Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity challenges facing organizations across the globe. On this eventful June 25th, we delve into a series of alarming data breaches and vulnerabilities that underscore the critical importance of robust security measures.

First, we explore the legal battles brewing as Aflac, PowerSchool, and a home delivery pharmacy grapple with the fallout from significant data breaches. These incidents not only compromise sensitive customer information but also highlight the urgent need for timely notifications and stringent data protection protocols.

Meanwhile, Erie Insurance and Covenant Surgical Partners find themselves under the microscope as investigations into potential data breaches unfold. These cases serve as stark reminders of the vulnerabilities inherent in handling personal data, especially within the insurance and healthcare sectors.

In the realm of cybersecurity vulnerabilities, we uncover how scams manipulate Google's search algorithms, while experts warn of an impending exploitation of a Netscaler vulnerability. Additionally, China's 'LapDogs' network exploits backdoored SOHO devices, raising concerns about consumer-grade hardware security.

Our newsletter also sheds light on the risks posed by outdated Discord invites used in phishing attacks and a critical macOS vulnerability that could target users of the Shortcuts app. These findings emphasize the necessity for continuous vigilance and updates in cybersecurity practices.

Finally, we present a series of critical CVEs, including memory safety bugs in Firefox and Thunderbird, SQL injection risks in Apache Airflow, and vulnerabilities in WordPress plugins and mobile applications. These issues highlight the ongoing battle against potential exploits and the need for immediate action to safeguard systems.

Stay informed and proactive as we navigate these complex cybersecurity landscapes together. Your vigilance is the first line of defense in this ever-evolving digital world.

Data Breaches

1. Aflac Already Hit With Class Action Over Data Breach of Customer Info: Aflac faces a class action lawsuit after a data breach compromised sensitive customer information. The breach has led to legal action as affected individuals seek compensation for the potential misuse of their data. Source: Insurance Journal.
2. Attorney General Demands Answers from PowerSchool After Data Breach Affects Millions: PowerSchool is under scrutiny after a data breach affected millions, prompting the Attorney General to demand explanations. The breach has raised concerns about the security of educational data and the measures in place to protect it. Source: WCTI12.
3. Patients Allege Home Delivery Pharmacy Failed Timely Notification of Data Breach: A data breach at a home delivery pharmacy exposed personal information of over 75,000 customers. The delay in notifying affected individuals has led to allegations and potential legal actions. Source: Pharmacy Times.
4. Barrack, Rodos & Bacine Investigating Cyberattack and Potential Data Breach at Erie Insurance: Erie Insurance is under investigation following a cyberattack that may have led to a data breach involving sensitive personal information. The incident highlights the ongoing risks faced by insurance companies in protecting customer data. Source: CBS42.
5. UPDATE - Lynch Carpenter Investigates Claims in Covenant Surgical Partners, Inc Data Breach: Covenant Surgical Partners is facing scrutiny after a data breach notification was sent to affected individuals. The breach has prompted investigations into the extent of the data compromise and potential legal claims. Source: GlobeNewswire.

Security Research

1. How do scams end up at the top of a Google search?: A YouTube video explores the mechanisms by which scams can manipulate search engine algorithms to appear prominently in search results. This manipulation often involves exploiting weaknesses in Google's ranking system, leading to increased visibility for fraudulent sites. Source: YouTube.
2. Experts: Only a matter of time until latest Netscaler vulnerability exploited in the wild: Security researchers are raising concerns about a new vulnerability in Netscaler, predicting its inevitable exploitation. The vulnerability poses significant risks, and experts like Kevin Beaumont emphasize the urgency for organizations to patch their systems. Source: CyberDaily.
3. China's 'LapDogs' Network Thrives on Backdoored SOHO Devices: A report highlights how China's 'LapDogs' network exploits backdoored Small Office/Home Office (SOHO) devices to conduct cyber espionage. This network leverages compromised devices to infiltrate and gather sensitive information, raising alarms about the security of consumer-grade hardware. Source: Dark Reading.
4. Security researchers warn that old or expired Discord invites are being used in phishing attacks: Researchers have identified a vulnerability in Discord invites, which can be used as part of a multi-stage payload delivery system in phishing attacks. This exploit highlights the need for better security measures in managing expired or unused invites. Source: PC Gamer.
5. Don't take any 'shortcuts' - Positive Technologies find critical vulnerability in macOS application: Positive Technologies has discovered a critical vulnerability in a macOS application that could be exploited to target users of the Shortcuts app. This vulnerability underscores the importance of regular security updates and vigilance in app usage. Source: Tahawul Tech.

Top CVEs

1. CVE-2025-6436: Memory safety bugs present in Firefox 139 and Thunderbird 139 have shown evidence of memory corruption. With enough effort, these vulnerabilities could potentially be exploited to run arbitrary code. Users are advised to update to the latest versions to mitigate these risks. Source: Vulners.
2. CVE-2025-50213: Apache Airflow Providers Snowflake had a vulnerability due to failure in sanitizing special elements, leading to potential SQL injection. Users are recommended to upgrade to version 6.4.0, which addresses this issue by adding sanitation to table and stage parameters. Source: Vulners.
3. CVE-2025-6206: The Aiomatic plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation. This could allow authenticated attackers to upload files that may lead to remote code execution. Users should ensure proper validation and update to secure versions. Source: Vulners.
4. CVE-2025-3090: An unauthenticated remote attacker can exploit missing authentication in a device to obtain limited sensitive information or cause a denial of service (DoS). This highlights the importance of implementing robust authentication mechanisms. Source: Vulners.
5. CVE-2025-4378: The Ataturk University ATA-AOF Mobile Application has vulnerabilities due to cleartext transmission of sensitive information and use of hard-coded credentials. This allows for authentication abuse and bypass, urging users to update to secure versions. Source: Vulners.

API Security

1. Exploit for Code Injection in Langflow: A critical vulnerability (CVE-2025-3248) in Langflow's API allows unauthenticated remote code execution via the /api/v1/validate/code endpoint. This Python-based scanner automates detection and exploitation, posing significant risks if left unpatched. Source.
2. Komga Cross-Site Scripting Vulnerability: Komga, a media server, is vulnerable to XSS attacks in versions 1.8.0 through 1.21.3 when serving EPUB resources. This flaw can lead to arbitrary code execution if an admin user accesses a malicious EPUB file. A patch is available in version 1.22.0. Source.
3. Claude Code Unauthorized Websocket Connections: Vulnerabilities in Claude Code extensions for VSCode and JetBrains IDEs allow unauthorized websocket connections, potentially exposing sensitive data and enabling code execution under certain conditions. Users are advised to update to the latest versions to mitigate risks. Source.
4. Aiomatic WordPress Plugin File Upload Vulnerability: The Aiomatic plugin for WordPress is vulnerable to arbitrary file uploads due to inadequate file type validation. This flaw could lead to remote code execution if exploited by authenticated users with Subscriber-level access or higher. Source.

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape continues to present both challenges and opportunities for vigilance. From Aflac's legal battles over compromised customer data to the urgent need for patches against vulnerabilities like those in Netscaler and macOS applications, the importance of staying informed and proactive cannot be overstated.

We've also seen how scams can manipulate search engines, and how networks like China's 'LapDogs' exploit consumer-grade devices, reminding us of the ever-evolving tactics used by cyber adversaries. Meanwhile, the vulnerabilities in platforms like Firefox, Apache Airflow, and WordPress highlight the critical need for timely updates and robust security measures.

In this interconnected world, sharing knowledge is a powerful tool. If you found today's insights valuable, please consider sharing this newsletter with your friends and colleagues. Together, we can build a more informed and resilient community, ready to tackle the cyber challenges of tomorrow.

Stay safe, stay informed, and see you in the next edition of Secret CISO!