Welcome to today's issue of Secret CISO. Today, we delve into the world of data breaches, exploring how they're affecting businesses and consumers alike. We start with the shocking revelation of Coinbase's insider bribery scheme that led to a data breach and a potential $400M cost. We then move on to a billion-dollar bank warning its customers after a data breach triggered unauthorized account access.

In the healthcare sector, we examine a lawsuit investigation following a data breach at Communications Data Group and a medical imaging service provider settling HIPAA risk analysis and breach notification failures. We also look into a study that explores the extent of hacking and ransomware attacks in healthcare. In the world of cryptocurrency, we discuss the recent data breach at Coinbase that has reignited debates over crypto security models. We also touch on the Australian Human Rights Commission's data breach that led to the leakage of sensitive documents. In the realm of cybersecurity research, we explore the launch of a no-cost data breach defense program for the U.S. healthcare industry by Celerium.

We also delve into the potential dangers of cuts to the National Science Foundation and what we can learn about cybersecurity for space from existing safety procedures. Stay tuned for more updates on these stories and more in today's issue of Secret CISO.

Data Breaches

1. Coinbase Data Breach: Coinbase, a leading cryptocurrency exchange, suffered a significant data breach due to an insider bribery scheme. The breach exposed sensitive user information and could potentially cost the company up to $400 million. The company is now enhancing its internal security measures and alerting affected customers. Source: Security Info Watch
2. US Bank Data Breach: A top 100 US bank disclosed a data breach affecting the personal and confidential information of 7537 customers. The breach triggered unauthorized account access, prompting the bank to warn its customers. Source: Daily Hodl
3. Communications Data Group Data Breach: Communications Data Group, a leading provider of telecommunications software solutions, is under investigation for a potential data breach. Customers who received a data breach notice may be eligible to join a class action lawsuit to recover losses due to privacy violations. Source: Class Action
4. Vision Upright MRI HIPAA Penalty: Medical imaging service provider Vision Upright MRI has settled HIPAA risk analysis and breach notification failures. The company failed to notify the affected individuals and the breach portal within 60 days of discovering a data breach. Source: HIPAA Journal
5. Weis Markets Data Breach: Weis Markets, a large food retailer, concluded its investigation into a data breach. A skimmer was discovered at one of its stores, compromising customer data. The company has not disclosed the extent of the breach. Source: Progressive Grocer

Security Research

1. Artificial General Intelligence's Five Hard National Security Problems - Harvard Law School: The research discusses the challenges faced by Artificial General Intelligence (AGI) in national security. The researchers from RAND, a nonpartisan research organization, highlight the need for a comprehensive approach to address these issues. Source: Harvard Law School
2. Unprecedented cuts to the National Science Foundation endanger research - Cobb Courier: The research highlights the potential risks to national security and economic growth due to the unprecedented cuts to the National Science Foundation. The study emphasizes the importance of research in improving national security. Source: Cobb Courier
3. What Can We Learn About Cybersecurity for Space from Existing Safety Procedures?: The research explores how data from mission failures can enhance research into cyber threats within space infrastructure. It emphasizes the need for robust cybersecurity measures in space missions. Source: Satellite Today
4. Google Chrome data leakage bug confirmed as actively exploited | SC Media: Security researcher Vsevolod Kokorin discovered a vulnerability in Google Chrome that could be exploited to capture user data. The research underscores the importance of timely patching and updates to prevent data breaches. Source: SC Media
5. Warning: This Printer Vendor's Software Contained Malware | PCMag: The research reveals that software drivers for China-based Procolored's printers were serving malware to users for six months. The study underscores the need for robust security measures in software development. Source: PCMag

Top CVEs

1. CVE-2025-22233: A vulnerability in Spring Framework versions 6.2.0 - 6.2.6, 6.1.0 - 6.1.19, 6.0.0 - 6.0.27, 5.3.0 - 5.3.42 allows bypassing of disallowedFields checks. Users are advised to upgrade to the fixed version. Source: CVE-2025-22233
2. CVE-2025-47916: Invision Community 5.0.0 before 5.0.7 has a remote code execution vulnerability via crafted template strings to themeeditor.php. Unauthenticated users can exploit this to inject and execute arbitrary PHP code. Source: CVE-2025-47916
3. CVE-2025-4755: A critical vulnerability in D-Link DI-7003GV2 24.04.18D1 R(68125) affects the function sub_497DE4 of the file /H5/netconfig.asp, leading to improper authentication. The attack can be initiated remotely. Source: CVE-2025-4755
4. CVE-2025-4756: D-Link DI-7003GV2 24.04.18D1 R(68125) has a vulnerability that affects unknown code of the file /H5/restart.asp, leading to denial of service. The attack can be initiated remotely. Source: CVE-2025-4756
5. CVE-2025-4750: A problematic vulnerability in D-Link DI-7003GV2 24.04.18D1 R(68125) affects unknown processing of the file /H5/get_version.data of the component Configuration Handler, leading to information disclosure. The attack may be initiated remotely. Source: CVE-2025-4750

API Security

1. Nextcloud Desktop API Vulnerability (CVE-2025-47792): A vulnerability in versions of Nextcloud Desktop prior to 3.15 allows 3rd party applications to create link shares for almost all data via the socket API. These shares can then be sent to an external service. The issue has been fixed in version 3.15. Source: vulners.com
2. Improper Link Resolution Vulnerability in Qt Framework (CVE-2025-4211): A vulnerability in QFileSystemEngine in the Qt corelib module on Windows allows Symlink Attacks and the use of Malicious Files. The issue arises from the use of the GetTempPath API, which can be exploited to manipulate temporary file paths, potentially leading to unauthorized access and privilege escalation. The issue affects all versions of Qt up to and including 5.15.18, from 6.0.0 through 6.5.8, from 6.6.0 through 6.8.1. It is fixed in Qt 5.15.19, Qt 6.5.9, Qt 6.8.2. Source: vulners.com
3. Ollama Server Vulnerability (CVE-2025-1975): A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint. Source: vulners.com
4. Cross-Site WebSocket Hijacking in Hitachi Ops Center Analyzer (CVE-2024-8201): A vulnerability in Hitachi Ops Center Analyzer (RAID Agent component) allows Cross-Site WebSocket Hijacking. The issue affects Hitachi Ops Center Analyzer: from 10.8.0-00 before 11.0.4-00; Hitachi Ops Center Analyzer: from 10.9.0-00 before... Source: vulners.com
5. lockfile-lint-api Incorrect Behavior Order Vulnerability: Versions of the package lockfile-lint-api before 5.9.2 are vulnerable to Incorrect Behavior Order: Early Validation via the resolved attribute of the package URL validation which can be bypassed by extending the package name allowing an attacker to install other npm packages than the intended. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of the Secret CISO newsletter. We've covered a lot of ground, from the Coinbase insider bribery scheme leading to a data breach, to the potential $400M cost, and the billion-dollar bank warning customers after a data breach triggers unauthorized account access. Remember, in the world of cybersecurity, knowledge is power. The more informed you are, the better you can protect your organization from potential threats.

So, don't keep this valuable information to yourself. Share this newsletter with your friends and colleagues to keep them in the loop too. Stay safe, stay informed, and see you in the next edition of Secret CISO.