Welcome to today's issue of Secret CISO, where we bring you the latest news and insights from the world of cybersecurity. Today, we're diving into a series of data breaches that have led to class-action lawsuits against iHeartMedia, Capital One Bank, DermCare Management, and SogoTrade. We'll also explore the ongoing investigation into threats linked to the PowerSchool data breach in North Carolina, and the potential for more schools to face extortion attempts. In the healthcare sector, we'll discuss the growing importance of data security, as medical records become increasingly attractive targets for cybercriminals.

We'll also look at the communication between a 'threat actor' and the Calgary Board of Education following an online data breach. In other news, we'll delve into the timeline of South Korean telco giant SKT's data breach, considered the most severe security breach in the company's history. We'll also touch on the Forsyth County NC schools warning about the PowerSchool data breach and the hackers' attempts to extort money from schools and families after the breach. On the research front, we'll highlight the work of security researchers who have uncovered critical vulnerabilities in Radware's Cloud Web Application Firewall and the potential risks posed by a vindictive researcher at a high-security NIH lab.

Finally, we'll round up with the latest cybersecurity incidents and breaches around the world, including the Indiana Health System's notification of an Oracle Hack and the UK NCSC's announcement of resilience initiatives. Stay tuned for these stories and more in today's issue of Secret CISO. Stay safe, stay informed.

Data Breaches

1. iHeartMedia Faces Class Action Lawsuit After Major Data Breach: iHeartMedia is facing a class action lawsuit following a significant data breach. Hackers managed to exfiltrate sensitive information, including social security numbers and financial data, that the company failed to secure. Source: Digital Music News
2. Capital One Bank Settlement: Capital One is facing legal action due to its failure to secure customer data, raising serious concerns about banking security. Source: ACS COMP
3. DermCare Management Data Breach Lawsuit Investigation: DermCare Management is under investigation following a data breach. A class action lawsuit is being considered to help victims recover money for any harm. Source: Class Action
4. SogoTrade Data Breach Lawsuit Investigation: SogoTrade is under investigation following a data breach. More information about the incident and how a class action lawsuit could help is being sought. Source: Class Action
5. A timeline of South Korean telco giant SKT's data breach: SK Telecom is dealing with the most severe security breach in the company's history. The company is making efforts to minimize any further damage. Source: TechCrunch

Security Research

1. MirrorFace Targets Japan and Taiwan with ROAMINGMOUSE and Upgraded ANEL Malware: Security researcher Hara Hiroaki reports a new campaign potentially leveraging SharpHide to launch the second stage backdoor NOOPDOOR, primarily targeting Japan and Taiwan. Source: The Hacker News
2. Google Gemini update breaks content filters: Security researcher Jack Darcy, based in Brisbane, Australia, has reported an issue with Google's Gemini update that prevents disabling content filters. Source: The Register
3. SonicWall Issues Patch for Exploit Chain in SMA Devices: A security researcher at Rapid7 reports on SonicWall's patch for an exploit chain in SMA devices, suggesting that the patch may have been intended to address the root cause of the vulnerability. Source: Dark Reading
4. Hackers Have Leaked 19 Billion Passwords | Check If Yours Is at Risk: In a shocking revelation, cybersecurity researchers have discovered that over 19 billion passwords are now circulating online, marking one of the biggest digital security shocks ever. Source: TECHi
5. Radware Cloud Web App Firewall Vulnerability Let Attackers Bypass Filters: Security researchers have uncovered critical vulnerabilities in Radware's Cloud Web Application Firewall (WAF) that could allow attackers to bypass filters. Source: Cyber Security News

Top CVEs

1. CVE-2025-4207: A buffer over-read in PostgreSQL GB18030 encoding validation can cause temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are vulnerable. Source: CVE-2025-4207
2. CVE-2025-0505: On Arista CloudVision systems, Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary. This can be used to query or manipulate system state for devices under management. Note that CloudVision as-a-Service is not affected. Source: CVE-2025-0505
3. CVE-2025-37833: In the Linux kernel, a vulnerability has been resolved in net/niu. Niu requires MSIX ENTRY_DATA fields touch before entry reads. Fix niu_try_msix() to not cause a fatal trap on sparc systems. Set PCI_DEV_FLAGS_MSIX_TOUCH_ENTRY_DATA_FIRST on the struct pci_dev to work around a bug in the hardware or firmware. Source: CVE-2025-37833
4. CVE-2025-37829: In the Linux kernel, a vulnerability has been resolved in cpufreq: scpi. Fix null-ptr-deref in scpi_cpufreq_get_rate(). cpufreq_cpu_get_raw() can return NULL when the target CPU is not present in the policy->cpus mask. scpi_cpufreq_get_rate() does not check for this case, which results in a NULL pointer dereference. Source: CVE-2025-37829
5. CVE-2024-9448: On affected platforms running Arista EOS with Traffic Policies configured, the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. If the rule was to drop the packet, the packet will not be dropped and instead will be forwarded as if the rule was not in place. This could lead to packets being delivered to unexpected destinations. Source: CVE-2024-9448

API Security

1. Grocery-CMS-PHP-Restful-API v1.3 Vulnerability (CVE-2023-31585): The Grocery-CMS-PHP-Restful-API v1.3 has been found to be vulnerable to File Upload attacks. This vulnerability could allow an attacker to upload malicious files to the server, potentially leading to further exploitation. Source: Vulners.
2. OpenStack Ironic File Path Restriction Failure (GHSA-Q3M2-CRGQ-5P3Q): OpenStack Ironic versions prior to 29.0.1 fail to restrict paths used for file:// image URLs. This could allow a malicious project assigned as a node owner to provide a path to any local file, potentially leading to unintended files being written to the target node disk. Source: Vulners.
3. OpenStack Ironic File Path Restriction Failure (CVE-2025-44021): This is a repeat of the previous vulnerability, affecting OpenStack Ironic versions prior to 29.0.1. The same potential for unintended file writing to the target node disk exists. Source: Vulners.
4. TeleMessage Archiving Backend Vulnerability (CVE-2025-47730): The TeleMessage archiving backend accepts API calls with certain credentials, potentially leading to unauthorized access or other security concerns. Source: Vulners.
5. Ollama File Existence Disclosure Vulnerability (CVE-2024-39719): Ollama versions 0.3.14 and earlier are vulnerable to a file existence disclosure vulnerability. This could allow an attacker to detect the existence of specific files on the server, potentially leading to information leakage. Source: Vulners.

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. As we've seen, the world of cybersecurity is ever-evolving, with new threats and challenges emerging daily. From major data breaches at iHeartMedia and Capital One Bank to ongoing investigations into the PowerSchool data breach, it's clear that no organization is immune to cyber threats. But it's not all doom and gloom. With the right knowledge, tools, and strategies, we can all play a part in creating a safer digital world. So, let's continue to stay informed, share insights, and work together to tackle these challenges head-on.

If you found today's newsletter helpful, please consider sharing it with your friends and colleagues. Remember, knowledge is power, and in the world of cybersecurity, it's our best defense. Stay safe and see you in the next edition of Secret CISO.