Welcome to today's issue of Secret CISO, your daily source of the most impactful cybersecurity news. Today, we're covering a series of data breaches affecting various sectors, from transportation to healthcare, and even government agencies. We'll also delve into the world of cyber espionage, AI security, and the ever-evolving threat of phishing attacks.

Starting off in Texas, the Department of Transportation (TxDOT) has reported a data breach compromising personal data of Texans involved in crash reports. Meanwhile, Sensata Technologies is under investigation for a potential data breach, and KiranaPro's co-founder and CTO suspect a former employee for a data breach that resulted in the company's data being wiped. In Tasmania, a government data breach resulted in the personal details of around 260 bus and taxi drivers being accidentally sent to the wrong person. Lastly, Episource, LLC, a risk-adjustment company serving providers in the healthcare industry, has reported a data security breach that could potentially affect individuals on Medicare and Medicaid.

On the international front, Italian authorities are under scrutiny for allegedly using spyware to target immigration activists. In the AI sector, Anthropic has appointed a national security expert to its governing trust, a day after announcing new AI models designed for U.S. national security applications. In the realm of cryptocurrency, a $31 million Bitcoin donation to Silk Road founder Ross Ulbricht is under investigation. And in the mobile world, millions of Android devices have been incorporated into the Badbox 2.0 botnet.

Turning to vulnerabilities, we have several to report. Samba's smbd service daemon doesn't pick up group membership changes when re-authenticating an expired SMB session, potentially exposing file shares. Kafbat UI, a web interface for managing Apache Kafka clusters, has an unsafe deserialization vulnerability that allows unauthenticated users to execute arbitrary code on the server. mhallmann SEPA Girocode and Jatinder Pal Singh BP Profile as Homepage both have vulnerabilities that allow Stored XSS. The Short URL WordPress plugin through 1.6.8 does not properly sanitise and escape a parameter before using it in SQL statement, leading to a SQL injection exploitable by users with relatively low privilege on the site.

Finally, we have a few more vulnerabilities to discuss. A security flaw in the bbPress API allows for the exploitation of incorrectly configured access control security levels. The Hive Support plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation and is also vulnerable to unauthorized access and modification of data due to a missing capability check.

Stay tuned for more detailed coverage of these stories and remember, stay vigilant and stay secure.

Data Breaches

1. Drivers' data compromised in TxDOT data breach: The Texas Department of Transportation (TxDOT) has reported a data breach compromising personal data of Texans involved in crash reports. TxDOT is reaching out to affected individuals and implementing additional security measures to prevent future incidents. Source: NBC 5 Dallas-Fort Worth
2. Sensata Technologies Data Breach: Sensata Technologies is under investigation for a potential data breach. If you received a data breach notice from Sensata, you might be eligible to join a class action lawsuit for information exposure. Source: Class Action
3. Data Wiped at KiranaPro: KiranaPro's co-founder and CTO suspect a former employee for a data breach that resulted in the company's data being wiped. However, they cannot rule out the possibility of an external hack. Source: TechCrunch
4. Government error leaks data of 260 Tasmanian drivers: A government data breach in Tasmania resulted in the personal details of around 260 bus and taxi drivers being accidentally sent to the wrong person. Source: Pulse Tasmania
5. Healthcare company data breach could affect those on Medicare-Medicaid: Episource, LLC, a risk-adjustment company serving providers in the healthcare industry, has reported a data security breach. The breach could potentially affect individuals on Medicare and Medicaid. Source: KX News

Security Research

1. Italian lawmakers say Italy used spyware to target phones of immigration activists: Italian authorities are under scrutiny for allegedly using spyware to target immigration activists. The case is being investigated by senior researcher John Scott-Railton at The Citizen Lab. Source: TechCrunch
2. Anthropic appoints a national security expert to its governing trust: AI company Anthropic has appointed a national security expert to its governing trust, a day after announcing new AI models designed for U.S. national security applications. Source: Yahoo Finance
3. Cutting-Edge ClickFix Tactics Snowball, Evolving Phishing: ClickFix campaigns are becoming more prevalent, according to security researchers. The flexibility of these attacks is increasing, making them more potent. Source: Dark Reading
4. A $31 million Bitcoin donation to Silk Road founder Ross Ulbricht may have come from ...: A $31 million Bitcoin donation to Silk Road founder Ross Ulbricht is under investigation. Security researcher Taylor Monahan at crypto firm MetaMask is examining the reasons behind such large donations. Source: Fortune
5. Millions of Android devices roped into Badbox 2.0 botnet. Is yours among them?: Millions of Android devices have been incorporated into the Badbox 2.0 botnet, according to researchers with Human Security's Satori Threat Intelligence and Research Team. Source: Help Net Security

Top CVEs

1. Flaw in Samba's smbd service daemon: Samba's smbd service daemon doesn't pick up group membership changes when re-authenticating an expired SMB session, potentially exposing file shares. Clients need to disconnect and reconnect to apply changes. Source: CVE-2025-0620.
2. Unsafe deserialization vulnerability in Kafbat UI: Version 1.0.0 of Kafbat UI, a web interface for managing Apache Kafka clusters, has an unsafe deserialization vulnerability that allows unauthenticated users to execute arbitrary code on the server. Version 1.1.0 fixes the issue. Source: CVE-2025-49127.
3. Cross-site Scripting vulnerability in mhallmann SEPA Girocode: mhallmann SEPA Girocode has a vulnerability that allows Stored XSS. Source: CVE-2025-49450.
4. SQL injection vulnerability in Short URL WordPress plugin: The Short URL WordPress plugin through 1.6.8 does not properly sanitise and escape a parameter before using it in SQL statement, leading to a SQL injection exploitable by users with relatively low privilege on the site. Source: CVE-2023-2921.
5. Cross-Site Request Forgery vulnerability in Jatinder Pal Singh BP Profile as Homepage: Jatinder Pal Singh BP Profile as Homepage has a vulnerability that allows Stored XSS. Source: CVE-2025-49453.

API Security

1. Missing Authorization vulnerability in Pascal Casier bbPress API: A security flaw in the bbPress API allows for the exploitation of incorrectly configured access control security levels. This vulnerability affects all versions of the bbPress API. Source: CVE-2025-24763.
2. Cross-Site Request Forgery in Hive Support Plugin for WordPress: The Hive Support plugin for WordPress, up to and including version 1.2.2, is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation. This vulnerability allows unauthenticated attackers to reconfigure the plugin’s AI/chat settings and potentially redirect notifications or leak data to attacker-controlled endpoints. Source: CVE-2025-5019.
3. Unauthorized Access and Modification of Data in Hive Support Plugin for WordPress: The Hive Support plugin for WordPress, up to and including version 1.2.4, is vulnerable to unauthorized access and modification of data due to a missing capability check. This vulnerability allows authenticated attackers to read and overwrite the site’s OpenAI API key and inspection data or modify AI-chat prompts and behavior. Source: CVE-2025-5018.

Sponsored by Wallarm API Security Solution

Final Words

That's all for today's edition of Secret CISO. As we can see, the digital landscape continues to be a battlefield, with data breaches, potential lawsuits, and new vulnerabilities emerging daily. It's a reminder that vigilance and proactive security measures are our best defense in this ever-evolving cyber world.

From Texas to Tasmania, no one is immune to these threats. Whether it's government agencies, tech companies, or healthcare providers, data security is a universal concern. And with the rise of sophisticated tactics like ClickFix campaigns and the alarming spread of botnets like Badbox 2.0, it's clear that the threats are not only persistent but also evolving.

On the brighter side, we're also seeing proactive steps being taken, such as the appointment of a national security expert at Anthropic and the ongoing investigations into suspicious activities. It's a testament to the resilience and adaptability of the cybersecurity community.

Remember, knowledge is power. By staying informed about these threats and vulnerabilities, we can better prepare and protect our digital assets. So, if you found this newsletter helpful, please consider sharing it with your colleagues and friends. Let's spread the word and fortify our defenses together.

Stay safe, stay informed, and see you in the next edition of Secret CISO.