Welcome to today's issue of Secret CISO, your daily dose of the most impactful cybersecurity news. Today, we're diving into a range of topics from data breaches and insider threats to new vulnerabilities and the potential threat of biological warfare.

First up, T-Mobile has begun distributing settlement funds following a massive data breach in 2021 that exposed the personal data of approximately 76 million U.S. customers. Meanwhile, Iran has unveiled what is being described as the most serious intelligence breach in Israeli history, with data likely encompassing details about Israeli military bases and secret operations.

In other news, an Indian grocery app has flagged an insider data breach, highlighting the critical security vulnerability posed by poor offboarding practices. A college coach is also under investigation for allegedly hacking private photos of female athletes, and Elon Musk's team is under scrutiny for installing a Starlink Wi-Fi terminal on top of the White House, bypassing data-tracking security measures.

Turning to research, Daniel Klischies and David Hirsch presented their findings on baseband vulnerabilities at OffensiveCon25, while food safety activists in Uganda are calling for more investment in research to address food security challenges. A security policy expert warns of the potential threat of biological warfare and agroterrorism to the US, possibly linked to Chinese researchers at the University of Michigan.

On the digital front, a leak of 184 million passwords online in plain text has been discovered, highlighting a significant breach in digital security. In the crypto world, the importance of bug bounty programs in incentivizing security researchers and creating safety nets beyond standard security measures is discussed.

Finally, we have a list of new vulnerabilities to watch out for, including a flaw in libcurl's WebSocket code that could lead to a Denial of Service (DoS) attack, and a critical vulnerability in Tenda AC9 15.03.02.13 that could lead to a buffer overflow. Stay vigilant and stay safe!

Data Breaches

1. T-Mobile Distributes Settlement Funds Following 2021 Data Breach: T-Mobile has begun distributing settlement funds following a 2021 data breach that exposed personal data of approximately 76 million U.S. customers, including names, addresses, and social security numbers. Source: Binance
2. Iran Unveils Most Serious Intelligence Breach in Israeli History: Iran has unveiled what is being described as the most serious intelligence breach in Israeli history. The scope of the data likely goes beyond nuclear facilities and encompasses details about Israeli military bases and secret operations. Source: Palestine Chronicle
3. Indian grocery app flags insider breach, can't rule out hack: An Indian grocery app has flagged an insider data breach and cannot rule out a hack. The incident highlights the critical security vulnerability posed by poor offboarding practices. Source: Tech in Asia
4. Coach Allegedly Hacked Private Photos of Female College Athletes: A coach is under investigation for allegedly hacking private photos of female college athletes in a significant data breach. Source: TODAY.com
5. Elon Musk's DOGE Goons Surreptitiously Transmitted Reams of White House Data: Elon Musk's team is under scrutiny for installing a Starlink Wi-Fi terminal on top of the White House, allowing them to bypass data-tracking security measures and transmit large amounts of data. Source: The Daily Beast

Security Research

1. OffensiveCon25 - No Signal, No Security: Dynamic Baseband Vulnerability Research: Researchers Daniel Klischies and David Hirsch presented their findings on baseband vulnerabilities at OffensiveCon25, highlighting the potential security risks in mobile communication. Source: Security Boulevard
2. Activists urge increased research, call for food authority to boost safety in Uganda: Food safety activists in Uganda are calling for more investment in research to address food security challenges in the country. Source: NTV Uganda
3. Biological Warfare, Agroterrorism 'A Huge Threat' to US: Security Policy Expert: A security policy expert warns of the potential threat of biological warfare and agroterrorism to the US, possibly linked to Chinese researchers at the University of Michigan. Source: NTD
4. 184 Million Passwords Leaked Online in Plain Text: A Global Data Crisis Unfolds: Security researcher Jeremiah Fowler discovered a leak of 184 million passwords online in plain text, highlighting a significant breach in digital security. Source: The420
5. Finding Your Crypto Home: What Makes an Exchange Platform Trustworthy: The article discusses the importance of bug bounty programs in incentivizing security researchers and creating safety nets beyond standard security measures in crypto exchange platforms. Source: Finextra

Top CVEs

1. CVE-2024-55585: The moPS App through 1.8.618 has a vulnerability that allows all users to access administrative API endpoints without additional authentication, leading to unrestricted read and write access. Source: CVE-2024-55585
2. CVE-2025-5399: A flaw in libcurl's WebSocket code allows a malicious server to send a specially crafted packet that traps libcurl in an endless busy-loop, potentially leading to a Denial of Service (DoS) attack. Source: CVE-2025-5399
3. CVE-2025-5839: A critical vulnerability has been identified in Tenda AC9 15.03.02.13. The function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Handler is affected, leading to a buffer overflow. Source: CVE-2025-5839
4. CVE-2024-9993: The Essential Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_event_details_text parameter of Event Calendar Widget, allowing authenticated attackers to inject arbitrary web scripts. Source: CVE-2024-9993
5. CVE-2025-5568: The WpEvently plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters, allowing authenticated attackers to inject arbitrary web scripts. Source: CVE-2025-5568

Final Words

And that's a wrap for today's edition of Secret CISO. From T-Mobile's data breach settlement to the alarming intelligence breach in Israel, it's clear that the cyber landscape is as dynamic as ever. We've also seen the impact of insider threats in India and the potential risks posed by poor offboarding practices. Not to mention, the intriguing case of Elon Musk's team allegedly bypassing data-tracking security measures at the White House.

But it's not all doom and gloom. We've also highlighted some proactive measures being taken in the world of cybersecurity. From the insightful research presented at OffensiveCon25 to the call for increased food safety research in Uganda, it's evident that there are dedicated individuals and organizations working tirelessly to improve our security landscape.

And let's not forget the importance of staying informed about the latest vulnerabilities. Today, we've shared details about several CVEs, including potential threats to the moPS App, libcurl's WebSocket code, Tenda AC9, and WordPress plugins. Knowledge is power, and staying updated on these vulnerabilities is a crucial step in maintaining your security posture.

As always, we encourage you to share this newsletter with your friends and colleagues. The more we spread awareness about these issues, the better equipped we'll all be to tackle them head-on. Remember, cybersecurity is a shared responsibility, and every bit of information helps.

Stay safe, stay informed, and we'll see you in the next edition of Secret CISO.