Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity challenges and innovations shaping our digital landscape. Today's issue is a gripping tale of breaches, vulnerabilities, and the relentless pursuit of security in an ever-evolving threat environment.

We begin with a series of unsettling data breaches that have rocked various sectors. Episource, LLC is under scrutiny as investigators delve into a breach compromising sensitive health information. Meanwhile, Kettering Health faces a class-action lawsuit following a significant breach affecting patients with serious health issues. Across the globe, Zoomcar's disclosure of a breach impacting 8.4 million users in India raises alarms about privacy and data protection.

In the realm of cyber extortion, Freedman HealthCare finds itself targeted by a malicious gang, underscoring the persistent threat to healthcare providers. Similarly, BoardDocs' data leak highlights vulnerabilities in educational institutions, with over 60,000 files potentially exposed.

On the international stage, the U.S. government's seizure of $7.74 million in cryptocurrency linked to North Korea's fake IT worker network reveals the cunning tactics used to evade sanctions. Meanwhile, AI research at Arizona State University and the establishment of an AI Safety Institute in China showcase efforts to harness technology responsibly.

In the world of vulnerabilities, we explore critical issues affecting major platforms. From Apple's logic flaw allowing sophisticated attacks to Apache Tomcat's authentication bypass, these vulnerabilities demand immediate attention. The Steel Browser's path traversal vulnerability and OpenSSL's Minerva attack susceptibility further emphasize the need for vigilance.

As we navigate these complex narratives, one thing is clear: the battle for cybersecurity is relentless, requiring constant innovation and adaptation. Stay informed, stay secure, and join us tomorrow for more insights into the world of cybersecurity.

Data Breaches

1. Episource, LLC Data Breach under Investigation by Levi & Korsinsky, LLP: This data breach has raised concerns about the security of sensitive personal and protected health information held by Episource. The investigation is ongoing to determine the extent of the breach and its impact on affected individuals. Source: CBS 42
2. Class-action lawsuit filed against Kettering Health following major data breach: A significant data breach at Kettering Health has led to a class-action lawsuit. The breach reportedly affected patients with serious health issues, prompting legal action to address the potential harm caused. Source: FOX19
3. Nasdaq-traded Zoomcar discloses data breach affecting 8.4M users in India: Zoomcar, a car-sharing company, has disclosed a data breach that compromised the personal data of 8.4 million customers in India. The breach has raised significant privacy concerns among users. Source: UPI.com
4. Freedman HealthCare targeted by cyber extortionists: An extortion gang claims to have breached Freedman HealthCare, a data and analytics firm serving state agencies and health providers. The breach highlights the ongoing threat of cyber extortion in the healthcare sector. Source: The Register
5. BoardDocs data leak potentially affected 64,000 files: A data leak involving BoardDocs, a software vendor for U.S. school districts, potentially exposed over 60,000 files. The incident underscores the importance of robust data protection measures in educational institutions. Source: The Philadelphia Inquirer

Security Research

1. U.S. Seizes $7.74M in Crypto Tied to North Korea's Global Fake IT Worker Network: The U.S. government has seized $7.74 million in cryptocurrency linked to North Korea's extensive network of fake IT workers. This operation highlights the deceptive tactics used by North Korea to circumvent international sanctions and fund its activities. Source: The Hacker News.
2. AI Research at ASU Drives Innovations in Road Safety: Researchers at Arizona State University are pioneering advancements in road safety through AI research. As autonomous vehicles become more prevalent, these innovations aim to enhance the safety and efficiency of road sharing. Source: ASU News.
3. How Some of China's Top AI Thinkers Built Their Own AI Safety Institute: Prominent figures from Tsinghua University have established an AI Safety Institute to address the ethical and safety challenges posed by AI technologies. This initiative underscores China's commitment to leading in AI development while ensuring responsible use. Source: Carnegie Endowment.
4. Copilot AI Bug Could Leak Sensitive Data via Email Prompts: A vulnerability in Copilot AI allows malicious prompts to bypass safety filters, potentially leading to data leaks through email. This discovery emphasizes the need for robust security measures in AI-driven tools. Source: BankInfoSecurity.
5. Scattered Spider Targets Insurance Firms, Google Warns: Google has issued a warning about the Scattered Spider group targeting insurance companies. This cyber threat highlights the increasing sophistication of attacks on critical sectors, urging firms to bolster their defenses. Source: The Register.

Top CVEs

1. CVE-2025-43200: A logic issue in Apple devices allowed maliciously crafted photos or videos shared via iCloud Link to be exploited in sophisticated attacks. This vulnerability has been addressed in various Apple OS updates, including watchOS, macOS, iOS, and iPadOS. Source: Vulners.
2. CVE-2025-49125: Apache Tomcat had an authentication bypass vulnerability due to alternate path access when using PreResources or PostResources. This issue affected multiple versions and has been fixed in newer releases. Source: Vulners.
3. CVE-2025-48988: Apache Tomcat was vulnerable to resource allocation issues without limits, potentially leading to denial of service. Users are advised to upgrade to the latest versions to mitigate this risk. Source: Vulners.
4. CVE-2025-5689: A flaw in the temporary user record of authd in pre-auth NSS could allow a first-time user login to be mistakenly considered part of the root group in SSH context. Source: Vulners.
5. CVE-2025-47869: Apache NuttX RTOS had a buffer overflow vulnerability in its XMLRPC application due to hardcoded buffer sizes. Users are advised to update their code to prevent potential exploitation. Source: Vulners.

API Security

1. Steel Browser Path Traversal Vulnerability (CVE-2025-6152): A critical vulnerability was discovered in Steel Browser up to version 0.1.3, affecting the handleFileUpload function. This issue allows remote attackers to perform path traversal attacks by manipulating the filename argument. A patch has been released to address this vulnerability. Source: Vulners.
2. OpenSSL Minerva Attack Vulnerability (CVE-2025-27587): OpenSSL versions 3.0.0 through 3.3.2 on PowerPC architecture are susceptible to a Minerva attack via the EVP_DigestSign API. This side-channel attack can potentially extract private keys by analyzing signing times. However, the CVE is disputed due to the requirement of the attack process running on the same physical system. Source: Vulners.
3. OpenNext for Cloudflare SSRF Vulnerability: A Server-Side Request Forgery (SSRF) vulnerability was found in the @opennextjs/cloudflare package, allowing attackers to proxy remote content via the /_next/image endpoint. This could lead to domain abuse and phishing risks. Mitigations have been implemented to restrict content loading to images. Source: Vulners.
4. pycares Use-After-Free Vulnerability: The pycares library is vulnerable to a use-after-free condition when a Channel object is garbage collected during pending DNS queries, leading to potential remote crashes. This issue is exacerbated when using event_thread=True. Source: Vulners.
5. Authd SSH Root Group Privilege Escalation: A vulnerability in authd allows new SSH users to be considered members of the root group, leading to local privilege escalation. This occurs under specific configurations involving OAuth 2.0 applications and SSH access settings. Patches and workarounds are available to mitigate this issue. Source: Vulners.

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the landscape of cybersecurity is as dynamic and challenging as ever. From the ongoing investigations into data breaches at Episource and Kettering Health to the alarming disclosure by Zoomcar, the importance of robust data protection measures cannot be overstated. These incidents remind us of the critical need for vigilance and proactive defense strategies in safeguarding sensitive information.

Meanwhile, the U.S. government's seizure of cryptocurrency linked to North Korea's fake IT worker network underscores the global nature of cyber threats and the innovative tactics employed by malicious actors. This, coupled with the advancements in AI research at Arizona State University and the establishment of an AI Safety Institute in China, highlights the dual-edged nature of technology—offering both unprecedented opportunities and significant risks.

In the realm of vulnerabilities, the recent discoveries in Apple devices, Apache Tomcat, and OpenSSL remind us of the ever-present need for timely updates and patches. These vulnerabilities serve as a stark reminder of the potential consequences of neglecting security measures in both software and hardware environments.

As we continue to navigate these complex challenges, sharing knowledge and staying informed are key. If you found today's insights valuable, please consider sharing this newsletter with your friends and colleagues. Together, we can foster a more secure digital world, one informed reader at a time.

Thank you for being a part of our community. Stay safe, stay informed, and we'll see you in the next edition of Secret CISO.