Welcome to today's edition of Secret CISO, where we unravel a web of security breaches and vulnerabilities that are reshaping the digital landscape. From the high-stakes world of cryptocurrency to the personal data of millions, the need for fortified defenses has never been more urgent.

In a dramatic turn of events, Binance has fallen victim to a $6.5 million cryptocurrency heist, spotlighting the persistent vulnerabilities in digital asset exchanges. Meanwhile, SK Telecom and AT&T grapple with breaches that have exposed sensitive customer data, underscoring the critical need for robust cybersecurity measures.

Google's recent advisory for 2 billion Gmail users to change their passwords serves as a stark reminder of the ongoing battle against data breaches. Similarly, the Illinois HFS breach and the Discord scam alert highlight the diverse tactics employed by cybercriminals to exploit unsuspecting users.

As hackers find new ways to bypass antivirus software using Google.com, and deepfakes threaten public figures, the call for enhanced cybersecurity education becomes ever more pressing. The Inspector General's push for student training in cybersecurity aims to equip future generations with the skills needed to combat these evolving threats.

In the realm of WordPress, a series of vulnerabilities, including Local File Inclusion and Cross-Site Request Forgery, pose significant risks to website security. These incidents emphasize the importance of vigilance and timely updates to protect against potential exploits.

Stay informed and stay secure with Secret CISO, where we bring you the latest insights and strategies to navigate the complex world of cybersecurity.

Data Breaches

1. Security Breach Leads to $6.5 Million Cryptocurrency Theft - Binance: A significant security breach at Binance has resulted in the theft of approximately $6.5 million in cryptocurrency. This incident highlights the ongoing vulnerabilities in digital asset exchanges and the need for enhanced security measures. Source: Binance.
2. SK Group focuses on rebuilding trust after SK Telecom's data breach - The Korea Times: SK Telecom is facing a ban on enrolling new customers following a data breach involving customers' universal subscriber identity module (USIM) information. The company is now working on rebuilding trust and enhancing its security protocols. Source: The Korea Times.
3. Change Your Gmail Password Now, Google Tells 2 Billion Users - Forbes: In response to a recent data breach, Google has advised its users to change their Gmail passwords. The breach has raised concerns about password security and the need for more robust authentication methods. Source: Forbes.
4. Illinois HFS Warns About Data Breach - Effingham Radio: A data breach at the Illinois Department of Healthcare and Family Services (HFS) has compromised emails and documents, including customer names and social security numbers. The breach underscores the importance of securing sensitive information within government agencies. Source: Effingham Radio.
5. Social Security Numbers at Risk — AT&T Hack Puts 44 Million Americans in Danger: A data breach at AT&T has exposed the personal information of approximately 44 million Americans, including social security numbers. This incident highlights the critical need for improved cybersecurity measures to protect customer data. Source: Grada3.

Security Research

1. Students should be trained in cybersecurity: IG
2. The Inspector General emphasizes the importance of cybersecurity education for students, highlighting the need for coordinated efforts between industry and academia. This initiative aims to equip future generations with the necessary skills to tackle emerging cyber threats effectively. The National Cyber Security Research Council at Technopark, Thiruvananthapuram, plays a pivotal role in this educational push. Source:
3. The New Indian Express
4. Discord Scam Alert: How One Click Can Drain Your Funds
5. Security researchers at Check Point have identified a new scam on Discord where threat actors exploit expired or deleted vanity invite links. These links redirect users to malicious sites, leading to potential financial losses. Users are advised to be cautious and verify the authenticity of invite links before clicking. Source:
6. The420.in
7. Hackers are using Google.com to deliver malware by bypassing antivirus software
8. A report by security researchers at c/side reveals a sophisticated method where hackers use Google.com to deliver malware. This technique is subtle and conditionally triggered, making it difficult for both users and conventional antivirus software to detect. The report highlights the need for enhanced vigilance and updated security measures. Source:
9. TechRadar
10. Massive Blue Reveals How Deepfakes Are Creating New Threats to Public Figures
11. Security researchers are focusing on the increasing threat of deepfakes, which pose significant risks to public figures' safety, finances, and legal standing. The report by Massive Blue highlights recent incidents and urges for more robust detection and mitigation strategies to combat this growing issue. Source:
12. TechTimes
13. Windows 11 24H2 KASLR Broken Using an HVCI-Compatible Driver with Physical Memory Access
14. Security researcher Yazid has published a novel approach to breaking Windows 11's Kernel Address Space Layout Randomization (KASLR) using an HVCI-compatible driver. This method allows attackers to obtain the Windows kernel base address, posing a significant security risk. The research calls for immediate attention to patch this vulnerability. Source:
15. Cybersecurity News

Top CVEs

1. CVE-2025-4200: The Zagg - Electronics & Accessories WooCommerce WordPress Theme is vulnerable to Local File Inclusion in all versions up to 1.4.1 via the load_view() function. This allows unauthenticated attackers to include and execute arbitrary files on the server, potentially bypassing access controls and obtaining sensitive data. Source: Vulners.
2. CVE-2025-3234: The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to 1.8.8. Authenticated attackers with Administrator-level access can upload arbitrary files, potentially leading to remote code execution. Source: Vulners.
3. CVE-2025-6065: The Image Resizer On The Fly plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete' task in all versions up to 1.1. This allows unauthenticated attackers to delete arbitrary files on the server, potentially leading to remote code execution. Source: Vulners.
4. CVE-2025-6070: The Restrict File Access plugin for WordPress is vulnerable to Directory Traversal in all versions up to 1.1.2 via the output() function. Authenticated attackers with Subscriber-level access can read the contents of arbitrary files on the server, which may contain sensitive information. Source: Vulners.
5. CVE-2025-6063: The XiSearch bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 2.6 due to missing or incorrect nonce validation. This allows unauthenticated attackers to update settings and inject malicious web scripts via a forged request if they can trick a site administrator into performing an action. Source: Vulners.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is fraught with challenges and opportunities alike. From the significant cryptocurrency theft at Binance to the pressing need for cybersecurity education, each story underscores the importance of vigilance and proactive measures in safeguarding our digital world.

Whether it's the alarming data breaches affecting millions or the innovative scams exploiting everyday platforms like Discord, the message is consistent: cybersecurity is everyone's responsibility. As we navigate these turbulent waters, sharing knowledge and staying informed are our best defenses.

If you found today's insights valuable, please consider sharing this newsletter with your friends and colleagues. Together, we can build a more secure and resilient digital future. Stay safe, stay informed, and see you in the next edition of Secret CISO!