Welcome to today's issue of Secret CISO. We've got a lot to cover, so let's dive right in. First up, we're looking at the recent data breach at Kettering Health, with Lynch Carpenter leading the investigation. This incident highlights the ever-present threat of cyber attacks in the healthcare sector.

Next, we're discussing the M&S cyber-attack and how to protect yourself from sim-swap fraud. This incident serves as a reminder of the importance of strong login credentials and the dangers of reusing passwords across multiple platforms. Speaking of passwords, a massive data breach has exposed 184 million login credentials across major tech platforms. This breach underscores the importance of unique passwords for each of your online accounts. In legal news, Americans could receive up to $53k from a data breach settlement with TracFone Wireless. This case highlights the potential financial consequences for companies that fail to adequately protect customer data.

We're also covering a major data leak that exposed 184 million Facebook, Snapchat, and Roblox logins and passwords. This incident serves as a stark reminder of the importance of strong, unique passwords and the potential dangers of storing such information in an unprotected database. In other news, Coca-Cola and its bottling partner were hit by ransomware and data breaches in separate attacks. This incident underscores the need for robust cybersecurity measures across all sectors.

Finally, we're looking at the recent Coinbase data breach, which affected 69,000 customers. This incident serves as a reminder of the potential risks associated with cryptocurrency exchanges. Stay tuned for more updates and remember, stay safe out there.

Data Breaches

1. Kettering Health Data Breach: Kettering Health recently announced a cybersecurity incident that resulted in a data breach. The extent of the breach and the number of affected individuals are yet to be disclosed. Source: GlobeNewswire
2. Massive Data Breach Exposes 184M Login Credentials: A colossal data breach has exposed 184 million login credentials across major tech platforms. The breach revealed that many users had reused passwords across multiple services, significantly increasing security risks. Source: Mobile ID World
3. TracFone Wireless Data Breach Settlement: TracFone Wireless agreed to a massive settlement to resolve claims it failed to prevent a 2021 data breach. Eligible claimants could receive up to $53k from the settlement. Source: The Sun
4. Opexus Federal Data Breach: Opexus, a software company that handles sensitive data for nearly every US federal agency, was the victim of a significant cyber breach. The extent of the breach and the potential impact on federal agencies is currently under investigation. Source: DataBreaches.Net
5. Coinbase Data Breach: Coinbase, a popular cryptocurrency exchange platform, confirmed a data breach affecting 69,461 customers. The company is currently investigating the incident and has not disclosed the extent of the breach. Source: TechRadar

Security Research

1. Chinese Spies Attack Ivanti Bugs: A suspected Chinese government spy group is exploiting two Ivanti bugs that can be chained together to achieve unauthorized access. The group's activities have led to a rash of attacks. Source: The Register
2. US Takes Down DanaBot Malware: A top figure in the Russian cybercrime gang behind DanaBot infected his own computer with the malware, allowing an FBI agent to search an image of the computer and indict the developers. Source: Bank Info Security
3. Detection as Code: The concept of "detection as code" is revolutionizing security operations through automated, intelligent threat detection. This approach was unpacked by a Security Engineer and a Staff Security Researcher in a recent SC presentation. Source: SC World
4. Security Threats of Open Source AI Exposed by DeepSeek: DeepSeek has exposed the security threats of open source AI. The risks must be carefully considered and mitigated to enjoy the benefits of generative AI safely. Source: Dark Reading
5. Hackers Can Turn Off Windows Defender: A security researcher has built a program that the OS sees as an antivirus. Since two AV programs can't run at the same time, Windows Defender turns off, leaving the system vulnerable. Source: MSN

Top CVEs

1. CVE-2025-4123: A cross-site scripting (XSS) vulnerability exists in Grafana, allowing attackers to redirect users to a malicious website that hosts a frontend plugin executing arbitrary JavaScript. Source: vulners.com
2. CVE-2025-0993: An issue in GitLab CE/EE allows an authenticated attacker to cause a denial of service condition by exhausting server resources. Source: vulners.com
3. CVE-2025-4575: A flaw in the OpenSSL x509 application allows a trusted certificate to be marked as trusted for a use it was intended to be rejected for, due to a copy & paste error during minor refactoring. Source: vulners.com
4. CVE-2025-47181: An improper link resolution before file access in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges. Source: vulners.com
5. CVE-2025-4366: A request smuggling vulnerability in Pingora’s proxying framework allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning. Source: vulners.com

API Security

1. CyberDAVA Privilege Escalation Vulnerability (CVE-2025-48695): A privilege escalation vulnerability was discovered in CyberDAVA before version 1.1.20. The issue allows a low-privileged user to escalate their privilege by abusing an API due to lack of access control. Users are advised to update to the latest version. Source: vulners.com
2. ABUP Cloud Update Privilege Escalation (CVE-2025-4692): A maliciously crafted JSON web token (JWT) can be used to perform privilege escalation on the ABUP Cloud Update platform. If successful, the user can escalate privileges to access any device managed by the platform. Source: vulners.com
3. OpenFGA Authorization Bypass (CVE-2025-48371): OpenFGA versions 1.8.0 through 1.8.12 are vulnerable to authorization bypass under certain conditions. Users should upgrade to version 1.8.13 to receive a patch. Source: vulners.com
4. Schule Unauthorized Access (CVE-2025-48373): Schule, an open-source school management system software, has a serious security risk in versions prior to 1.0.1. Attackers can manipulate JavaScript in the browser and gain unauthorized access to restricted areas of the application. Source: vulners.com
5. GitLab Unauthorized Access to Job Data (CVE-2025-1110): An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. A user with limited permissions could access Job Data via a crafted GraphQL under certain circumstances. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. We hope you found these updates useful and informative. Remember, in the world of cybersecurity, knowledge is power. Stay informed, stay vigilant, and most importantly, stay safe. If you found this newsletter helpful, please consider sharing it with your friends and colleagues. Let's work together to create a safer digital world. Until next time, keep your data secure and your systems protected.

Stay tuned for tomorrow's edition where we'll bring you more updates from the ever-evolving world of cybersecurity. Until then, this is your Secret CISO, signing off.