Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity threats and defenses. June 10th brings a cascade of alarming revelations and critical updates that underscore the relentless nature of cyber threats.

In a staggering breach, 86 million AT&T customers find their personal data, including 44 million Social Security Numbers, exposed, igniting fears of widespread identity theft. Meanwhile, Mastery Schools and Epworth Healthcare grapple with their own data breaches, highlighting vulnerabilities in both educational and healthcare sectors.

The threat landscape intensifies as SentinelOne uncovers a breach attempt linked to Chinese threat actors, while also warning cybersecurity vendors of similar attacks. Google swiftly patches a vulnerability that could have exposed user phone numbers, showcasing the importance of rapid response in cybersecurity.

On the malware front, the Myth Stealer targets Chrome and Firefox users through fake gaming sites, and malicious npm packages threaten system integrity, emphasizing the need for vigilance in software supply chains.

In the realm of vulnerabilities, critical flaws in Salesforce's Industry Cloud and Apache Kafka demand immediate attention, while Fortinet products and Nautobot face their own security challenges. The matrix-rust-sdk and GeoServer vulnerabilities further illustrate the diverse range of threats facing organizations today.

Stay informed and prepared as we delve deeper into these stories, offering insights and strategies to fortify your defenses against the ever-evolving cyber threat landscape.

Data Breaches

1. Major data breach exposes 86 million AT&T customer records, sparking identity theft fears: A significant data breach has exposed the personal information of 86 million AT&T customers, including over 44 million Social Security Numbers. This breach has raised serious concerns about identity theft and the security measures in place to protect such sensitive data. Source.
2. Mastery Schools Notifies 37,031 of Major Data Breach: Mastery Schools has informed over 37,000 individuals about a data breach that occurred in September 2024. The breach compromised a wide range of sensitive information, including Social Security numbers and medical details, highlighting the ongoing vulnerabilities in educational institutions. Source.
3. Victorian hospital provider suffers alleged data breach: Epworth Healthcare, a Victorian private hospital group, has reportedly suffered a data breach after a ransomware group leaked 40 gigabytes of sensitive data. This incident underscores the growing threat of ransomware attacks on healthcare providers. Source.
4. Jackson Health System discloses insider data breach affecting over 2000 patients: Jackson Health System has revealed an insider data breach involving unauthorized access and misuse of protected health information of over 2000 patients. This breach highlights the risks posed by internal threats within healthcare organizations. Source.
5. SentinelOne shares new details on China-linked breach attempt: SentinelOne has disclosed new information about a breach attempt linked to Chinese threat actors. This incident is part of a broader pattern of cyberattacks attributed to state-sponsored groups, emphasizing the need for robust cybersecurity defenses. Source.

Security Research

1. Google vulnerability leaking phone numbers remediated: A security researcher named brutecat discovered an exploit that could expose the full display names and phone numbers of targeted Google accounts. This vulnerability was quickly addressed by Google, preventing potential misuse. Source: SC Media
2. SentinelOne Warns Cybersecurity Vendors of Chinese Attacks: SentinelOne has issued a warning to cybersecurity vendors about ongoing attacks from Chinese threat actors. The company urges its peers to remain vigilant and prepare for similar threats. Source: Infosecurity Magazine
3. Rust-based Myth Stealer Malware Spread via Fake Gaming Sites Targets Chrome, Firefox Users: Security researchers have identified a new malware, dubbed Myth Stealer, spreading through fake gaming sites. This malware targets users of Chrome and Firefox, posing a significant threat to personal data security. Source: The Hacker News
4. Poisoned npm Packages Aim for System Wipeout: Researchers from Socket Security discovered malicious npm packages designed to wipe out systems. These packages disguise themselves as utilities, highlighting the need for vigilance in software supply chains. Source: Dark Reading
5. Five Zero-Days, 15 Misconfigurations Found in Salesforce Industry Cloud: Security researchers have uncovered five zero-day vulnerabilities and 15 misconfigurations in Salesforce's Industry Cloud. These findings underscore the importance of proper configuration and security measures in cloud environments. Source: SecurityWeek

Top CVEs

1. CVE-2024-47081: A vulnerability in the Requests HTTP library prior to version 2.32.4 could leak .netrc credentials to third parties through maliciously-crafted URLs. Users are advised to upgrade to version 2.32.4 or disable the use of the .netrc file with trust_env=False. Source.
2. CVE-2025-27818: Apache Kafka has a security flaw that allows an authenticated operator to execute Java deserialization gadget chains on the Kafka connect server by exploiting the sasl.jaas.config property. This can lead to unrestricted deserialization of untrusted data or RCE vulnerabilities. Source.
3. CVE-2025-49651: Lablup's BackendAI has a missing authorization vulnerability that allows attackers to take over all active sessions, potentially accessing, stealing, or altering session data. This affects all current versions. Source.
4. CVE-2025-5888: A cross-site request forgery vulnerability in jsnjfz WebStack-Guns 1.0 allows remote attackers to exploit an unknown functionality. Despite early vendor notification, no response was received. Source.
5. CVE-2025-4387: The Abandoned Cart Pro for WooCommerce plugin has an arbitrary file upload vulnerability due to missing file type validation, allowing authenticated attackers to upload files that could lead to remote or local code execution. Source.

API Security

1. CVE-2025-22254: An Improper Privilege Management vulnerability in Fortinet products allows an authenticated attacker with read-only admin permissions to gain super-admin privileges via crafted requests to Node.js websocket. This affects FortiOS, FortiProxy, and FortiWeb in specific versions. Source.
2. CVE-2024-45329: Fortinet FortiPortal has an authorization bypass vulnerability that allows an authenticated attacker to view unauthorized device information by modifying keys in the API. This affects specific versions of FortiPortal. Source.
3. CVE-2025-49142: Nautobot's Jinja2 templating feature has a vulnerability that could expose Secrets or allow API calls to modify data, bypassing object permissions. This affects Nautobot versions prior to 2.4.10 and 1.6.32. Source.
4. CVE-2025-48937: The matrix-rust-sdk has a vulnerability where a malicious homeserver operator can modify events to appear as if sent by another user. This affects versions 0.8.0 to 0.11.0 and is fixed in 0.11.1. Source.
5. CVE-2024-40625: GeoServer's Coverage REST API allows attackers to upload files without restriction, presenting a Server Side Request Forgery opportunity. This vulnerability has been fixed in later versions. Source.

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is fraught with challenges and opportunities alike. From the massive data breach affecting millions of AT&T customers to the vulnerabilities discovered in popular platforms like Salesforce and Google, the need for robust cybersecurity measures has never been more critical.

We've also seen how educational institutions, healthcare providers, and even gaming sites are not immune to cyber threats. The rise of state-sponsored attacks and insider threats further complicates the security landscape, reminding us all of the importance of vigilance and proactive defense strategies.

In the world of vulnerabilities, the recent discoveries in widely-used software and platforms highlight the ongoing battle between security researchers and malicious actors. Staying informed and prepared is key to safeguarding our digital assets and personal information.

If you found today's insights valuable, please consider sharing this newsletter with your friends and colleagues. Together, we can build a more informed and resilient community, ready to tackle the cybersecurity challenges of tomorrow.

Stay safe, stay secure, and see you in the next edition of Secret CISO!