Welcome to today's issue of Secret CISO, your daily source for the most impactful cybersecurity news. Today, we delve into a series of data breaches affecting various sectors, from education to healthcare, and even the fashion industry. We also explore the intersection of AI and cybersecurity, the vulnerabilities in U.S. water utilities, and the role of social media in security breaches.

Starting off with the education sector, Lexington-Richland 5 schools are currently investigating a data security incident that has caused delays in employee retention payments. In the healthcare sector, Absolute Dental Group is facing a proposed federal class action over a data breach that exposed sensitive patient information. In the fashion industry, Adidas and UChicago Medical Center are facing lawsuits over vendor-related data breaches.

On a larger scale, AT&T has been hit by a massive reported identity data leak, and a data breach at newspaper giant Lee Enterprises has affected around 40,000 people. In the realm of AI, Aragon Research emphasizes the growing importance of Agentic Identity and Security Platforms (AISP) in securing AI agents within enterprises.

Turning to infrastructure, researchers have discovered widespread security exposures in U.S. water utilities' industrial control systems. In response, hundreds of utilities have bolstered their security measures. In the tech industry, Cellebrite is set to acquire Corellium, a firm that provides virtual, cloud-based Android and iOS devices for application and security testing.

On the social media front, a study led by the University of Portsmouth has found that fake social media profiles, particularly on LinkedIn, are a leading cause of serious security breaches. This research underscores the importance of social media security in the digital age.

Finally, we look at the latest vulnerabilities, including a denial of service vulnerability in Rack, a data masking bypass in PostgreSQL Anonymizer, and a stack-based buffer overflow in D-Link DIR-816. We also cover vulnerabilities in Tenda AC10 and CH22, as well as issues in PSU HAX CMS, anon-vec crate, AstrBot, and Umbraco.

Stay tuned for more detailed coverage of these stories and more in today's issue of Secret CISO.

Data Breaches

1. Data breach at Lexington-Richland 5 schools: The school district has launched an investigation into a data security incident that has caused delays in employee retention payments. The district is working with external cybersecurity professionals to address the issue. Source: wltx.com
2. Absolute Dental Group Hit With Class Action Over Data Breach: A proposed federal class action has been launched against Absolute Dental Group following a data breach. The lead plaintiff, Kathleen Jordan, has alleged that the breach exposed sensitive patient information. Source: Bloomberg Law News
3. Adidas and UChicago Sued Over Data Breaches Caused by Third-Party Vendors: Adidas and UChicago Medical Center are facing lawsuits over vendor-related data breaches. The cases raise important questions about liability for known security vulnerabilities when third-party vendors are involved. Source: The National Law Review
4. AT&T Hit by Massive Reported Identity Data Leak: Hackers have reportedly re-released a refined trove of 86 million AT&T records, including decrypted Social Security numbers and full identity data. This is not the first time AT&T has experienced such a breach. Source: Bank Info Security
5. Data breach at newspaper giant Lee Enterprises affects 40000 people: A data breach at Lee Enterprises, a major newspaper company, has affected around 40,000 people, mostly current and former employees. The breach exposed sensitive information, including Social Security numbers. Source: Nieman Lab

Security Research

1. Securing AI agent identities crucial to enterprises, says research firm: Aragon Research emphasizes the growing importance of Agentic Identity and Security Platforms (AISP) in securing AI agents within enterprises. These platforms are quickly becoming the standard for security, highlighting the intersection of AI and cybersecurity. Source: SC Magazine
2. Water utilities mitigate equipment flaws after researchers find widespread exposures: Researchers have discovered widespread security exposures in U.S. water utilities' industrial control systems. In response, hundreds of utilities have bolstered their security measures to mitigate these vulnerabilities. Source: Cybersecurity Dive
3. Cellebrite to acquire mobile testing firm Corellium in $200 million deal: Cellebrite is set to acquire Corellium, a firm that provides virtual, cloud-based Android and iOS devices for application and security testing. This acquisition will enhance Cellebrite's capabilities in mobile security research. Source: CyberScoop
4. Misconfigured HMIs Expose US Water Systems to Anyone with a Browser: Security researchers have discovered that misconfigured Human-Machine Interfaces (HMIs) are exposing U.S. water systems to potential threats. An artifact in a TLS certificate led researchers to this vulnerability. Source: SecurityWeek
5. Research reveals how fake social media accounts could be the cause of serious security breaches: A study led by the University of Portsmouth has found that fake social media profiles, particularly on LinkedIn, are a leading cause of serious security breaches. This research underscores the importance of social media security in the digital age. Source: Tech Xplore

Top CVEs

1. CVE-2025-49007 - Denial of Service Vulnerability in Rack: Rack, a modular Ruby web server interface, has a denial of service vulnerability in its Content-Disposition parsing component. This vulnerability, present in versions 3.1.0 to 3.1.16, can cause the parsing to take an unexpected amount of time, potentially leading to a denial of service attack. The issue impacts applications that parse multipart posts using Rack, which includes virtually all Rails applications. Source: vulners.com
2. CVE-2025-5690 - Data Masking Bypass in PostgreSQL Anonymizer: PostgreSQL Anonymizer v2.0 and v2.1 contain a vulnerability that allows a masked user to bypass the masking rules defined on a table and read the original data. This vulnerability only occurs when dynamic masking is enabled, which is not the default setting. Source: vulners.com
3. CVE-2025-5630 - Stack-Based Buffer Overflow in D-Link DIR-816: A critical vulnerability has been found in D-Link DIR-816 1.10CNB05, affecting unknown code of the file /goform/form2lansetup.cgi. The manipulation of the argument ip leads to a stack-based buffer overflow, and the attack can be initiated remotely. This vulnerability only affects products that are no longer supported by the manufacturer. Source: vulners.com
4. CVE-2025-5629 - Buffer Overflow in Tenda AC10: A critical vulnerability was found in Tenda AC10 up to 15.03.06.47, affecting the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument startIp/endIp leads to a buffer overflow, and the attack can be initiated remotely. Source: vulners.com
5. CVE-2025-5619 - Stack-Based Buffer Overflow in Tenda CH22: A critical vulnerability has been found in Tenda CH22 1.0.0.1, affecting the function formaddUserName of the file /goform/addUserName. The manipulation of the argument Password leads to a stack-based buffer overflow, and the attack can be initiated remotely. Source: vulners.com

API Security

1. Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint: An unauthenticated information disclosure vulnerability exists in the PSU deployment of HAX CMS via the haxPsuUsage API endpoint. This allows any remote unauthenticated user to retrieve a full list of PSU websites hosted on HAX CMS. The endpoint is exposed without any authentication or authorization checks, representing a privacy and enumeration risk. Source: vulners.com
2. Anon-Vec Lacks Sufficient Checks in Public API: The anon-vec crate functions are unsound due to insufficient checks on their arguments. This includes AnonVec::get_ref(), AnonVec::get_mut(), and AnonVec::remove_get(). The crate was built as a learning project and is not being maintained. Source: vulners.com
3. AstrBot Has Path Traversal Vulnerability in /api/chat/get_file: AstrBot is vulnerable to a path traversal attack via the /api/chat/get_file endpoint. This vulnerability may lead to information disclosure, such as API keys for LLM providers, account passwords, and other sensitive data. The vulnerability has been addressed in Pull Request #1676 and is included in versions >= v3.5.13. Source: vulners.com
4. Umbraco Vulnerable to By-Pass of Configured Allowed Extensions for File Uploads: Umbraco has a vulnerability that allows a manipulated API request to upload a file that doesn't adhere with the configured allowable file extensions. The issue has been patched in versions 15.4.2 and 16.0.0. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. From school districts to dental groups, no one is immune to the ever-evolving threats of data breaches. As we've seen, even giants like AT&T are not spared. It's a stark reminder of the importance of robust cybersecurity measures in our increasingly digital world.

On the brighter side, we're also seeing advancements in AI security and proactive measures being taken by water utilities to mitigate vulnerabilities. The acquisition of Corellium by Cellebrite is a promising development in mobile security research. However, the discovery of misconfigured HMIs and the role of fake social media accounts in security breaches serve as reminders that there's still much work to be done.

Lastly, we've highlighted several vulnerabilities that have been discovered recently. From denial of service attacks in Rack to buffer overflows in Tenda AC10 and D-Link DIR-816, it's crucial to stay updated on these developments to protect your systems effectively.

Remember, knowledge is power. So, share this newsletter with your friends and colleagues to help them stay informed and secure. Let's work together to create a safer digital world. Until next time, stay safe and secure!