Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity incidents and innovations shaping our digital landscape. In this issue, we delve into a series of alarming data breaches and vulnerabilities that have left both corporations and individuals scrambling for security solutions.

Nova Scotia Power and Curium Pharma find themselves in the spotlight as they grapple with the fallout from significant data breaches, prompting legal actions and customer protections. Meanwhile, a massive breach exposing 16 billion credentials serves as a stark reminder of the importance of robust password management.

In a landmark settlement, AT&T agrees to a $177 million payout following customer data breaches, highlighting the financial repercussions of inadequate data protection. Across the Atlantic, Glasgow City Council faces fears of data theft after a cyber attack disrupts public services.

On the technological front, vulnerabilities continue to plague major platforms. Microsoft's Entra SaaS apps remain susceptible to the nOAuth vulnerability, while Citrix and WinRAR rush to patch critical flaws that could lead to unauthorized access and malware execution.

Amidst these challenges, a beacon of innovation emerges with the development of Li-Fi technology, promising enhanced security and unprecedented data transmission speeds. This breakthrough could redefine wireless communication, offering a glimpse into a more secure digital future.

Stay informed and vigilant as we navigate these complex cybersecurity landscapes together.

Data Breaches

1. NS Power says past customers impacted by data breach: Nova Scotia Power has confirmed that a recent data breach compromised the information of past customers. The company is now offering free credit monitoring to all affected individuals to mitigate potential risks. Source: YouTube
2. Curium Pharma Data Breach Lawsuit Investigation: Curium Pharma is under investigation following a data breach that exposed sensitive information. Affected individuals have been notified and may participate in a class-action lawsuit. Source: Class Action
3. Computer expert warns neighbors to change passwords after massive data breach: A significant data breach has exposed 16 billion login credentials, affecting major platforms like Microsoft and Apple. Users are advised to change their passwords and enhance security measures. Source: Fox 47 News
4. Could AT&T owe you money? Customer data breaches lead to $177 million settlement: AT&T has settled data breach lawsuits for $177 million, with affected customers eligible for compensation. The breaches exposed sensitive customer information, prompting legal action. Source: Star-Telegram
5. Cyber attack on Glasgow City Council prompts data theft fears: A cyber attack on Glasgow City Council has raised concerns about data theft, affecting various public services. The breach has prompted an investigation into the extent of the data compromise. Source: BBC News

Security Research

1. nOAuth Vulnerability Still Affects 9% of Microsoft Entra SaaS Apps Two Years After Discovery: New research highlights the ongoing risk from a known security weakness in Microsoft's Entra ID. This vulnerability could potentially allow malicious actors to gain unauthorized access to sensitive data, affecting 9% of Microsoft Entra SaaS applications. Despite being discovered two years ago, the issue remains unresolved for a significant portion of users. Source: The Hacker News.
2. Multiple Brother Devices: Multiple Vulnerabilities (FIXED): Security researcher Rapid7 has identified eight vulnerabilities across 742 printer models from Brother, FUJIFILM, Ricoh, and Toshiba. These vulnerabilities, which have now been fixed, posed significant security risks, potentially allowing unauthorized access and control over affected devices. The discovery underscores the importance of regular updates and patches for IoT devices. Source: SecurityBrief Australia.
3. Citrix Patches Critical 0-day Amid 'CitrixBleed 2' Concerns: Citrix has released patches for a critical zero-day vulnerability, dubbed "CitrixBleed 2," affecting its Netscaler ADC and NetScaler Gateway products. Security researcher Kevin Beaumont highlighted the severity of the flaw, which could lead to unauthorized data access and system compromise. Users are urged to apply the patches immediately to mitigate potential exploitation. Source: SC Media.
4. WinRAR Patches Bug Letting Malware Launch from Extracted Archives: A high-severity vulnerability in WinRAR, tracked as CVE-2025-6218, has been patched. This flaw allowed malware to execute from extracted archives, posing a significant threat to users. The vulnerability was discovered by a security researcher and has been assigned a CVSS score of 7.8. Users are advised to update to the latest version of WinRAR to ensure protection. Source: Bleeping Computer.
5. Li-Fi Technology Offers Enhanced Security and Speeds 100 Times Faster Than Wi-Fi: Korean researchers have developed a new Li-Fi platform that surpasses the limitations of traditional optical communication devices. This technology promises enhanced security and data transmission speeds up to 100 times faster than conventional Wi-Fi, potentially revolutionizing wireless communication. The innovation could have significant implications for secure and efficient data transfer. Source: Tech Xplore.

Top CVEs

1. CVE-2025-25012: URL redirection to an untrusted site ('Open Redirect') in Kibana can lead to sending a user to an arbitrary site and server-side request forgery via a specially crafted URL. This vulnerability could be exploited by attackers to redirect users to malicious sites, potentially leading to further attacks such as phishing or malware distribution. Source: Vulners.
2. CVE-2025-20282: A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC allows an unauthenticated, remote attacker to upload arbitrary files and execute them as root. This is due to a lack of file validation checks, enabling attackers to place and execute malicious files in privileged directories. Successful exploitation could lead to arbitrary code execution or root privilege escalation. Source: Vulners.
3. CVE-2025-6543: Memory overflow vulnerability in NetScaler ADC and NetScaler Gateway can lead to unintended control flow and Denial of Service when configured as a Gateway. This vulnerability could be exploited to disrupt services, potentially impacting business operations that rely on these systems for secure access. Source: Vulners.
4. CVE-2025-6445: ServiceStack FindType Directory Traversal Remote Code Execution Vulnerability allows remote attackers to execute arbitrary code on affected installations. The flaw exists due to improper validation of user-supplied paths, which can be exploited to execute code in the context of the current process. This could lead to unauthorized access and control over the affected system. Source: Vulners.

API Security

1. CVE-2025-1754 Missing Authentication for Critical Function in GitLab: An issue in GitLab CE/EE versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 allows unauthenticated attackers to upload arbitrary files to public projects via crafted API requests. This could lead to resource abuse and unauthorized content uploads. Source: Vulners
2. CVE-2025-3279 Allocation of Resources Without Limits or Throttling in GitLab: A vulnerability in GitLab CE/EE versions from 10.7 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 allows authenticated attackers to create a DoS condition by sending crafted GraphQL requests. This could overwhelm the system, leading to service disruption. Source: Vulners
3. CVE-2025-5315 Missing Authorization in GitLab: In GitLab CE/EE versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1, authenticated users with Guest role permissions can add child items to incident work items via crafted API requests, bypassing UI-enforced role restrictions. This could lead to unauthorized modifications. Source: Vulners
4. CVE-2025-5846 Missing Authorization in GitLab: A vulnerability in GitLab EE versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 allows authenticated users to assign unrelated compliance frameworks to projects through crafted GraphQL mutations, bypassing framework-specific permissions. This could lead to compliance misconfigurations. Source: Vulners
5. CVE-2025-6678 Autel MaxiCharger AC Wallbox Commercial PIN Missing Authentication Information Disclosure Vulnerability: This vulnerability allows remote attackers to disclose sensitive information on Autel MaxiCharger AC Wallbox Commercial charging stations. The flaw exists within the Pile API due to missing authentication, enabling attackers to disclose credentials and potentially compromise the system. Source: Vulners

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape continues to challenge us with new threats and vulnerabilities. From data breaches affecting major corporations like Nova Scotia Power and Curium Pharma to critical vulnerabilities in widely-used software such as Microsoft's Entra ID and Citrix's Netscaler, the need for vigilance and proactive security measures has never been more pressing.

We've also seen promising advancements, like the development of Li-Fi technology, which could revolutionize secure and efficient data transfer. Yet, as technology evolves, so do the tactics of malicious actors, underscoring the importance of staying informed and prepared.

Remember, cybersecurity is a collective effort. If you found today's insights valuable, please consider sharing this newsletter with your friends and colleagues. Together, we can build a more secure digital world, one informed decision at a time.

Stay safe, stay informed, and see you in the next edition of Secret CISO!