Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity breaches and vulnerabilities that are shaping the digital landscape. On this pivotal day, July 15th, we delve into a series of alarming data breaches and critical vulnerabilities that underscore the urgent need for robust security measures across various sectors.

In a historic breach, Episource has notified millions of individuals about a massive exposure of sensitive health data, marking the largest healthcare data breach in U.S. history. This incident, alongside breaches at Avantic Medical Lab and Covenant Health, highlights a troubling trend in the healthcare sector's data protection capabilities. Meanwhile, luxury brand Louis Vuitton and Dordt University are grappling with their own data security challenges, raising questions about the adequacy of their protective measures.

On the technological front, a critical vulnerability in the Wing FTP Server is being actively exploited globally, posing a significant risk of server compromise. The Interlock ransomware's new FileFix method and a major eSIM system flaw further illustrate the evolving tactics of cybercriminals. Additionally, vulnerabilities in Google's Gemini AI and a simple radio hack threatening North American train operations emphasize the pressing need for enhanced security protocols in both AI and critical infrastructure.

Our exploration continues with a series of newly disclosed vulnerabilities, including CVE-2025-53833 in LaRecipe, CVE-2025-53623 in ActiveJob, and several critical flaws in Directus and Tenda AC500. These vulnerabilities highlight the persistent challenges in software security and the importance of timely updates and patches.

Join us as we navigate these complex issues, offering insights and strategies to fortify your defenses in an increasingly perilous digital world. Stay informed, stay secure.

Data Breaches

1. Episource Notifies Millions of Health Data Breach Victims: Episource has disclosed a massive data breach, marking the largest healthcare data breach in U.S. history. The breach exposed sensitive health information of millions, raising significant concerns over data privacy and security. Source
2. Avantic Medical Lab Data Breach Investigation: Avantic Medical Lab is under investigation following a data breach that compromised sensitive personal and health information. The breach has sparked concerns about the lab's data protection measures. Source
3. Covenant Health Patient Data Breach: Covenant Health has reported a data breach where an unauthorized party accessed patient information. The incident has prompted calls for enhanced security measures to protect sensitive health data. Source
4. Louis Vuitton Customer Data Breach: A data breach at Louis Vuitton has impacted customer data, raising questions about the luxury brand's data security practices. The breach has attracted significant attention due to the brand's high profile. Source
5. Dordt University Data Breach Exposes Personal Information: Dordt University has experienced a data breach that exposed personal information, leading to potential legal actions. The breach has highlighted vulnerabilities in the university's data protection strategies. Source

Security Research

1. Wing FTP Vulnerability Actively Exploited Globally: A critical vulnerability in the Wing FTP Server is being actively exploited by threat actors worldwide. The flaw originates from how the server's authentication function parses usernames, potentially leading to unauthorized access. This vulnerability poses a significant risk of total server compromise. Source: BankInfoSecurity
2. Interlock Ransomware Adopts FileFix Method to Deliver Malware: The Interlock ransomware has adopted a new social engineering technique called FileFix, developed by security researcher mr.d0x. This method tricks users into opening malicious files by bypassing security warnings, making it a potent tool for malware delivery. Source: Bleeping Computer
3. A Major Security Flaw in Top eSIM System Could Put Billions of Devices at Risk: Security researchers have uncovered a vulnerability in eSIM technology, which is widely used in smartphones and other smart devices. This flaw could potentially allow attackers to clone eSIM profiles and hijack phone identities, posing a significant threat to billions of devices globally. Source: TechRadar
4. Google Gemini AI Bug Allows Invisible, Malicious Prompts: A vulnerability in Google's Gemini AI allows for invisible, malicious prompts that can be exploited in phishing scams. This flaw can trick users into interacting with fake security warnings, highlighting the need for robust AI governance and security measures. Source: Dark Reading
5. A Simple Radio Hack Can Emergency Stop Any Train in North America: Security researcher Neil Smith discovered a vulnerability in a communication standard used by trains, which can be exploited to remotely trigger emergency braking. This simple radio hack poses a significant threat to train operations across North America, emphasizing the need for improved security measures in critical infrastructure. Source: Cybernews

Top CVEs

1. CVE-2025-53833: LaRecipe, a documentation tool for Laravel apps, is vulnerable to Server-Side Template Injection (SSTI) in versions prior to 2.8.1. This flaw could lead to Remote Code Execution (RCE), allowing attackers to execute arbitrary commands, access sensitive data, and escalate privileges. Users should upgrade to version 2.8.1 or later to mitigate this risk. Source: Vulners
2. CVE-2025-53623: The Job Iteration API for ActiveJob has an arbitrary code execution vulnerability in the CsvEnumerator class in versions prior to 1.11.0. Exploitation can lead to unauthorized access and data leakage. Users should upgrade to version 1.11.0 or later and ensure proper input validation to mitigate this risk. Source: Vulners
3. CVE-2025-53818: GitHub Kanban MCP Server versions 0.3.0 and 0.4.0 are vulnerable to command injection attacks due to unsafe use of Node.js child process API. This flaw allows attackers to execute arbitrary commands. Currently, no patches are available, so users should be cautious with untrusted inputs. Source: Vulners
4. CVE-2025-7625: A critical path traversal vulnerability was found in YiJiuSmile kkFileViewOfficeEdit, affecting the /download function. This allows remote attackers to exploit the system, with the exploit already disclosed publicly. Users should be aware of this risk as no specific version details for patches are available. Source: Vulners
5. CVE-2025-7586: Tenda AC500 2.0.1.9(1307) has a critical stack-based buffer overflow vulnerability in the formSetAPCfg function. This can be exploited remotely, and the exploit has been publicly disclosed. Users should take immediate action to secure their systems. Source: Vulners

API Security

1. CVE-2025-7360: The HT Contact Form Widget for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation. This flaw allows unauthenticated attackers to move files on the server, potentially leading to remote code execution. Source.
2. CVE-2025-53889: Directus Flows with manual triggers do not validate user permissions, allowing unauthorized execution of tasks. This vulnerability affects versions from 9.12.0 to 11.9.0, and is fixed in version 11.9.0. Source.
3. CVE-2025-53887: Directus exposes its exact version number via the /server/specs/oas endpoint without authentication, allowing attackers to identify known vulnerabilities. This issue is resolved in version 11.9.0. Source.
4. CVE-2025-53886: Directus logs sensitive data, including access tokens, when using WebHook triggers in Flows. Malicious admins could hijack user sessions by accessing these logs. The vulnerability is patched in version 11.9.0. Source.
5. CVE-2025-53885: Directus allows logging of sensitive data to the console during CRUD events, which can be exploited by malicious admins. This issue is fixed in version 11.9.0. Source.

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is fraught with challenges, from massive data breaches in healthcare and luxury brands to vulnerabilities in critical infrastructure and popular software tools. These incidents underscore the importance of robust security measures and proactive risk management strategies.

In a world where data breaches and cyber threats are becoming increasingly common, staying informed is your first line of defense. Whether it's the latest breach affecting millions or a newly discovered vulnerability that could impact billions of devices, knowledge is power. By understanding these threats, you can better protect your organization and personal data.

If you found today's insights valuable, consider sharing this newsletter with your friends and colleagues. Together, we can build a more secure digital future by spreading awareness and fostering a community of informed and vigilant cybersecurity professionals.

Thank you for joining us today. Stay safe, stay informed, and we'll see you in the next edition of Secret CISO!