Welcome to today's edition of Secret CISO, where we unravel the tangled web of cybersecurity threats and vulnerabilities that have emerged across the globe. As we dive into the digital underworld, brace yourself for a journey through some of the most significant breaches and security flaws threatening our digital landscape.

In an unprecedented breach, 16 billion login credentials have been leaked, impacting tech giants like Apple and Google. This massive data spill, dubbed the "mother of all breaches," underscores the critical need for robust security measures in cloud environments. Meanwhile, the Texas Department of Transportation and Oxford City Council grapple with their own data breaches, highlighting vulnerabilities in both public and private sectors.

As we navigate these turbulent waters, a new wave of Android malware is making waves, targeting devices through sophisticated methods like overlays and NFC theft. This surge in malware activity demands heightened vigilance from users and security professionals alike.

On the vulnerability front, Tenable's report on pervasive cloud misconfigurations and serious security flaws in radio systems reveal the lurking dangers in our digital infrastructure. From Apache Traffic Server's memory consumption issues to RabbitMQ's plaintext credential logging, the need for timely updates and patches has never been more urgent.

Join us as we delve deeper into these stories, offering insights and recommendations to fortify your defenses against the ever-evolving cyber threats. Stay informed, stay secure.

Data Breaches

1. 16 Billion Logins Stolen In Mega Data Breach Threatening Apple, Google And More: In one of the largest data breaches in history, cybersecurity researchers have confirmed the leak of 16 billion login credentials. This unprecedented breach affects major tech platforms like Apple, Google, and Facebook, urging users to change their passwords immediately. Source: NDTV
2. TxDOT: Nearly 300K Crash Records Accessed in Data Breach: The Texas Department of Transportation has reported a data breach where nearly 300,000 crash records were accessed. This breach highlights vulnerabilities in state agency data management and raises concerns about the security of sensitive information. Source: ValleyCentral
3. Statement on Cyber Security Incident - Oxford City Council: Oxford City Council experienced a cyber security incident where attackers gained access to their systems. The automated security systems quickly responded, minimizing the attackers' access and protecting sensitive data. Source: Oxford City Council
4. Krispy Kreme Notifies 160k Affected by Data Breach: Krispy Kreme has notified 161,676 individuals affected by a data breach that exposed sensitive information. The company is offering credit monitoring services to those impacted as part of their response to the incident. Source: Charlotte Observer
5. Major US Healthcare Data Provider Hit by Data Breach - Over 5 Million Patients Affected: Episource, a major US healthcare data provider, confirmed a cyberattack that compromised the data of over 5 million patients. The breach involved sensitive patient information, including policy and Medicaid details, raising significant concerns about healthcare data security. Source: MSN

Security Research

1. Security researchers find 16B stolen credentials from malware in open cloud storage: Security researchers at Cybernews have discovered a staggering 16 billion login credentials exposed online due to malware in open cloud storage. This breach, dubbed the "mother of all breaches," highlights the critical need for enhanced security measures in cloud environments to protect sensitive data. Source: SiliconANGLE.
2. New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft: A new wave of Android malware is targeting devices through overlays, virtualization fraud, and NFC theft, posing significant threats to user data and device security. Security researcher Ziv Zeira highlights the sophisticated nature of these attacks, which are increasingly targeting Russian users. Source: The Hacker News.
3. Tenable Research Finds Pervasive Cloud Misconfigurations: Tenable's 2025 Cloud Security Risk Report reveals widespread cloud misconfigurations that expose critical data and secrets, underscoring the urgent need for organizations to address these vulnerabilities. The report highlights the importance of robust cloud security practices to mitigate potential risks. Source: GlobeNewswire.
4. Serious security flaws in radio systems: Researchers at the Swedish Defence University have identified significant security vulnerabilities in radio communication systems used for critical communications. These flaws leave systems susceptible to modern digital threats, emphasizing the need for improved security measures in radio technologies. Source: Försvarshögskolan.
5. Nobitex source code leaked after $100M hack by pro-Israel group: The source code of Nobitex, a cryptocurrency exchange, was leaked following a $100 million hack by a pro-Israel group. This breach highlights the vulnerabilities in cryptocurrency platforms and the potential for significant financial and reputational damage. Source: Cointelegraph.

Top CVEs

1. CVE-2025-49763: ESI plugin in Apache Traffic Server lacks a limit for maximum inclusion depth, leading to potential excessive memory consumption if malicious instructions are inserted. Users can mitigate this by setting a new limit (--max-inclusion-depth). Affected versions are from 10.0.0 through 10.0.5 and 9.0.0 through 9.2.10. Upgrading to version 9.2.11 or 10.0.6 is recommended. Source: Vulners.
2. CVE-2025-6019: A Local Privilege Escalation vulnerability in libblockdev allows a physically present user to escalate to full root privileges due to interactions with the udisks daemon. An attacker can exploit this by creating a specially crafted XFS image. This vulnerability affects systems using the "allow_active" setting in Polkit. Source: Vulners.
3. CVE-2025-5071: The AI Engine plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check. This allows authenticated attackers with subscriber-level access to execute various commands, potentially leading to privilege escalation and data loss. Affected versions are 2.8.0 to 2.8.3. Source: Vulners.
4. CVE-2025-32896: Unauthorized users can perform Arbitrary File Read and Deserialization attacks via the RESTful API in Apache SeaTunnel. This vulnerability allows attackers to submit jobs with extra parameters in the MySQL URL. Affected versions are up to 2.3.10. Users should upgrade to version 2.3.11 and enable RESTful API v2 with HTTPS two-way authentication. Source: Vulners.
5. CVE-2025-4738: An SQL Injection vulnerability in Yirmibes Software MY ERP allows improper neutralization of special elements in SQL commands. This affects MY ERP versions before the latest update. Users are advised to update to the latest version to mitigate this risk. Source: Vulners.

API Security

1. CVE-2025-6283: A vulnerability in xataio Xata Agent up to version 0.3.0 allows path traversal through the manipulation of the GET function in the file apps/dbagent/src/app/api/evals/route.ts. Upgrading to version 0.3.1 addresses this issue. Source.
2. CVE-2025-6282: xlang-ai OpenAgents up to a specific commit is affected by a critical path traversal vulnerability in the create_upload_file function of backend/api/file.py. The exploit is public, but no version details for patches are available due to continuous delivery practices. Source.
3. CVE-2025-50200: RabbitMQ versions 3.13.7 and prior log authorization headers in plaintext, encoded in base64, when queried with HTTP/s using basic authentication. This vulnerability allows easy decoding of credentials, which has been patched in later versions. Source.
4. PowSyBl Core Contains a Polynomial ReDoS in RegexCriterion: This advisory highlights a potential polynomial Regular Expression Denial of Service (ReDoS) vulnerability in the RegexCriterion class, which can be exploited under specific attacker-controlled conditions to cause significant CPU exhaustion. Source.
5. Apache SeaTunnel: Unauthenticated insecure access allows unauthorized users to perform Arbitrary File Read and Deserialization attacks via the restful api-v1. Users are advised to upgrade to version 2.3.11 and enable restful api-v2 with two-way authentication to mitigate this issue. Source.

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is more perilous than ever. From the staggering breach of 16 billion login credentials affecting tech giants like Apple and Google, to the vulnerabilities exposed in state agencies and healthcare providers, the need for robust cybersecurity measures is undeniable. Each story serves as a stark reminder of the importance of vigilance and proactive defense strategies in safeguarding our digital lives.

We've also seen how sophisticated malware and cloud misconfigurations can lead to significant data exposure, emphasizing the need for continuous improvement in security protocols. The vulnerabilities in radio systems and cryptocurrency platforms further highlight the diverse range of threats we face today.

As we navigate these challenges, remember that staying informed is your first line of defense. Share this newsletter with your friends and colleagues to help spread awareness and foster a community of informed and prepared digital citizens. Together, we can build a safer digital world.

Thank you for joining us today. Stay secure, and we'll see you in the next edition of Secret CISO!