Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity challenges that continue to plague organizations worldwide. In this issue, we delve into the seven deadly sins that leave SMBs vulnerable to repeat breaches, as SonicWall's report urges a call to action for MSSPs and MSPs to fortify defenses.

Meanwhile, a surge in data breach lawsuits and web tracking settlements signals a growing legal focus on privacy violations, pushing companies to rethink their data protection strategies. As we navigate these turbulent waters, Anthropic's second major security breach in days raises alarms about internal security protocols, while Cetera's data breach adds to the financial sector's woes.

In a twist of fate, Cisco finds itself entangled in a supply chain attack, with its source code compromised, highlighting the persistent threat of such vulnerabilities. The open-source community isn't spared either, as a malicious package within the popular Axios npm library threatens millions of users.

On a brighter note, Zcash developers have patched a critical vulnerability that once put millions of dollars at risk, showcasing the resilience of the crypto community. Yet, the widespread use of OpenClaw without an enterprise kill switch remains a looming threat, as does the sophisticated Kerberos relay attack via DNS CNAME abuse, underscoring the need for robust security measures.

Join us as we explore these stories and more, equipping you with the insights needed to stay ahead in the ever-evolving cybersecurity landscape.

Data Breaches

1. The Seven Deadly Sins Behind Repeat SMB Breaches: SonicWall's latest security report highlights critical vulnerabilities in SMBs, emphasizing the need for Managed Security Service Providers (MSSPs) and Managed Service Providers (MSPs) to address these issues. The report identifies common security missteps that lead to repeated breaches, urging businesses to adopt more robust security measures. Source: MSSP Alert
2. Report Probes What Is Driving a Rapid Rise in Data Breach Suits and Web Tracking Settlements: A new report by Baker & Hostetler reveals a significant increase in data breach class actions and settlements related to web tracking and pixel cases. The findings suggest a growing legal focus on privacy violations and the need for companies to enhance their data protection strategies. Source: Law.com
3. Anthropic Leaks Its Own AI Coding Tool's Source Code in Second Major Security Breach: In a significant security lapse, Anthropic accidentally leaked the source code of its AI coding tool, Claude Code. This incident follows another recent breach, raising concerns about the company's internal security protocols. Source: Fortune
4. $640bn Cetera Suffers Data Breach: Cetera, a major independent brokerage firm, has notified customers of a data breach that occurred last summer. This incident adds Cetera to the list of significant financial firms affected by data breaches, highlighting ongoing vulnerabilities in the sector. Source: Citywire
5. Cisco Source Code Stolen in Trivy-Linked Dev Environment Breach: Security researchers have linked a supply chain attack on Cisco to the TeamPCP threat group. The breach involved the theft of Cisco's source code, underscoring the persistent threat of supply chain vulnerabilities. Source: Bleeping Computer

Security Research

1. Axios Compromise on npm Introduces Hidden Malicious Package: Sonatype's security research uncovered a malicious package hidden within the popular Axios npm library. This compromise highlights the vulnerabilities in open-source software management, as the malicious code could potentially affect millions of users relying on Axios for their applications. Source: Sonatype.
2. Zcash Vulnerability That Put Millions of Dollars of ZEC at Risk Has Been Fixed: A critical vulnerability in Zcash nodes was discovered, which allowed bypassing proof verification for the deprecated Sprout shielded pool. This flaw could have put millions of dollars at risk, but has since been patched, ensuring the security of Zcash transactions. Source: Decrypt.
3. OpenClaw has 500,000 instances and no enterprise kill switch: Security researcher Vitaly Simonovich documented the widespread use of OpenClaw, which lacks an enterprise kill switch. This poses a significant security risk, as it could lead to unauthorized access and data breaches across numerous instances. Source: VentureBeat.
4. Anthropic leaks its own AI coding tool's source code in second major security breach: Anthropic accidentally exposed hundreds of thousands of lines of its AI coding tool's source code. This breach provides researchers with insights into upcoming models and internal architecture, raising concerns about the company's security practices. Source: Fortune.
5. Detecting CVE-2026-20929: Kerberos Relay Attack via DNS CNAME Abuse: CrowdStrike's research into CVE-2026-20929 sheds light on a Kerberos relay attack that exploits DNS CNAME abuse. This vulnerability emphasizes the need for robust security measures to protect against sophisticated attack vectors targeting authentication protocols. Source: CrowdStrike.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the cybersecurity landscape is as dynamic as ever. From the vulnerabilities plaguing SMBs to the legal ramifications of data breaches, and the ongoing challenges in securing open-source software, the need for vigilance and proactive measures is undeniable. Each story serves as a reminder of the critical importance of robust security practices and the ever-evolving nature of threats.

Whether it's the accidental exposure of source code by Anthropic or the sophisticated Kerberos relay attack, these incidents highlight the necessity for organizations to stay ahead of potential threats. By sharing knowledge and insights, we can collectively work towards a more secure digital environment.

If you found today's newsletter insightful, consider sharing it with your friends and colleagues. Together, we can foster a community that is informed, prepared, and resilient against the challenges of cybersecurity. Stay safe, stay informed, and see you in the next edition of Secret CISO!