Welcome to today's issue of Secret CISO, your daily source for the most impactful cybersecurity news. In this issue, we cover a series of data breaches, legal actions, and cybersecurity initiatives, as well as the latest vulnerabilities you need to be aware of.

Starting with data breaches, UChicago Medicine has suffered a significant breach, potentially exposing the personal information of nearly 40,000 patients. In another incident, an Iranian hacker has pleaded guilty to a $19 million ransomware attack on Baltimore involving the Robbinhood ransomware. A massive data breach has also potentially impacted 184 million passwords across various platforms, including Google and Apple. LexisNexis Risk Solutions reported a data breach that may have exposed sensitive information for over 364,000 people. Lastly, Shields Health Care Group has agreed to a proposed data breach settlement of $15.35 million, affecting over 2 million individuals.

In legal and cybersecurity initiatives, Fortinet has announced a free digital safety curriculum for all schools, while Kaspersky has announced the eight finalists who will compete in the SAS CTF 2025 in Thailand. The Massachusetts Attorney General has filed a lawsuit against the Trump administration over cuts to scientific research. A research team at Aurora College is aiming to shift the conversation around food security in the North through community gardening. Meanwhile, Ivanti is currently addressing almost 20 attacks attributed to zero-day vulnerabilities in its software.

Turning to vulnerabilities, Fortinet devices, Best Practical RT, aws-mcp-server, and Fortinet FortiManager have all been found to have significant vulnerabilities, ranging from missing authentication to XSS vulnerabilities. Additionally, Next.js server, vLLM, and Argo CD have vulnerabilities that could lead to unauthorized access, Denial of Service (DoS), and cross-site scripting. Mautic has a vulnerability that allows sensitive .env configuration files to be directly accessible via a web browser.

Stay tuned for more updates and remember, knowledge is the best defense against cybersecurity threats. Stay safe!

Data Breaches

1. Data Breach at UChicago Medicine: A data breach at UChicago Medicine may have exposed the personal information of nearly 40,000 patients. The exposed data includes names, Social Security numbers, addresses, dates of birth, medical information, and financial account information. Source: YouTube
2. Iranian Hacker Pleads Guilty in $19 Million Robbinhood Ransomware Attack on Baltimore: An Iranian hacker has pleaded guilty to a $19 million ransomware attack on Baltimore. The attack involved the Robbinhood ransomware and resulted in significant disruption and financial losses. Source: The Hacker News
3. Data Breach of 184 Million Passwords: A massive data breach has potentially impacted 184 million passwords. The breach affected various platforms, including Google and Apple, making it a significant concern for consumers. Source: YouTube
4. Attack on LexisNexis Risk Solutions: A data breach at LexisNexis Risk Solutions may have exposed sensitive information for over 364,000 people. The data analytics and risk management company reported that its software development platform was breached. Source: The Register
5. Shields Health Care Group Settles Breach Lawsuit for $15.35M: Shields Health Care Group has agreed to a proposed data breach settlement of $15.35 million. The breach affected over 2 million individuals, leading to a significant lawsuit. Source: TechTarget

Security Research

1. Fortinet launches free digital safety curriculum for all schools: Fortinet has announced a free digital safety curriculum for all schools, based on findings from their 2024 Security Awareness and Training Global Research. The curriculum includes free online Network Security Expert (NSE) training. Source: SecurityBrief Australia
2. Kaspersky announces 8 finalists to compete in SAS CTF 2025 in Thailand: Kaspersky has announced the eight finalists who will compete in the SAS CTF 2025 in Thailand, an initiative aimed at strengthening the global cybersecurity community. Source: Kaspersky
3. Questions mount as Ivanti tackles another round of zero-days: Security researchers at EclectiqIQ have attributed almost 20 attacks to zero-day vulnerabilities in Ivanti's software. The company is currently working on addressing these issues. Source: CyberScoop
4. Aurora College research team wants to change the way the North looks at food security: A research team at Aurora College is aiming to shift the conversation around food security in the North through community gardening. Source: CBC
5. Mass. AG sues Trump administration over cuts to scientific research: The Massachusetts Attorney General has filed a lawsuit against the Trump administration over cuts to scientific research, arguing that the cap would jeopardize millions of dollars in research that supports national security, the economy, and public health. Source: masslive.com

Top CVEs

1. CVE-2025-22252 - Missing Authentication in Fortinet Devices: Fortinet FortiProxy, FortiSwitchManager, and FortiOS versions have a missing authentication for critical function vulnerability. An attacker with knowledge of an existing admin account can access the device as a valid admin without authentication. Source: CVE-2025-22252
2. CVE-2025-30087 - XSS Vulnerability in Best Practical RT: Best Practical RT versions 4.4 through 4.4.7 and 5.0 through 5.0.7 have an XSS vulnerability. Attackers can inject crafted parameters in a search, leading to potential data theft or unauthorized actions. Source: CVE-2025-30087
3. CVE-2025-5277 - Command Injection in aws-mcp-server: The aws-mcp-server MCP server is vulnerable to command injection. An attacker can craft a prompt that, once accessed by the MCP client, will run arbitrary commands on the host. Source: CVE-2025-5277
4. CVE-2024-54020 - Missing Authorization in Fortinet FortiManager: Fortinet FortiManager versions have a missing authorization vulnerability. An authenticated attacker can overwrite global threat feeds via a crafted update. Source: CVE-2024-54020
5. CVE-2025-31501 - XSS Vulnerability in Best Practical RT: Best Practical RT versions 5.0 through 5.0.7 have an XSS vulnerability. Attackers can inject JavaScript in an RT, leading to potential data theft or unauthorized actions. Source: CVE-2025-31501

API Security

1. Information exposure in Next.js dev server due to lack of origin verification: A vulnerability in Next.js server allows a Cross-site WebSocket hijacking (CSWSH) attack when running locally. This could lead to unauthorized access to the source code of client components if a user visits a malicious link while having the Next.js dev server running. Source: vulners.com.
2. vLLM DOS: Remotely kill vllm over http with invalid JSON schema: An invalid json_schema sent to the /v1/completions API can crash the vllm server. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted API call. Source: vulners.com.
3. vLLM has a Regular Expression Denial of Service (ReDoS, Exponential Complexity) Vulnerability in `pythonic_tool_parser.py`: A Regular Expression Denial of Service (ReDoS) vulnerability exists in the vLLM project. The vulnerability is due to the use of a highly complex and nested regular expression for tool call detection, which can be exploited to cause severe performance degradation or service unavailability. Source: vulners.com.
4. Mautic does not shield .env files from web traffic: A security vulnerability in Mautic allows sensitive .env configuration files to be directly accessible via a web browser. This could lead to the disclosure of sensitive information, including database credentials, API keys, and other critical system configurations. Source: vulners.com.
5. Argo CD allows cross-site scripting on repositories page: A vulnerability in Argo CD allows an attacker to perform arbitrary actions on behalf of the victim via the API, such as creating, modifying, and deleting Kubernetes resources. This is due to improper filtering of URL protocols in the repository page, allowing cross-site scripting. Source: vulners.com.

Sponsored by Wallarm API Security Solution

Final Words

That's all for today's edition of Secret CISO. As we've seen, the cybersecurity landscape is ever-evolving, with new threats and vulnerabilities emerging daily. From data breaches affecting millions to ransomware attacks causing significant disruption, it's clear that maintaining robust security measures is more critical than ever.

On a more positive note, we're also witnessing proactive steps being taken to enhance cybersecurity education and awareness, as well as ongoing efforts to address software vulnerabilities. It's a continuous battle, but with vigilance and collaboration, we can make strides in securing our digital world.

Remember, knowledge is power. By staying informed, we can all play a part in mitigating cybersecurity risks. If you found this newsletter helpful, please consider sharing it with your friends and colleagues. Let's work together to spread awareness and foster a culture of cybersecurity.

Stay safe, stay informed, and see you in the next edition of Secret CISO.