Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity incidents and innovations shaping our digital landscape. In a world where data breaches have become alarmingly frequent, today's stories highlight the vulnerabilities and resilience within our interconnected systems.

Our journey begins with a major data breach at Qantas, affecting nearly six million customers and sparking legal action. This incident is a stark reminder of the persistent threats facing large corporations. Meanwhile, across the globe, a significant data leak in Afghanistan has exposed the identities of British spies and special forces, raising critical security concerns.

In the retail sector, the UK retailer Co-op faces a data breach impacting 6.5 million members, while Belk Inc. grapples with a ransomware attack by DragonForce, exposing sensitive personal information. These breaches underscore the escalating cyber threats targeting diverse industries.

On the technological frontier, the University of Arizona partners with industry leaders to advance fusion innovation, aiming to bolster national security and energy independence. Simultaneously, researchers uncover a method where hackers misuse DNS for malware distribution, highlighting the need for enhanced cybersecurity measures.

In the realm of vulnerabilities, the Golden dMSA flaw in Windows Server 2025 poses a significant threat to credential security, while a semantic attack on AI systems like Grok-4 reveals potential weaknesses in language model safety protocols.

Finally, we delve into a series of critical vulnerabilities, from the Grafana Alerting DingDing integration to the Fortinet FortiWeb SQL Injection, each posing unique challenges to cybersecurity professionals worldwide.

Stay informed and vigilant as we navigate these complex challenges together, ensuring a safer digital future for all.

Data Breaches

1. Qantas Data Breach: A major data breach at Qantas has affected nearly six million customers, prompting legal action from law firm Maurice Blackburn. The airline has stated that no credit card details were compromised, but customers are seeking compensation for the breach. Source: Lawyerly, 7NEWS - YouTube, Yahoo Finance, Herald Sun.
2. Afghan Data Leak: A significant data leak has exposed the identities of British spies and special forces, as well as thousands of Afghans who assisted UK forces. This breach has raised security concerns and led to legal actions and public outcry. Source: Sky News, Los Angeles Times, Reuters, AP News.
3. UK Retailer Co-op Data Breach: The UK retailer Co-op has confirmed a data breach affecting 6.5 million members. This incident is one of the most significant data security breaches in recent retail history, impacting the company's IT infrastructure. Source: Cyber Press.
4. Belk Data Breach: A global ransomware group, DragonForce, has claimed responsibility for a data breach at Belk Inc. This breach exposed Social Security numbers and medical information, raising concerns about data security and privacy. Source: Journal Now.
5. Namibian Municipality Data Breach: The Namibia Cyber Security Incident Response Team (NAM-CSIRT) responded to a data breach and ransom demand at a Namibian municipality. This incident highlights the growing threat of cyberattacks on municipal systems. Source: TechAfrica News.

Security Research

1. U of A, industry partners poised to advance fusion innovation: The University of Arizona, along with industry partners, is set to make significant strides in fusion technology. This collaboration aims to enhance national security and energy independence by advancing fusion innovation. The partnership operates under a U.S. Special Security Agreement, allowing participation in classified contracts. Source: University of Arizona.
2. Hackers misuse DNS for malware: Researchers at DomainTools have discovered a method where hackers misuse DNS to distribute malware. This technique allows attackers to bypass traditional security measures, posing a significant threat to cybersecurity. The researchers have identified various applications of this method, highlighting the need for enhanced DNS security protocols. Source: Techzine Global.
3. Golden dMSA Flaw Exposes Firms to Major Credential Theft: A security flaw in Windows Server 2025, known as the Golden dMSA, has been identified by Semperis researchers. This vulnerability could lead to significant credential theft, affecting numerous organizations. The flaw highlights the ongoing challenges in securing enterprise environments against sophisticated cyber threats. Source: GovInfoSecurity.
4. DOGE employee leaks private xAI API key from sensitive database: A security researcher has uncovered a leak of a private xAI API key from a DOGE employee. This incident raises concerns about internal security practices and the potential for unauthorized access to sensitive data. The leak underscores the importance of stringent access controls and monitoring within organizations. Source: MSN.
5. Inside the semantic attack that fools Grok-4 (and other LLMs): NeuralTrust, an AI security firm, has demonstrated a semantic attack that can bypass the safety guardrails of language models like Grok-4. This research highlights vulnerabilities in AI systems, emphasizing the need for improved security measures to prevent misuse and ensure safe AI deployment. Source: TechTalks.

Top CVEs

1. Grafana Alerting DingDing Integration Vulnerability (CVE-2025-3415): The Grafana Alerting DingDing integration was improperly protected, potentially exposing it to users with Viewer permission. This vulnerability has been addressed in multiple updated versions of Grafana. Source.
2. Fortinet FortiWeb SQL Injection Vulnerability (CVE-2025-25257): An SQL Injection vulnerability in Fortinet FortiWeb versions 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10, and below 7.0.10 allows unauthenticated attackers to execute unauthorized SQL commands via crafted HTTP or HTTPS requests. Source.
3. Interrupt Remapping Vulnerability in PCI(-X) Devices (CVE-2025-1713): A vulnerability in the setup of interrupt remapping for legacy PCI(-X) devices can lead to unsafe lock acquisition, potentially causing system instability or other issues. Source.
4. NVIDIA Container Toolkit Code Execution Vulnerability (CVE-2025-23266): A vulnerability in NVIDIA Container Toolkit allows attackers to execute arbitrary code with elevated permissions, potentially leading to privilege escalation, data tampering, and denial of service. Source.
5. TrackPoint Quick Menu DLL Hijacking Vulnerability (CVE-2025-1729): A DLL hijacking vulnerability in TrackPoint Quick Menu software could allow a local attacker to escalate privileges under certain conditions. Source.

API Security

1. CVE-2025-6391: Brocade ASCG before version 3.3.0 logs JSON Web Tokens (JWT) in log files, which can be exploited by attackers with access to these logs. This vulnerability poses significant security risks, including unauthorized access and session hijacking. Organizations using Brocade ASCG should update to the latest version to mitigate these risks. Source: Vulners.
2. CVE-2025-54064: Rucio, a software framework for managing large volumes of scientific data, has a vulnerability where the X-Rucio-Auth-Token is logged in access logs. This exposure could lead to unauthorized access if the logs are accessible to more than just the instance administrators. Updated releases for Rucio components have been provided to address this issue. Source: Vulners.
3. CVE-2025-4302: The Stop User Enumeration WordPress plugin, before version 1.7.3, has a vulnerability that allows non-authorized users to bypass REST API request blocks by URL-encoding the API. This can potentially expose user information, and users of this plugin should update to the latest version to ensure security. Source: Vulners.

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is as dynamic as ever, with both challenges and innovations shaping our world. From the major data breaches affecting millions of customers at Qantas and Co-op, to the groundbreaking advancements in fusion technology at the University of Arizona, each story underscores the critical importance of cybersecurity and technological progress.

These incidents remind us that while technology offers incredible opportunities, it also demands vigilant security measures to protect sensitive information and maintain trust. Whether it's the misuse of DNS for malware distribution or vulnerabilities in widely-used software, staying informed and proactive is key to safeguarding our digital future.

We hope you found today's insights valuable and encourage you to share this newsletter with your friends and colleagues. By spreading awareness, we can collectively enhance our defenses and foster a more secure digital environment for everyone.

Thank you for being a part of our community. Stay safe, stay informed, and see you in the next edition of Secret CISO!