Welcome to today's issue of the Secret CISO newsletter, where we bring you the latest and most impactful cybersecurity news. Today, we delve into the rising security concerns over Chinese apps, as highlighted by the founder of EaseMyTrip. We also explore India's history of massive data breaches and how it amplifies passport security concerns. In the realm of AI, we discuss its impact on creative industries, focusing on data security, quality control, and IP protection.

We also look at how Ledger secures Discord after a hacker bot tried to steal seed phrases, and how RI police departments are participating in the annual Police Unity Tour amidst data breach concerns. In the financial sector, we examine Gen Digital's acquisition of MoneyLion to create a financial security ecosystem. We also discuss how Wiz continues to be deployed on AWS despite its acquisition by Google. In the wake of recent breaches, we highlight the urgent need for better protection of sensitive personal data stored online. We also touch on the potential threats of CPU ransomware and the struggles of Services Australia to gauge exposure to the Optus data breach.

Lastly, we delve into the world of cybersecurity research, exploring vulnerabilities in enterprise connected devices and the role of AI in revolutionizing global cybercrime investigations. Stay tuned for more updates on the ever-evolving cybersecurity landscape.

Data Breaches

1. "EaseMyTrip founder raises security concerns over Chinese app - Tech in Asia": The founder of EaseMyTrip has raised concerns over the security of a Chinese app, citing India's history of significant data breaches. The issue underscores the importance of robust data security measures, particularly in the context of international relations. Source: Tech in Asia
2. "Ledger secures Discord after hacker bot tried to steal seed phrases - Cointelegraph": Ledger, a cryptocurrency hardware wallet, has secured its Discord channel after a hacker bot attempted to steal seed phrases. The security breach was an isolated incident, and Ledger has since implemented additional security measures. Source: Cointelegraph
3. "Services Australia struggles to gauge exposure to Optus data breach - iTnews": Services Australia is grappling with the fallout from a data breach at Optus. The extent of the exposure is still unclear, highlighting the challenges organizations face in managing and mitigating data breaches. Source: iTnews
4. "23andMe customers notified of bankruptcy and potential claims — deadline to file is July 14 - TechCrunch": Genetic testing company 23andMe has filed for bankruptcy following a data breach in 2023 that compromised the personal information of nearly 7 million users. Customers have been notified of the bankruptcy and potential claims, with a filing deadline set for July 14. Source: TechCrunch
5. "Lido DAO initiates emergency vote to swap compromised oracle - Cointelegraph": Lido DAO, a decentralized autonomous organization, has initiated an emergency vote to swap a compromised oracle. The exploit was likely due to a hot wallet private key leak, highlighting the persistent security risks in the crypto space. Source: Cointelegraph

Security Research

1. Research on Cyber Security in Enterprise Connected Devices - GOV.UK: This research highlights security vulnerabilities in a range of connected devices commonly used by businesses. It emphasizes the need for businesses to prioritize cybersecurity in their operations to prevent potential breaches. Source: GOV.UK
2. MOI Launches Automated System for Journal of Legal and Security Studies: The Ministry of Interior has launched an automated system for the Journal of Legal and Security Studies. This initiative is part of the efforts to enhance security research and studies at the Police Academy. Source: QNA
3. CSIRO Outlines Cyber Security Roadmap - iTnews: CSIRO is uplifting cybersecurity across its enterprise and research functions with an emphasis on protecting core operations. The roadmap outlines the organization's strategy to enhance its cybersecurity posture. Source: iTnews
4. One-Click RCE in Asus's Preinstalled Driver Software - Hacker News: A security researcher has identified a one-click Remote Code Execution vulnerability in Asus's preinstalled driver software. The researcher has provided insights on how to fix the issue, emphasizing the importance of timely patching. Source: Hacker News
5. How US-based Nigerian Researcher, Bokolo is Using AI to Revolutionise Global Cybercrime - The Nation: Nigerian digital forensics expert, Biodoumoye Bokolo, is leading innovative research that merges artificial intelligence with cybersecurity. This research aims to revolutionize global cybercrime investigations. Source: The Nation

Top CVEs

1. CVE-2025-4536 in Gosuncn Technology Group Audio-Visual Integrated Management Platform 1.0: A critical vulnerability has been discovered in an unknown functionality of the file /sysmgr/user/listByPage. This vulnerability can lead to information disclosure and can be exploited remotely. The vendor has not responded to this disclosure. Source: CVE-2025-4536
2. CVE-2025-4539 in Hainan ToDesk 4.7.6.3: A critical vulnerability has been found in the library profapi.dll of the component DLL File Parser. The vulnerability leads to an uncontrolled search path and can be exploited locally. The vendor has not responded to this disclosure. Source: CVE-2025-4539
3. CVE-2025-4533 in JeecgBoot up to 3.8.0: A problematic vulnerability has been found in the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component Document Library Upload. This vulnerability can lead to resource consumption and can be exploited remotely. Source: CVE-2025-4533
4. CVE-2025-4538 in kkFileView 4.4.0: A critical vulnerability has been discovered in an unknown part of the file /fileUpload. This vulnerability can lead to unrestricted upload and can be exploited remotely. The vendor has not responded to this disclosure. Source: CVE-2025-4538
5. CVE-2025-4552 in ContiNew Admin up to 3.6.0: A problematic vulnerability has been found in an unknown functionality of the file /dev-api/system/user/1/password. This vulnerability can lead to unverified password change and can be exploited remotely. The vendor has not responded to this disclosure. Source: CVE-2025-4552

API Security

1. CVE-2025-4552 in ContiNew Admin up to 3.6.0: A vulnerability has been discovered in ContiNew Admin up to 3.6.0, affecting an unknown functionality of the file /dev-api/system/user/1/password. This vulnerability allows for unverified password changes and can be exploited remotely. The vendor has been notified but has yet to respond. Source: CVE-2025-4552.
2. CVE-2025-4551 in ContiNew Admin up to 3.6.0: Another vulnerability has been found in ContiNew Admin up to 3.6.0, this time affecting an unknown function of the file /dev-api/common/file. The vulnerability allows for cross-site scripting through the manipulation of the File argument and can be launched remotely. The vendor was contacted but has not responded. Source: CVE-2025-4551.
3. CVE-2025-4542 in Freeebird Hotel 酒店管理系统 API up to 1.2: A problematic vulnerability has been identified in Freeebird Hotel's API up to version 1.2. The issue affects an unknown functionality of the file /src/main/java/cn/mafangui/hotel/tool/SessionInterceptor.java and allows for a permissive cross-domain policy with untrusted domains. The attack can be launched remotely, but it is known to be difficult to exploit. Source: CVE-2025-4542.

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. From the rise of AI in creative industries to the security concerns over Chinese apps, we've covered a lot of ground. But remember, in the world of cybersecurity, knowledge is power. So, stay informed, stay vigilant, and most importantly, stay secure. If you found this newsletter helpful, why not share it with your colleagues and friends? Let's spread the word about the importance of cybersecurity and help each other stay one step ahead of the threats. Until next time, keep your data safe and your systems secure. Stay tuned for more updates tomorrow.

Remember, in the world of cybersecurity, the only constant is change. And the best way to keep up with that change is by staying informed. So, don't miss out on your daily dose of security insights and news with Secret CISO.