Welcome to today's issue of Secret CISO, your daily dose of cybersecurity news and updates. In today's edition, we're covering a range of topics, from significant data breaches to advancements in AI research for national security.

First off, we have a series of data breaches affecting various sectors. RISE Racing has confirmed a data breach exposing participant information from 2017 to 2022. T-Mobile has issued settlement checks following a data breach that exposed customers' personal information. Real estate firm Landmark Properties Inc. is facing a proposed class action following a data breach in May 2025. Lexington-Richland 5 School District experienced a data breach affecting teacher pay, and AT&T is investigating a claimed sale of 70 million customer records.

On the technology front, the Energy Department is accelerating AI research to defend critical infrastructure. However, a report by CardinalOps reveals that enterprise SIEM systems fail to detect 79% of techniques used by adversaries. In response to this, Arkose Labs has introduced a new threat actor behavior analysis tool. Meanwhile, Aragon Research emphasizes the importance of securing AI agent identities to protect enterprise systems.

In international news, an Iranian state espionage group has been caught spying on Kurdish officials. This incident underscores the persistent threat of state-sponsored cyber espionage.

Finally, we have several vulnerability updates. File::Find::Rule for Perl is vulnerable to Arbitrary Code Execution. A vulnerability in Power Automate could lead to unauthorized access and data exposure. The HyperComments plugin for WordPress is vulnerable to unauthorized data modification. Himmelblau versions are vulnerable to a privilege escalation issue, and a critical vulnerability was found in TOTOLINK N302R Plus.

Stay tuned for more detailed coverage of these stories and more in today's Secret CISO newsletter.

Data Breaches

1. RISE Racing Participant Data Breach: RISE Racing confirmed a data breach that exposed data files from 2017 to 2022, including participant information. The organization is currently investigating the incident. Source: thetrots.com.au
2. T-Mobile Settlement Checks Issued: T-Mobile has issued settlement checks following a data breach that exposed customers' names, addresses, and Social Security numbers. Despite denying any wrongdoing, T-Mobile agreed to pay. Source: abc27.com
3. Landmark Properties Inc. Data Breach: Real estate firm Landmark Properties Inc. is facing a proposed class action following a May 2025 data breach that allegedly exposed sensitive data. Source: law360.com
4. Lexington-Richland 5 School District Data Breach: Lexington-Richland 5 experienced a data breach that limited access to its network and affected teacher pay. The district is currently investigating the incident. Source: thestate.com
5. AT&T Customer Data Dump: AT&T is investigating a claimed sale of 70 million customer records. However, HackRead analyzed the data and reported it actually included about 88 million records. Source: theregister.com

Security Research

1. DOE Accelerates AI Research to Defend Critical Infrastructure: The Energy Department and its national labs are increasing partnerships to advance AI research, scale new tools and boost national security. This initiative aims to protect critical infrastructure from potential threats. Source: govciomedia.com
2. Enterprise SIEMs Miss 79% of MITRE ATT&CK Techniques Used by Adversaries: According to a report by CardinalOps, enterprise Security Information and Event Management (SIEM) systems fail to detect 79% of techniques used by adversaries, as per the MITRE ATT&CK framework. This highlights the need for improved threat detection capabilities. Source: cbs4indy.com
3. Iranian Espionage Group Caught Spying On Kurdish Officials: An Iranian state espionage group remained undetected for over five years until security researchers discovered its activities in 2023. The group had been spying on Kurdish officials, highlighting the persistent threat of state-sponsored cyber espionage. Source: govinfosecurity.com
4. Arkose Labs Unveils Groundbreaking Threat Actor Behavior Analysis: Arkose Labs has introduced a new threat actor behavior analysis tool. This innovative solution aims to provide a more in-depth understanding of threat actors' tactics and strategies, enhancing cybersecurity defenses. Source: youtube.com
5. Securing AI agent identities crucial to enterprises, says research firm: Aragon Research suggests that Agentic Identity and Security Platforms (AISP) are quickly becoming the standard for security. The firm emphasizes the importance of securing AI agent identities to protect enterprise systems. Source: scmagazine.com

Top CVEs

1. Arbitrary Code Execution in File::Find::Rule for Perl: File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep() encounters a crafted filename. This could allow an attacker to execute arbitrary commands. Source: CVE-2011-10007
2. Exposure of sensitive information in Power Automate: A vulnerability in Power Automate could allow an unauthorized actor to elevate privileges, potentially leading to unauthorized access and data exposure. Source: CVE-2025-47966
3. Unauthorized Modification in HyperComments Plugin for WordPress: The HyperComments plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation. This could allow unauthenticated attackers to gain administrative user access to a vulnerable site. Source: CVE-2025-5701
4. Privilege Escalation in Himmelblau: Himmelblau versions 0.9.0 through 0.9.14 and 1.00-alpha are vulnerable to a privilege escalation issue when Entra ID group-based access restrictions are configured using group display names instead of object IDs. This could allow a user to bypass access control mechanisms. Source: CVE-2025-49012
5. Buffer Overflow in TOTOLINK N302R Plus: A critical vulnerability was found in TOTOLINK N302R Plus up to 3.4.0-B20201028. The manipulation of the argument service_type leads to buffer overflow, potentially allowing remote code execution. Source: CVE-2025-5671

Final Words

That's a wrap for today's edition of the Secret CISO newsletter. From the unsettling data breaches at RISE Racing, T-Mobile, and Landmark Properties Inc., to the innovative strides in AI research and threat actor behavior analysis, it's clear that the cybersecurity landscape is ever-evolving.

It's not all doom and gloom, though. The DOE's acceleration of AI research to defend critical infrastructure, and the unveiling of Arkose Labs' groundbreaking threat actor behavior analysis tool, are promising developments in our collective defense against cyber threats.

However, the vulnerabilities in Perl, Power Automate, and the HyperComments plugin for WordPress, among others, serve as a stark reminder of the importance of staying vigilant and up-to-date with the latest security patches and updates.

Remember, knowledge is power. By staying informed, we can all play a part in creating a safer digital world. If you found this newsletter helpful, please consider sharing it with your friends and colleagues. Let's work together to spread the word and make cybersecurity a priority for everyone.

Stay safe, stay informed, and see you in the next edition of Secret CISO.