJSON, which pose significant risks if left unaddressed. These revelations serve as a call to action for enhanced vigilance and timely updates to safeguard against advanced threats.

Stay informed, stay secure, and join us tomorrow for more insights into the evolving world of cybersecurity.

Data Breaches

1. Navia Data Breach Impacts 2.7 Million: Between late December 2025 and mid-January 2026, hackers stole personal and health plan information from Navia, affecting approximately 2.7 million individuals. The breach has raised significant concerns about the security of sensitive health data and the potential for identity theft. Source
2. Aura Confirms Data Breach Impacting 900,000 Consumer Records: Aura, a digital security provider, confirmed a data breach that exposed around 900,000 consumer records. The breach was a result of a targeted phishing attack, highlighting vulnerabilities even in companies specializing in identity protection. Source
3. French Aircraft Carrier Charles de Gaulle Tracked via Strava Activity in OPSEC Failure: The use of fitness tracking app Strava inadvertently revealed the location and movements of the French aircraft carrier Charles de Gaulle. This OPSEC failure underscores the security risks posed by seemingly innocuous data, which can be exploited to uncover sensitive military operations. Source
4. CISA Urges US Orgs to Secure Microsoft Intune Systems After Stryker Breach: Following a breach involving Stryker, where hackers claimed to have stolen 50 terabytes of data, CISA has issued a warning to secure Microsoft Intune systems. The breach highlights the importance of robust endpoint management security to prevent unauthorized data access. Source
5. Meta AI Agent's Instruction Causes Large Sensitive Data Leak to Employees: A Meta AI agent's instruction led to a significant internal data leak, triggering a major security alert within the company. This incident highlights the potential risks associated with AI systems and the need for stringent data protection measures. Source

Security Research

1. Unidentified drones reported flying over Fort McNair; expert calls it security concern: Unidentified drones were detected by U.S. officials above Fort McNair, raising significant security concerns. The presence of these drones in such a sensitive area, where high-profile government officials are present, underscores the potential risks and vulnerabilities associated with unauthorized drone activity. This incident highlights the need for enhanced drone detection and mitigation strategies to protect critical infrastructure and national security interests. Source: 13WHAM
2. iOS 26 Security Update Warning—iOS 18 Silent Compromise Exploit Alert: A new security vulnerability affecting iOS 26 has been identified, which could potentially allow silent compromises of devices. The issue was disclosed by the Google Threat Intelligence Group and other security researchers, prompting Apple to release a critical update. Users are advised to ensure their devices are updated to protect against this exploit. Source: Forbes
3. 95% of Enterprises Prioritize Pentesting, Yet Only 32% of Attack Surfaces Are Tested: A new study by Synack and Omdia reveals that while a majority of enterprises prioritize penetration testing, only a small fraction of their attack surfaces are actually tested. This gap highlights the need for more comprehensive security testing to identify vulnerabilities and protect against potential threats. The research emphasizes the importance of leveraging advanced technologies and skilled security researchers to enhance testing coverage. Source: PR Newswire
4. FBI Seizes Sites of Hacking Group Behind Data-Wiping Attack On Stryker: The FBI has successfully seized websites operated by a hacking group responsible for a data-wiping attack on Stryker devices. This action represents a significant disruption to the group's operations, although experts caution that it may be temporary. The incident underscores the ongoing threat posed by cybercriminals and the need for robust cybersecurity measures. Source: PCMag
5. Researchers Uncover iPhone Spyware Capable of Penetrating Millions of Devices: Security researchers from Lookout, iVerify, and Google's Threat Analysis Group have uncovered a sophisticated spyware targeting iPhones. This spyware is capable of penetrating millions of devices, posing a significant threat to user privacy and security. The discovery highlights the importance of vigilance and timely updates to protect against such advanced threats. Source: Claims Journal

Top CVEs

1. CVE-2026-22557: A Path Traversal vulnerability in the UniFi Network Application allows malicious actors with network access to exploit and access files on the underlying system. This vulnerability could potentially be manipulated to gain unauthorized access to accounts. Source.
2. CVE-2026-32767: SiYuan, a personal knowledge management system, has an authorization bypass vulnerability in its search endpoint. This flaw allows authenticated users to execute arbitrary SQL statements, bypassing the application's security model. The issue has been addressed in version 3.6.1. Source.
3. CVE-2026-22558: An Authenticated NoSQL Injection vulnerability in the UniFi Network Application could enable a malicious actor with authenticated network access to escalate privileges. This vulnerability poses a significant risk if exploited. Source.
4. CVE-2026-24299: M365 Copilot has a command injection vulnerability that allows unauthorized attackers to disclose information over a network. This vulnerability arises from improper neutralization of special elements used in commands. Source.
5. CVE-2026-32874: UltraJSON, a JSON encoder and decoder, contains a memory leak vulnerability in its JSON parsing mechanism. This flaw can lead to denial of service attacks by exploiting the memory leak through malicious JSON inputs. The issue has been resolved in version 5.12.0. Source.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is as dynamic as ever, with new challenges emerging at every turn. From the massive data breaches at Navia and Aura to the unexpected OPSEC failure involving the French aircraft carrier, these incidents remind us of the critical importance of vigilance and robust security measures.

Whether it's the sophisticated spyware targeting iPhones or the vulnerabilities in popular applications like UniFi Network and M365 Copilot, staying informed and proactive is key to safeguarding our digital environments. The stories we've shared today highlight the ongoing battle against cyber threats and the need for continuous improvement in our security practices.

If you found this newsletter insightful, please consider sharing it with your friends and colleagues. By spreading awareness, we can collectively strengthen our defenses and foster a more secure digital world. Thank you for joining us today, and we look forward to bringing you more critical updates in our next edition.