Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity challenges facing businesses and individuals alike. This issue delves into the persistent vulnerabilities plaguing SMBs, as highlighted by SonicWall's latest report, urging a call to action for MSSPs and MSPs to fortify defenses against repeat breaches.

We also explore the burgeoning legal landscape surrounding data breaches and web tracking settlements, as companies navigate the rising tide of class actions and privacy litigations. Meanwhile, Anthropic's accidental leak of its AI coding tool's source code serves as a stark reminder of the ongoing battle to protect intellectual property.

In the financial sector, Cetera's recent data breach underscores the relentless threat of cyberattacks, while Cisco grapples with a supply chain attack linked to the theft of its source code, raising alarms about the security of development environments.

The open-source community isn't spared either, with a malicious package infiltrating the npm ecosystem via the popular Axios library, highlighting vulnerabilities in software supply chains. On a brighter note, Zcash has patched a critical flaw that once put millions at risk, restoring confidence in its transaction security.

As we navigate these complex threats, the widespread use of OpenClaw without an enterprise kill switch poses significant risks, while CrowdStrike's insights into a Kerberos relay attack emphasize the need for robust network defenses. Finally, Zscaler's latest findings on Xloader's obfuscation techniques remind us of the ever-evolving nature of cyber threats.

Join us as we dissect these stories and more, equipping you with the knowledge to stay one step ahead in the cybersecurity landscape.

Data Breaches

1. The Seven Deadly Sins Behind Repeat SMB Breaches: SonicWall's latest security report highlights critical vulnerabilities within SMBs, emphasizing the necessity for Managed Security Service Providers (MSSPs) and Managed Service Providers (MSPs) to address these issues. The report identifies recurring security lapses that lead to repeated breaches, urging businesses to adopt more robust security measures. Source: MSSP Alert.
2. Report Probes What Is Driving a Rapid Rise in Data Breach Suits and Web Tracking Settlements: A new report by Baker & Hostetler reveals a surge in data breach class actions and the resolution of web tracking and pixel cases. The findings suggest a growing legal landscape where companies face increased scrutiny and litigation over data privacy practices. Source: Law.com.
3. Anthropic Leaks Its Own AI Coding Tool's Source Code: In a significant security breach, Anthropic accidentally leaked the source code of its AI coding tool, Claude Code. This incident, occurring shortly after another security lapse, highlights the company's ongoing challenges in safeguarding its intellectual property. Source: Fortune.
4. $640bn Cetera Suffers Data Breach: Cetera, a major independent brokerage firm, has notified customers of a data breach that occurred last summer. This incident places Cetera among several large firms grappling with data security issues, underscoring the persistent threat of cyberattacks in the financial sector. Source: Citywire.
5. Cisco Source Code Stolen in Trivy-Linked Dev Environment Breach: Security researchers have linked a supply chain attack on Cisco's development environment to the TeamPCP threat group. The breach involved the theft of Cisco's source code, raising concerns about the security of development environments and the potential impact on Cisco's operations. Source: Bleeping Computer.

Security Research

1. Axios Compromise on npm Introduces Hidden Malicious Package: Sonatype's security research revealed a significant compromise in the npm ecosystem where a malicious package was introduced through the Axios library. This incident highlights the vulnerabilities within open-source software supply chains and the potential for widespread impact due to the popularity of the affected package. Source: Sonatype.
2. Zcash Vulnerability That Put Millions of Dollars of ZEC at Risk Has Been Fixed: A critical vulnerability in Zcash nodes was discovered, which allowed bypassing proof verification for the deprecated Sprout shielded pool. This flaw put millions of dollars at risk, but has since been patched, ensuring the security of Zcash transactions moving forward. Source: Decrypt.
3. OpenClaw has 500,000 instances and no enterprise kill switch: Cato CTRL's security research documented the widespread use of OpenClaw, with over 500,000 instances lacking an enterprise kill switch. This poses a significant security risk as it leaves organizations vulnerable to potential exploits without a centralized mechanism to mitigate threats. Source: VentureBeat.
4. Detecting CVE-2026-20929: Kerberos Relay Attack via DNS CNAME Abuse: CrowdStrike's research into CVE-2026-20929 sheds light on a Kerberos relay attack that exploits DNS CNAME abuse. This vulnerability underscores the importance of understanding Kerberos relay fundamentals to protect against sophisticated network attacks. Source: CrowdStrike.
5. Latest Xloader Obfuscation Code & C2 Protocol: Zscaler's ThreatLabz has identified new obfuscation methods and command-and-control protocols used by Xloader malware. This research is crucial for cybersecurity professionals to stay ahead of evolving threats and enhance detection capabilities. Source: Zscaler.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the cybersecurity landscape is as dynamic as ever. From the persistent vulnerabilities plaguing SMBs to the sophisticated attacks on major corporations like Cisco and Cetera, the need for robust security measures is undeniable. The stories we've shared today highlight the critical importance of staying informed and vigilant in the face of evolving threats.

Whether it's the accidental leaks from Anthropic, the legal challenges surrounding data breaches, or the vulnerabilities in open-source software, each piece of news serves as a reminder of the complex challenges we face in safeguarding our digital world. As cybersecurity professionals, it's our duty to learn from these incidents and continuously adapt our strategies to protect our organizations and clients.

If you found today's insights valuable, we encourage you to share this newsletter with your friends and colleagues. By spreading awareness and knowledge, we can collectively strengthen our defenses and foster a more secure digital environment for everyone.

Thank you for being a part of the Secret CISO community. Stay safe, stay informed, and we'll see you in the next edition!