Subject: Secret CISO Daily Newsletter - Data Breach Settlements, Lawsuits, and Innovations Hello there, In today's edition of Secret CISO, we're diving into the world of data breaches and the ripple effects they cause. First up, 23andMe's $30 million data breach settlement is now open for claims, potentially affecting up to 7 million people. In the education sector, Memphis-Shelby County Schools (MSCS) has filed a lawsuit against PowerSchool, alleging contract violation following a data breach last December. Meanwhile, Union County's Children and Youth Services has been hit by a data breach impacting protected health information. In the healthcare sector, a report reveals that it had the most reported cyberthreats in 2024, with 206 data breach incidents.

On a more positive note, we explore how freezing medical records can immunize patients against data breaches. We also spotlight Theom, a data-security startup that has just secured $20 million in funding. In legal news, Cadwalader has dropped its data breach coverage suit against Lloyd's, while investigations into potential lawsuits continue for both Wilson Automotive and Serviceaide following data breaches. Finally, we look at the latest research on browser extensions posing critical security risks and the reimagining of data security by SentinelOne's investment in Theom.ai. Stay tuned for more updates and remember, knowledge is the key to cybersecurity.

Data Breaches

1. 23andMe's $30 Million Data Breach Settlement: 23andMe is now accepting claims for its settlement over a data breach that affected approximately 7 million people. The payouts could be quite substantial. Source: CNET
2. MSCS Files Lawsuit Against PowerSchool Over Data Breach: The Memphis-Shelby County Schools District (MSCS) has filed a lawsuit against software provider PowerSchool, alleging a contract violation following a data breach in December. Source: Local Memphis
3. Union County Children and Youth Services Data Breach: Protected health information held by Union County Children and Youth Services was compromised in a recent data breach. Source: Standard Journal
4. Health Care Sector Faces Most Reported Cyberthreats in 2024: The health care sector experienced the highest number of reported cyberthreats in 2024, including ransomware threats and data breach incidents. Source: AHA News
5. VeriSource Services Data Breach: HR and benefits firm VeriSource Services suffered a massive data breach compromising the personal information of around 4 million people. Source: SC Media

Security Research

1. Ransomware can now run directly on the CPU, researcher warns: A security researcher has developed a method to "weaponize" microcode updates to install ransomware directly onto the CPU. This technique could potentially bypass most antivirus programs. Source: TechSpot
2. Infostealer Targets Users via Fake AI Video Sites: Cybersecurity researchers have discovered a new infostealer that targets users through fake AI video sites. The malware uses deceptive naming and certificates to evade user suspicion and some security solutions. Source: BankInfoSecurity
3. 0-Click NTLM Auth Bypass Exposes Legacy Microsoft Systems: Veriti researchers have revealed a vulnerability in legacy Microsoft systems that allows remote attackers to exploit NTLM authentication mechanisms without user interaction. Source: Security Boulevard
4. ASUS Patches DriverHub RCE Flaws Exploitable via HTTP and Crafted .ini Files: Security researcher MrBruh has discovered two vulnerabilities in ASUS's DriverHub that could be exploited to achieve remote code execution. ASUS has since released patches for these flaws. Source: The Hacker News
5. VMware Tools Vulnerability Let Attackers Tamper Files to Trigger Malicious Operations: A vulnerability in VMware Tools, discovered by security researcher Sergey Bliznyuk, could allow attackers to tamper with files and trigger malicious operations. Source: Cybersecurity News

Top CVEs

1. CVE-2025-4560 - Missing Authentication vulnerability in ISOinsight from Netvision: This vulnerability allows unauthenticated remote attackers to access certain system functions, including viewing the administrator list, viewing and editing IP settings, and uploading. Source: CVE-2025-4560
2. CVE-2025-4559 - SQL Injection vulnerability in ISOinsight from Netvision: This vulnerability allows unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database. Source: CVE-2025-4559
3. CVE-2025-22247 - Insecure file handling vulnerability in VMware Tools: A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that. Source: CVE-2025-22247
4. CVE-2025-4561 - Arbitrary File Upload vulnerability in KFOX from KingFor: This vulnerability allows remote attackers with regular privilege to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the system. Source: CVE-2025-4561
5. CVE-2025-31257 - Memory handling issue in watchOS, tvOS, iOS, iPadOS, macOS Sequoia, visionOS, Safari: This issue was addressed with improved memory handling. Processing maliciously crafted web content may lead to an unexpected Safari crash. Source: CVE-2025-31257

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. As we've seen, the landscape of data security is ever-evolving, with new threats and solutions emerging daily. From the $30 million settlement of 23andMe to the ongoing lawsuits against PowerSchool and the innovative methods being used to protect medical records, it's clear that data security is a crucial aspect of our digital lives. Remember, knowledge is power. By staying informed, we can all play a part in creating a safer digital world.

If you found this newsletter helpful, please consider sharing it with your friends and colleagues. Let's spread the word and foster a culture of security awareness. Until next time, stay safe and secure!