Welcome to today's edition of Secret CISO, your daily dose of cybersecurity news and insights. Today, we're diving into a series of significant data breaches and security lapses that have rocked the tech world. First up, we discuss the recent departure of key cyber experts from NIST, leaving a void in standards and research. This comes at a time when cybersecurity threats are on the rise, and the need for robust security standards is more critical than ever.

Next, we delve into the cyber attack on South African Airways, which has raised concerns about the security and integrity of their business systems. This incident underscores the importance of robust cybersecurity measures in protecting consumer data. In a similar vein, we examine the massive data leak at South Korea's largest mobile carrier, SK Telecom. The company's chairman has publicly apologized for the breach, vowing to strengthen cybersecurity measures. We also touch on T-Mobile's data breach settlement payments to affected customers, a stark reminder of the financial implications of cybersecurity incidents.

In other news, a massive data breach has exposed 19 billion passwords, with a staggering 94% found to be reused or common. This highlights the importance of creating unique and strong passwords as a key protective measure against breaches. We also cover a data breach at a Greensboro law firm, a vendor data breach affecting Providence Swedish patient information, and a data breach compromising the info of 1,000 patients from Edmonds hospital. Finally, we discuss the role of AI and infrastructure resilience in US security, the emergence of machine identities as a critical security blind spot, and the latest research on cybersecurity threats and solutions.

Stay tuned for more updates and remember, knowledge is the first line of defense in cybersecurity. Stay safe, stay informed with Secret CISO.

Data Breaches

1. NIST Loses Key Cyber Experts in Standards and Research: The head of the Computer Security Division at the National Institute of Standards and Technology (NIST) and approximately a dozen of his subordinates have accepted retirement offers from the Trump administration. This could potentially impact the agency's cybersecurity standards and research. Source: Cybersecurity Dive
2. SAA Hit by Cyber Attack: South African Airways (SAA) has been targeted in a cyber attack, compromising the security and integrity of their business systems. The protection of consumer data remains a top priority for the airline. Source: ITWeb
3. SK Group Chairman Apologizes for Massive Data Leak at SK Telecom: SK Group Chairman Chey Tae-won has issued an apology for a significant data leak at South Korea's largest mobile carrier, SK Telecom. The company is now focusing on strengthening its cybersecurity measures. Source: Reuters
4. T-Mobile Begins $350M Data Breach Settlement Payments to Affected Customers: T-Mobile has started issuing settlement payments to customers affected by one of the largest telecommunications security incidents in recent history. The breach occurred due to vulnerabilities in T-Mobile's systems. Source: Mobile ID World
5. 19 Billion Passwords Exposed in Massive Data Breach, 94% Found Reused or Common: A massive data breach has exposed 19 billion passwords, with 94% found to be reused or common. Security experts recommend implementing protective measures such as creating unique and strong passwords in response to such breaches. Source: Mobile ID World

Security Research

1. AUSCERT CYBER SECURITY CONFERENCE: The AusCERT Cyber Security Conference, a global threat research event, is set to take place featuring Alex Tilley, an award-winning cybercrime researcher. Source: PRWire
2. Brazil's Cyber Push: AI Strategy, Regulatory Oversight: Brazil is making strides in national security and research, with a focus on AI strategy and regulatory oversight. The initiative is run by the office of a renowned computer scientist and information security researcher. Source: BankInfoSecurity
3. Identity-Centric Approach: BeyondTrust Chief Technology Officer Marc Maiffret: Marc Maiffret, a security researcher and CTO at BeyondTrust, is known for his pioneering work in Microsoft vulnerability research. He co-discovered and named Code Red, the first significant internet worm. Source: Yahoo Tech
4. Researcher Says Fixed Commvault Bug Still Exploitable: A security researcher has found that a previously fixed bug in Commvault software is still exploitable. Such flaws are considered relatively easy for attackers to exploit and particularly dangerous. Source: Dark Reading
5. Senate Democrat calls on DOJ to investigate risks from Signal-like app: Senator Wyden has called attention to a security researcher's findings that a Signal-like app sends unencrypted copies of every message to a server, posing potential security risks. Source: The Hill

Top CVEs

1. Quarkus WebAuthn module vulnerability (CVE-2024-12225): A flaw in Quarkus's quarkus-security-webauthn module could allow attackers to gain unauthorized access. When developers provide custom REST endpoints, the default endpoints remain accessible, potentially allowing attackers to obtain a login cookie that has no corresponding user in the Quarkus application. Source: CVE-2024-12225
2. Google Chrome WebAudio vulnerability (CVE-2025-4372): A use-after-free vulnerability in WebAudio in Google Chrome prior to 136.0.7103.92 could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. Source: CVE-2025-4372
3. Logstash certificate validation issue (CVE-2025-37730): Improper certificate validation in Logstash's TCP output could lead to a man-in-the-middle (MitM) attack in “client” mode, as hostname verification in TCP output was not being performed when the ssl_verification_mode => full was set. Source: CVE-2025-37730
4. Apache Parquet schema parsing vulnerability (CVE-2025-46762): Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code. The default setting of trusted packages still allows malicious classes from these packages to be executed. Source: CVE-2025-46762
5. Crestron Automate VX privilege escalation (CVE-2025-47420): A vulnerability in Crestron Automate VX allows Privilege Escalation. This issue affects Automate VX: from 5.6.8161.21536 through... Source: CVE-2025-47420

API Security

1. Insecure Direct Object Reference in WPshop 2 – E-Commerce plugin for WordPress: The WPshop 2 – E-Commerce plugin for WordPress versions 2.0.0 to 2.6.0 is vulnerable to Insecure Direct Object Reference via the callback_generate_api_key() due to missing validation on a user-controlled key. This allows authenticated attackers with Subscriber-level access to create valid API keys on behalf of others. Source: CVE-2025-3853
2. Privilege Escalation in WPshop 2 – E-Commerce plugin for WordPress: The WPshop 2 – E-Commerce plugin for WordPress versions 2.0.0 to 2.6.0 is vulnerable to privilege escalation via account takeover due to improper validation of a user's identity prior to updating their details. This allows authenticated attackers to change arbitrary user's passwords and gain access to their accounts. Source: CVE-2025-3852
3. Unauthorized Modification of Data in Search Exclude plugin for WordPress: The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_rest_permission function in all versions up to, and including, 2.4.9. This allows unauthenticated attackers to modify plugin settings and exclude content from search. Source: CVE-2025-2821
4. Exposure of Sensitive Information in Crestron Automate VX: Crestron Automate VX is vulnerable to exposure of sensitive information due to functionality misuse. There is no visible indication when the system is recording and recording can be enabled remotely via a network API. This issue affects Automate VX: from 5.6.8161.21536 through... Source: CVE-2025-47418
5. Cleartext Transmission of Sensitive Information in Crestron Automate VX: Crestron Automate VX is vulnerable to sniffing network traffic due to the device allowing Web UI and API access over non-secure network ports which exposes sensitive information such as user passwords. This issue affects Automate VX: from 5.6.8161.21536 through... Source: CVE-2025-47419

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. We've covered a lot of ground, from the retirement of key cyber experts at NIST to the massive data leak at SK Telecom. It's clear that cybersecurity is a dynamic and ever-evolving field, and staying informed is crucial. Remember, cybersecurity isn't just the responsibility of a select few - it's a team sport.

So, share this newsletter with your colleagues and friends, and let's work together to create a safer digital world. Stay safe, stay informed, and see you in the next edition of Secret CISO.