Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity challenges and breakthroughs shaping our digital world. As we dive into the stories of the day, a common thread emerges—an urgent call for vigilance and adaptation in the face of evolving threats.

In India, security leaders are grappling with a multifaceted landscape, where AI, regulatory changes, and a talent gap converge to test their resilience. Meanwhile, across the globe, the Texas Department of Transportation faces the fallout of a massive data breach, highlighting the pervasive nature of cyber threats.

Legal battles unfold as companies like 23andMe and Covenant Health find themselves under scrutiny, while Microsoft takes decisive action with its latest Patch Tuesday update, addressing critical vulnerabilities that could have far-reaching consequences.

In the realm of vulnerabilities, new discoveries in Secure Boot and Windows SMB underscore the relentless pursuit of those seeking to exploit weaknesses. Yet, the cybersecurity community stands firm, as demonstrated by the unmasking of a Canadian hacker, a testament to the power of collaboration and vigilance.

As we navigate these stories, one thing is clear: the cybersecurity landscape is ever-changing, demanding constant attention and proactive measures to safeguard our digital future. Stay informed, stay secure, and join us as we continue to explore the challenges and triumphs in the world of cybersecurity.

Data Breaches

1. India's Security Leaders Struggle to Keep Up With Threats: Business and security executives in India are increasingly concerned about the challenges posed by AI, cybersecurity threats, new digital privacy regulations, and a significant talent gap. These issues are creating a complex landscape for security leaders in the region. Source: Dark Reading.
2. TxDOT Reports Data Breach of Nearly 300,000 Crash Reports: The Texas Department of Transportation (TxDOT) has reported a data breach involving the unauthorized download of nearly 300,000 crash reports. The compromised data includes personal information such as names, addresses, and driver's license numbers. Source: Industry Insider.
3. IT Co. Urges 1st Circ. To Affirm It's Blameless For Data Breach: An information security technology company is seeking affirmation from the First Circuit that it is not liable for a 2018 data breach. The breach exposed sensitive information, and the company argues it should not be held responsible. Source: Law360.
4. 23andMe Leadership Grilled by Lawmakers Demanding Answers About Data Security: Lawmakers are questioning 23andMe's leadership regarding data security practices amid concerns over a potential sale and previous data breaches. The focus is on ensuring the protection of sensitive genetic data. Source: The Record.
5. Covenant Health Sued Over Data Breach: A class-action lawsuit has been filed against Covenant Health and St. Joseph Hospital following a data breach in May 2025. The breach compromised sensitive patient information, prompting legal action from affected individuals. Source: WMTW.

Security Research

1. June Patch Tuesday resolves Windows zero-day: Microsoft has addressed a critical zero-day vulnerability in its latest Patch Tuesday update. This vulnerability had been actively exploited, posing a significant risk to Windows users worldwide. The update resolves 66 vulnerabilities, highlighting the importance of timely patching to maintain system security. Source: TechTarget
2. ConnectWise rotating code signing certificates over security concerns: ConnectWise has decided to rotate its code signing certificates following concerns raised by a third-party security researcher. The issue involved potential risks in configuration data that could compromise security. This proactive measure aims to safeguard the integrity of their software and protect users from potential threats. Source: Bleeping Computer
3. PoC Code Escalates Roundcube Vuln Threat: A proof-of-concept (PoC) code has been released that escalates the threat level of a vulnerability in Roundcube, an open-source email client. The vulnerability was disclosed by security researcher Kirill Firsov, prompting the release of version 1.5.10 to address the issue. Users are urged to update to mitigate potential exploitation risks. Source: Dark Reading
4. New Secure Boot flaw lets attackers install bootkit malware, patch now: Security researchers have uncovered a new Secure Boot bypass vulnerability, tracked as CVE-2025-3052. This flaw allows attackers to disable security features on PCs and servers, enabling the installation of bootkit malware. Users are advised to apply patches immediately to prevent potential exploitation. Source: Bleeping Computer
5. Alleged Canadian hacker unmasked after threatening cybersecurity researcher: A cybersecurity researcher played a key role in unmasking an alleged Canadian hacker who had been threatening them online. The indictment reveals the hacker's intent to enrich themselves through unauthorized computer access and data theft. This case underscores the importance of collaboration and vigilance within the cybersecurity community. Source: CTV News

Top CVEs

1. CVE-2025-33073: Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network. This vulnerability can be exploited to gain unauthorized access to sensitive data or systems, posing a significant risk to organizations relying on Windows environments. Source.
2. CVE-2025-27817: A vulnerability in Apache Kafka Client allows arbitrary file read and SSRF, potentially exposing sensitive data or enabling unauthorized network requests. Attackers can exploit this flaw to escalate privileges or access restricted resources, especially in environments where client configurations are exposed to untrusted parties. Source.
3. CVE-2025-33053: External control of file name or path in WebDAV allows an unauthorized attacker to execute code. This vulnerability can be leveraged to run arbitrary commands on the server, leading to potential data breaches or system compromise. Source.
4. CVE-2025-1041: An improper input validation in Avaya Call Management System could allow unauthorized remote command execution via specially crafted web requests. This vulnerability affects multiple versions and poses a risk of unauthorized access and control over affected systems. Source.
5. CVE-2025-47170: Use after free in Microsoft Office Word allows an unauthorized attacker to execute code. This vulnerability can be exploited to run malicious code on a victim's machine, potentially leading to data theft or system compromise. Source.

API Security

1. Apache CloudStack Privilege Escalation Vulnerability (CVE-2025-47713): A privilege escalation vulnerability in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 allows a malicious Domain Admin user in the ROOT domain to reset the password of user-accounts of Admin role type. This can lead to unauthorized access to sensitive APIs and resources, compromising resource integrity and confidentiality. Users are advised to upgrade to Apache CloudStack 4.19.3.0 or 4.20.1.0 to mitigate this issue. Source: Vulners.
2. Apache CloudStack API Key Exposure (CVE-2025-47849): This vulnerability allows a malicious Domain Admin user in the ROOT domain to obtain the API key and secret key of Admin role type user-accounts in the same domain. This can lead to unauthorized access and potential data loss. Users should upgrade to Apache CloudStack 4.19.3.0 or 4.20.1.0 to resolve this issue. Source: Vulners.
3. Apache CloudStack Kubernetes Cluster Vulnerability (CVE-2025-26521): When creating a CKS-based Kubernetes cluster, the API key and secret key of the 'kubeadmin' user are exposed to project members, potentially allowing them to impersonate and perform privileged actions. Users are advised to upgrade to version 4.19.3.0 or 4.20.1.0 to address this vulnerability. Source: Vulners.
4. ArchiverSpaApi Hard-Coded JWT Key (CVE-2025-35940): The ArchiverSpaApi ASP.NET application uses a hard-coded JWT signing key, allowing unauthenticated remote attackers to generate verifiable JWT tokens and access protected URLs. This vulnerability requires immediate attention to secure the application. Source: Vulners.
5. Nautobot Media File Access Vulnerability: Nautobot allows uploaded media files to be accessed without authentication, posing a risk of unauthorized data retrieval. The issue is mitigated in Nautobot v2.4.10 and v1.6.32 by enforcing user authentication on the endpoint. Source: Vulners.

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the cybersecurity landscape is as dynamic and challenging as ever. From India's security leaders grappling with AI and regulatory challenges to the Texas Department of Transportation's significant data breach, the need for vigilance and proactive measures is more pressing than ever.

We've also seen how companies like ConnectWise are taking proactive steps to safeguard their systems, while vulnerabilities in widely-used platforms like Windows and Apache CloudStack remind us of the constant need for timely updates and patches. The stories of legal battles and legislative scrutiny, such as those involving 23andMe and Covenant Health, highlight the growing importance of accountability and transparency in data security practices.

In this ever-evolving field, staying informed is crucial. We hope today's insights have equipped you with valuable knowledge to navigate these challenges. If you found this newsletter helpful, please consider sharing it with your friends and colleagues. Together, we can build a more secure digital world.

Until next time, stay safe and stay informed!