Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity breaches and vulnerabilities that have surfaced across the globe.

In a startling revelation, Bitcoin Depot has suffered a breach, exposing the personal data of 27,000 crypto users, igniting concerns over the security of cryptocurrency transactions. Meanwhile, a powerful D.C. law firm finds itself in the crosshairs of suspected Chinese hackers, underscoring the persistent threat of state-sponsored cyberattacks.

On the software front, over 600 Laravel applications are at risk due to leaked APP_KEYs on GitHub, while Google's open-source review system faces a critical vulnerability dubbed GerriScary. These incidents highlight the pressing need for stringent security measures in both proprietary and open-source platforms.

In a broader context, the Better Business Bureau warns of a massive breach leaking 16 billion credentials, urging consumers and businesses to bolster their cybersecurity defenses. Additionally, a $500,000 crypto heist via malicious packages targeting Cursor users further emphasizes the vulnerabilities within the open-source ecosystem.

As we delve deeper, we uncover critical vulnerabilities in Fortinet FortiWeb and F5 BIG-IP iControl REST, both demanding immediate attention to prevent potential exploits. These revelations serve as a stark reminder of the ever-evolving landscape of cyber threats and the imperative for constant vigilance.

Stay informed, stay secure, and join us as we navigate the complexities of today's cybersecurity challenges.

Data Breaches

1. Bitcoin Depot Breach Exposes Data of 27,000 Crypto Users: Bitcoin Depot, Inc., a prominent cryptocurrency ATM operator, has disclosed a data breach that compromised the personal information of 27,000 users. The breach has raised concerns about the security measures in place for cryptocurrency transactions and the protection of user data. Source: GBHackers.
2. Chinese Hackers Suspected in Breach of Powerful DC Law Firm: A powerful law firm in Washington, D.C., has reportedly been breached by Chinese hackers, raising alarms about the security of sensitive legal information. The breach highlights the ongoing threat of state-sponsored cyberattacks targeting high-profile organizations. Source: DataBreaches.Net.
3. Over 600 Laravel Apps Exposed to Remote Code Execution Due to Leaked APP_KEYs on GitHub: Cybersecurity researchers have discovered a serious security issue affecting over 600 Laravel applications. Leaked APP_KEYs on GitHub have been weaponized to gain remote code execution, posing a significant threat to the security of these applications. Source: The Hacker News.
4. Fraudsters Allegedly Misuse Poshan Tracker Data to Target Matru Vandana Beneficiaries: A data breach on the 'Poshan Tracker' application has led to fraudsters targeting beneficiaries of the Matru Vandana scheme. Victims have lodged complaints, highlighting the need for stronger data protection measures in government applications. Source: The New Indian Express.
5. Consumers and Businesses Warned of 16 Billion Credentials Leaked in Major Data Breach: The Better Business Bureau has issued a warning following a major data breach that leaked 16 billion credentials. Consumers and businesses are urged to take immediate cybersecurity precautions to protect their sensitive information. Source: SSNewsTelegram.

Security Research

1. GerriScary: Supply chain vulnerability in Google OSS review system
2. Security researchers
3. from Tenable have discovered a vulnerability called GerriScary in Google's open source code review system Gerrit. This flaw poses a significant risk as it could potentially allow malicious actors to inject unauthorized code into projects, affecting numerous downstream users. The discovery highlights the critical need for robust security measures in open source platforms. Source:
4. BornCity
5. .
6. Meta's Llama Firewall Bypassed Using Prompt Injection Vulnerability
7. Trendyol's
8. security researchers
9. reported a vulnerability in Meta's Llama Firewall that allows attackers to bypass security protocols using prompt injection techniques. This flaw could enable unauthorized access to sensitive data, raising concerns about the robustness of AI-driven security systems. The incident underscores the importance of securing AI models against novel attack vectors. Source:
10. Cyber Security News
11. .
12. Exploits for pre-auth Fortinet FortiWeb RCE flaw released, patch now
13. Cybersecurity firm WatchTowr and a
14. security researcher
15. known as "faulty *ptrrr" have released technical write-ups and proof-of-concept exploits for a pre-authentication remote code execution flaw in Fortinet FortiWeb. This vulnerability could allow attackers to execute arbitrary code on affected systems, emphasizing the urgency for users to apply patches immediately. Source:
16. Bleeping Computer
17. .
18. Over 600 Laravel Apps Exposed to Remote Code Execution Due to Leaked APP_KEYs on GitHub
19. Cybersecurity
20. researchers
21. have identified a critical security issue involving leaked Laravel APP_KEYs on GitHub, which could be exploited to execute remote code on over 600 applications. This vulnerability highlights the dangers of improper key management and the need for developers to secure their application secrets diligently. Source:
22. The Hacker News
23. .
24. $500K Crypto Heist Via Malicious Packages Targeting Cursor Users Uncovered By Kaspersky
25. Kaspersky's Global Research and Analysis Team, led by
26. security researcher
27. Georgy Kucherin, uncovered a $500,000 cryptocurrency heist involving malicious packages targeting Cursor users. The attack exploited compromised open-source packages, underscoring the importance of vigilance and security in the open-source ecosystem. Source:
28. Crowdfund Insider
29. .

API Security

1. FortiWeb Critical SQL Injection Vulnerability
2. A critical SQL injection vulnerability, CVE-2025-25257, affects FortiWeb devices, allowing unauthenticated attackers to execute SQL commands via the Authorization header. This can lead to full database compromise and potential remote code execution. The vulnerability has a CVSS score of 9.6 – 9.8 and affects multiple versions of FortiWeb. Immediate patching is recommended to mitigate risks. Source:
3. Vulners
4. .
5. F5 BIG-IP iControl REST Authentication Bypass RCE
6. CVE-2022-1388 is a critical vulnerability in F5 BIG-IP iControl REST, allowing remote attackers to bypass authentication and execute arbitrary commands. The exploit involves crafting HTTP requests to bypass access controls, posing significant risks to affected systems. Users are advised to upgrade to patched versions to prevent exploitation. Source:
7. Vulners
8. .

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is as dynamic as ever, with new threats emerging at every turn. From the Bitcoin Depot breach affecting thousands of crypto users to the alarming vulnerabilities in widely-used platforms like Laravel and Fortinet, the importance of robust cybersecurity measures cannot be overstated.

We've also seen how state-sponsored attacks, like the breach of a powerful DC law firm, and vulnerabilities in AI-driven systems, such as Meta's Llama Firewall, highlight the need for constant vigilance and innovation in our security strategies. The discovery of the GerriScary vulnerability in Google's open-source review system further underscores the critical need for securing our software supply chains.

These stories remind us that cybersecurity is not just about protecting data but also about safeguarding trust and integrity in our digital interactions. As we continue to navigate these challenges, let's stay informed, proactive, and resilient.

If you found today's insights valuable, please share this newsletter with your friends and colleagues. Together, we can build a more secure digital world. Stay safe, stay informed, and see you in the next edition of Secret CISO!