Welcome to today's issue of Secret CISO, your daily digest of the most impactful cybersecurity news. Today, we delve into a series of security breaches that have shaken the digital world. First off, we have a BBC reporter sharing insights from his conversations with hackers who targeted M&S and Co-Op. In the world of cryptocurrency, Coinbase suffered a significant data breach, exposing customers' personal information, including government-issued IDs.

Meanwhile, a security incident at Shannon Airport in Ireland led to the arrest of three women and left a Garda injured. In the US, fired government workers are being targeted by Uncle Xi, and six Indians were arrested for passing sensitive information to Pakistani operatives. In the Middle East, OpenAI is planning a data center in Abu Dhabi that would be bigger than Monaco, while Binance and Kraken managed to avoid data breaches through strong security measures. In other news, a ransomware attack on ADP Partner exposed Broadcom employee data, and fake ChatGPT sites are putting user data and devices at risk.

Finally, a US man who hacked SEC's X account to spike Bitcoin price has been sentenced to prison, and a Sequoia Partner was caught in the Coinbase data breach. Stay tuned for more updates on these stories and other cybersecurity news. Stay safe and secure!

Data Breaches

1. Coinbase Data Breach: Coinbase, a leading cryptocurrency exchange, reported a significant data breach. Personal information of customers, including government-issued IDs, was stolen. The breach is a stark reminder of the vulnerabilities even in high-security platforms. Source: TechCrunch
2. Security Breach at Shannon Airport: A security breach at Shannon Airport led to the arrest of three women and an injury to a Garda officer. The airport was temporarily closed after a van attempted to enter the premises. Source: Irish Examiner
3. Security Breach in Haryana: Six Indians were arrested for passing sensitive information to Pakistani operatives, marking a significant security breach. The leaked data included information about Indian locations. Source: YouTube
4. Ransomware Attack on ADP Partner Exposes Broadcom Employee Data: A ransomware attack on ADP Partner led to the exposure of Broadcom employee data. The data was leaked online in December, but Broadcom wasn't informed until May 2025. Source: DataBreaches.net
5. M&S Data Breach: Hackers believed to have gained access to M&S through a third party. The supermarket declined to comment on the nature of the breach, but it was confirmed that some personal customer data was compromised. Source: BBC News

Security Research

1. CSGDB celebrates graduation of 2nd edition of Baheth program: The Center for Security Research and Studies in Doha celebrated the graduation of the second edition of its Baheth program. This initiative aims to foster a new generation of security researchers and experts. Source: Gulf Times
2. Firefox Security Response to pwn2own 2025: At the pwn2own hacking competition, security researchers demonstrated two new content-process exploits against Firefox. Mozilla is actively working on patches to address these vulnerabilities. Source: The Mozilla Blog
3. Ethereum More Secure Than Bitcoin, Says Researcher: Ethereum researcher Justin Drake sparked a lively discussion in the crypto community by comparing the security models of Bitcoin and Ethereum, arguing that Ethereum's model is more secure. Source: CoinoMedia on Binance Square
4. Robust Authentication: Leveraging Hardware Fingerprints and AI to Enhance Security: A new research paper discusses the use of hardware fingerprints and AI to enhance security against spoofing. This approach could significantly improve authentication processes. Source: ResearchGate
5. Sophisticated NPM Attack Exploits Google Calendar C2 For Sophisticated Communication: Veracode researchers identified a sophisticated NPM attack that exploits Google Calendar for communication. This discovery highlights the need for continuous security monitoring of development environments. Source: Cybersecurity News

Top CVEs

1. CVE-2025-4389: The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation. Unauthenticated attackers can upload arbitrary files on the affected site's server which may lead to remote code execution. Source: CVE-2025-4389
2. CVE-2025-4391: The Echo RSS Feed Post Generator plugin for WordPress is also vulnerable to arbitrary file uploads due to missing file type validation. Unauthenticated attackers can upload arbitrary files on the affected site's server which may lead to remote code execution. Source: CVE-2025-4391
3. CVE-2025-4920: An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object. This vulnerability affects Firefox versions prior to 138.0.4 and Firefox ESR. Source: CVE-2025-4920
4. CVE-2025-4842: A vulnerability was found in D-Link DCS-932L 2.18.01. This vulnerability affects the function isUCPCameraNameChanged of the file /sbin/ucp. The manipulation of the argument CameraName leads to stack-based buffer overflow. The attack can be initiated remotely. Source: CVE-2025-4842
5. CVE-2025-4921: An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox versions prior to 138.0.4 and Firefox ESR. Source: CVE-2025-4921

API Security

1. CVE-2025-47539 – WordPress Eventin Plugin Critical Exploit: The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthenticated privilege escalation due to a missing authorization check in the import_items() function. Unauthenticated attackers can craft a malicious request to the REST API and create a new user with administrator privileges without any user interaction. This Python script is a standalone exploitation tool for CVE-2025-47539. Source: vulners.com
2. CVE-2025-47945 – Donetick App Weak JWT Signing Secret: Donetick, an open-source app for managing tasks and chores, uses JSON Web Tokens (JWT) for authentication, but the signing secret has a weak default value. This approach is inadequate and can result in full account takeover of any user. The vulnerability is proven by the existence of the issue in the live version as well. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, we can't help but reflect on the importance of staying vigilant in the face of ever-evolving cyber threats. From the BBC reporter's conversation with hackers to the security breach at Coinbase, it's clear that no one is immune to these threats. We also saw how security incidents at Shannon Airport and the arrest of individuals for passing sensitive information to Pakistani operatives remind us of the real-world implications of cyber threats. Meanwhile, the planned data center in Abu Dhabi by OpenAI and the strong security measures by Binance and Kraken highlight the proactive steps being taken to safeguard data and systems. In the world of research, we saw how researchers are making strides in enhancing security, from the development of a new tool that tricks Windows into disabling Microsoft Defender to the graduation of the second edition of the Baheth program.

As we navigate this complex landscape, let's remember to share our knowledge and insights with each other. If you found today's newsletter informative, please consider sharing it with your friends and colleagues. Together, we can stay one step ahead of the hackers. Stay safe and see you in the next edition of Secret CISO!