Welcome to today's edition of Secret CISO, where we unravel the latest in cybersecurity and data protection. Today's issue is a gripping tale of breaches, vulnerabilities, and the relentless pursuit of security in an ever-evolving digital landscape.

We begin with AT&T's monumental $177 million settlement following two significant data breaches, a stark reminder of the high stakes in safeguarding customer data. Meanwhile, Episource and McLaren Health Care face scrutiny as investigations reveal vulnerabilities that exposed millions of sensitive records, underscoring the critical need for robust data protection in healthcare.

In the realm of aviation, EASA and IATA's new initiative aims to combat the alarming rise in GNSS interference, a move to bolster safety and security in the skies. Simultaneously, researchers uncover a staggering 16 billion stolen passwords online, highlighting the ongoing challenges in cybersecurity.

On the tech front, vulnerabilities in popular platforms like Notepad++ and Gmail's multi-factor authentication reveal the persistent threats lurking in our digital tools. IBM's donation of its CBOM toolset to the Linux Foundation marks a significant step towards enhancing open-source security standards.

Finally, we delve into the world of vulnerabilities, from privilege escalation in Notepad++ to directory traversal in Convoy, each a potential gateway for cyber threats. As we navigate these challenges, today's stories remind us of the importance of vigilance and innovation in the fight for digital security.

Stay informed, stay secure, and join us as we explore these critical developments in the world of cybersecurity.

Data Breaches

1. AT&T Data Breach Settlement: Dates, Eligibility, And How Much You Could Get: AT&T has agreed to a $177 million settlement to resolve lawsuits related to two significant data breaches that compromised customer data. This settlement covers both a 2024 hack and a 2019 breach, impacting millions of current and former customers. The company denies any wrongdoing but has opted for a settlement to address the claims. Source: Times Now, Legal Reader, PCMag, First Coast News, About Lawsuits, CBS News 8.
2. PRIVACY ALERT: Episource Under Investigation for Data Breach of 5.4 Million Customer Records: Schubert Jonckheer & Kolbe LLP is investigating a data breach at Episource that has potentially exposed the personal and health information of 5.4 million customers. The breach highlights significant vulnerabilities in the company's data protection measures, raising concerns about the security of sensitive health data. Source: PRNewswire.
3. McLaren Health Care Data Breach Exposes Personal Information: McLaren Health Care is under scrutiny after a data breach exposed sensitive personal information of its clients. The breach has prompted legal investigations to assess the extent of the damage and potential legal claims on behalf of affected individuals. This incident underscores the critical need for robust data security measures in healthcare systems. Source: GlobeNewswire, Morningstar.
4. PRIVACY ALERT: Asheville Eye Associates Under Investigation for Data Breach of Over 147,000 Patient Records: Asheville Eye Associates is facing an investigation following a data breach that compromised the sensitive personal and health information of over 147,000 patients. The breach has raised significant privacy concerns and highlights the vulnerabilities in data protection within the healthcare sector. Source: PRNewswire, News-Journal.
5. Steelmaker Nucor Restores Operations, Confirms Limited Data Breach: Nucor, a leading steel manufacturer, has confirmed a limited data breach following a cyberattack in May 2025. The breach affected operations at their Tuscaloosa, Alabama plant, but the company has since restored operations and is taking steps to enhance its cybersecurity measures. Source: Cybersecurity Dive.

Security Research

1. "EASA and IATA Unveil Four-point Plan To Combat Increasing GNSS Interference": The European Union Aviation Safety Agency (EASA) and the International Air Transport Association (IATA) have launched a comprehensive four-point plan to address the rising incidents of Global Navigation Satellite System (GNSS) interference. This initiative aims to enhance aviation safety and security by implementing risk management strategies and improving awareness among air crews. Source: AIN Online.
2. "Researchers Find 16 Billion New Stolen Passwords Online": Security researchers have uncovered a staggering 16 billion stolen login credentials circulating online. This discovery has prompted experts to verify the authenticity and novelty of these credentials, highlighting the ongoing challenges in cybersecurity and the importance of robust password management practices. Source: ACS Information Age.
3. "Echo Chamber Jailbreak Tricks LLMs Like OpenAI and Google into Generating Harmful Content": A new proof of concept, dubbed the "Echo Chamber" attack, demonstrates how subtle prompts can bypass AI guardrails in language models like GPT and Gemini. This research underscores the vulnerabilities in AI systems and the need for enhanced security measures to prevent misuse. Source: The Hacker News.
4. "Gmail's Multi-factor Authentication Bypassed by Hackers to Pull Off Targeted Attacks": Security researchers at Google's Threat Intelligence Group have identified a method used by hackers to bypass Gmail's multi-factor authentication. This vulnerability has been exploited in targeted attacks, emphasizing the need for continuous improvements in authentication technologies to safeguard user accounts. Source: Malwarebytes.
5. "IBM is Donating its CBOM Toolset to the Linux Foundation": IBM has announced the donation of its CycloneDX Bill of Materials (CBOM) toolset to the Linux Foundation. This move aims to enhance open-source security standards and foster collaboration within the cybersecurity community, promoting transparency and trust in software supply chains. Source: IBM Research Blog.

Top CVEs

1. Notepad++ Privilege Escalation Vulnerability (CVE-2025-49144): A privilege escalation vulnerability in Notepad++ v8.8.1 allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. This can be exploited via social engineering or clickjacking, leading to automatic execution of malicious code with SYSTEM privileges. The issue has been addressed in upcoming releases. Source: Vulners.
2. BRAIN2 Server Script Execution Vulnerability (CVE-2025-6512): A vulnerability in BRAIN2 allows scripts integrated into reports by non-admin users to be executed on the server with administrator privileges. This could lead to unauthorized actions and data manipulation. Source: Vulners.
3. Mitel OpenScape Path Traversal Vulnerability (CVE-2025-23092): Mitel OpenScape Accounting Management has a path traversal vulnerability due to insufficient input sanitization, allowing authenticated attackers to upload and execute arbitrary files. This could result in unauthorized access and control over the system. Source: Vulners.
4. NodeRestriction Admission Controller Bypass (CVE-2025-4563): A flaw in the NodeRestriction admission controller allows nodes to bypass dynamic resource allocation checks during pod creation, potentially leading to unauthorized access to dynamic resources. This vulnerability poses a risk of privilege escalation and resource misuse. Source: Vulners.
5. Convoy Directory Traversal Vulnerability (CVE-2025-52562): Convoy's LocaleController component has a directory traversal vulnerability that can be exploited by unauthenticated remote attackers to execute arbitrary PHP files. This issue has been patched, and a temporary workaround involves strict WAF rules. Source: Vulners.

API Security

1. Claude Code Improper Authorization via Websocket Connections: Claude Code extensions in VSCode and JetBrains IDEs are vulnerable to unauthorized websocket connections, allowing attackers to read files, see open files, and execute code under certain conditions. A patch was released to address this issue. Source: Vulners
2. CVE-2023-47030: An issue in NCR Terminal Handler v.1.5.1 allows remote attackers to execute arbitrary code and obtain sensitive information via a GET request to a UserService SOAP API endpoint. Source: Vulners
3. Quarkus Potential Data Leak: Changes in Vert.x 4.5.12 semantics for duplicating contexts could lead to data leaks in Quarkus, as data from one transaction may leak into another. A rollback and new API are planned to address this. Source: Vulners
4. CVE-2025-1094: This vulnerability in PostgreSQL allows SQL injection leading to remote code execution via WebSocket hijacking. It affects versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19. Source: Vulners
5. CVE-2025-52922: Innoshop through 0.4.1 allows directory traversal via FileManager API endpoints, enabling authenticated attackers to map the filesystem, create, read, delete, and move files on the server. Source: Vulners

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the landscape of cybersecurity is as dynamic and challenging as ever. From the AT&T data breach settlement to the vulnerabilities in AI systems and the ongoing battle against GNSS interference, each story underscores the critical importance of staying informed and vigilant.

These incidents remind us that cybersecurity is not just a technical issue but a collective responsibility. Whether it's a major corporation like AT&T or a healthcare provider like McLaren Health Care, the ripple effects of data breaches and vulnerabilities can impact millions. It's crucial for each of us to play our part in safeguarding sensitive information and enhancing security measures.

We hope you found today's insights valuable and thought-provoking. If you did, please consider sharing this newsletter with your friends and colleagues. By spreading awareness, we can all contribute to a more secure digital world.

Thank you for being a part of our community. Stay safe, stay informed, and we'll see you in the next edition of Secret CISO.