Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity breaches and vulnerabilities that have surfaced on June 13th. In a world where data is the new gold, today's revelations underscore the critical need for robust security measures across industries.

We begin with a staggering data breach at AT&T, where an old dataset has resurfaced, putting 86 million customers at risk. This incident is a stark reminder of the long-lasting impact of data mismanagement. Meanwhile, the healthcare sector faces its own crisis, with over 8 million patient records exposed, highlighting the urgent need for enhanced security protocols.

In the realm of AI, OpenAI's security has been breached over a thousand times, raising alarms about the vulnerabilities inherent in cutting-edge technologies. Similarly, LexisNexis and Smile Solutions are grappling with breaches that emphasize the importance of vigilance in data protection.

On the technological front, a Google bug that allowed brute-forcing of user phone numbers has been swiftly addressed, while researchers warn of an ongoing campaign targeting Microsoft Entra ID accounts. These incidents highlight the relentless efforts of cybercriminals to exploit even the smallest vulnerabilities.

As we delve deeper, we uncover a dark adtech empire using fake CAPTCHAs to spread disinformation, and a zero-click exploit in Microsoft Copilot that could have compromised sensitive data. These stories serve as a cautionary tale of the sophisticated methods employed by malicious actors.

Finally, we explore a series of critical vulnerabilities, from privilege escalation in WordPress plugins to SQL injection in XWiki, each posing significant risks if left unaddressed. These vulnerabilities underscore the importance of secure coding practices and the need for constant vigilance in the ever-evolving cybersecurity landscape.

Stay informed and stay secure with Secret CISO, your daily dose of cybersecurity insights.

Data Breaches

1. AT&T Data Breach: This troubling AT&T data breach has put 86 million customers at risk of identity theft, with over 44 million Social Security Numbers included in the data leak. The information is reportedly from an old dataset. Source.
2. 8M Patient Records Leaked in Healthcare Data Breach: A massive healthcare data leak exposed over 8 million patient records, raising significant privacy concerns. The breach highlights the need for enhanced security measures in the healthcare sector. Source.
3. LexisNexis Admits to Data Breach: LexisNexis Risk Solutions has acknowledged a breach that compromised the security of personal information. Notifications have been sent to affected individuals, emphasizing the importance of vigilance in data protection. Source.
4. Smile Solutions of Goodlettsville Data Breach: Smile Solutions of Goodlettsville experienced a data security event involving its former debt recovery vendor, NRS. The breach has prompted an investigation by Levi & Korsinsky, LLP. Source.
5. OpenAI Breached More Than 1000 Times: OpenAI, the company behind ChatGPT, has reportedly suffered a security breach 1140 times, according to data from Cybernews. This raises concerns about the security measures in place for AI technologies. Source.

Security Research

1. Google Bug Allowed Brute-Forcing of Any User Phone Number: A security researcher discovered a vulnerability in Google's anti-bot mechanism that allowed automated guessing of user phone numbers. This flaw was quickly addressed by Google to prevent potential misuse. Source.
2. Researchers Warn of Ongoing Entra ID Account Takeover Campaign: Attackers are exploiting the TeamFiltration pentesting framework to take over Microsoft Entra ID accounts, formerly known as Azure AD. This campaign highlights the need for robust security measures to protect identity management systems. Source.
3. Inside a Dark Adtech Empire Fed by Fake CAPTCHAs: Security researchers uncovered that Kremlin-backed disinformation campaigns were using fake CAPTCHAs to bypass social media moderation. This discovery sheds light on the sophisticated methods used to spread misinformation online. Source.
4. Researchers Detail Zero-Click Copilot Exploit 'EchoLeak': Aim Security researchers disclosed a critical vulnerability in Microsoft Copilot that could have enabled zero-click attacks, potentially compromising sensitive data. This highlights the importance of securing AI-driven tools. Source.
5. Paragon Spyware Used To Target European Journalists, Warns Citizen Labs: Citizen Labs reported that Paragon spyware has been used to target devices of Italian journalists, raising concerns about surveillance and press freedom. This incident underscores the ongoing threats to journalists worldwide. Source.

Top CVEs

1. CVE-2025-4232: An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™ app on macOS allows a non-administrative user to escalate their privileges. This vulnerability could potentially allow unauthorized users to gain higher-level access to systems, posing a significant security risk. Source: Vulners.
2. CVE-2025-4231: A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user. This requires network access to the management web interface and successful authentication, highlighting the importance of securing administrative credentials. Source: Vulners.
3. CVE-2025-30399: Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code. This vulnerability underscores the need for secure coding practices and careful management of search paths to prevent unauthorized code execution. Source: Vulners.
4. CVE-2024-56158: XWiki, a generic wiki platform, is vulnerable to SQL injection in Oracle databases, allowing execution of any SQL query. This vulnerability highlights the critical need for input validation and query sanitization to protect against database exploitation. Source: Vulners.
5. CVE-2025-5012: The Workreap plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation. This flaw allows authenticated attackers to upload malicious files, potentially leading to remote code execution. Source: Vulners.

API Security

1. CVE-2025-5288: The REST API | Custom API Generator For Cross Platform And Import Export In WP plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the process_handler() function in versions 1.0.0 to 2.0.3. This allows unauthenticated attackers to create a new user with full Administrator privileges by importing specially crafted JSON. Source: Vulners.
2. Vantage6 Server JWT secret not cryptographically secure: The JWT secret key in the vantage6 server is auto-generated using UUID1, which is predictable and not cryptographically secure. Users are advised to define their own JWT secret key in the server configuration to mitigate this vulnerability. Source: Vulners.
3. XWiki allows SQL injection in query endpoint of REST API with Oracle: XWiki's REST API query endpoint is vulnerable to SQL injection, allowing execution of any SQL query in Oracle. This vulnerability has been patched in versions 16.10.2, 16.4.7, and 15.10.16, and users are advised to upgrade to these versions. Source: Vulners.
4. CVE-2025-2745: A cross-site scripting vulnerability in AVEVA PI Web API version 2023 SP1 and prior could allow authenticated attackers to persist arbitrary JavaScript code. This code executes when users, who have been socially engineered to disable content security policy protections, render annotation attachments. Source: Vulners.
5. CVE-2025-49183: All communication with the REST API is unencrypted (HTTP), allowing attackers to intercept traffic between an actor and the webserver. This vulnerability poses risks of information gathering and unauthorized media downloads. Source: Vulners.

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is constantly evolving, with new threats and vulnerabilities emerging at every turn. From the massive data breaches affecting millions of individuals to the intricate exploits targeting AI technologies and identity management systems, the need for robust cybersecurity measures has never been more critical.

Each story we shared today underscores the importance of staying informed and vigilant. Whether it's the AT&T data breach putting millions at risk, the healthcare sector's ongoing battle with data security, or the vulnerabilities in widely-used platforms like WordPress and Microsoft, these incidents remind us that cybersecurity is a shared responsibility.

We encourage you to share this newsletter with your friends and colleagues. By spreading awareness and fostering a community of informed individuals, we can collectively enhance our defenses against cyber threats. Together, let's build a safer digital world.

Thank you for being a part of the Secret CISO community. Stay safe, stay secure, and see you in the next edition!