Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity threats and innovations shaping our digital landscape. Today's issue is a rollercoaster of revelations, from massive data breaches to groundbreaking AI partnerships, all woven into a narrative of vulnerability and resilience.

We begin with a seismic leak from World Leaks, claiming a colossal 1.3 TB of data from Dell Technologies, a claim Dell dismisses as fake. Meanwhile, the healthcare sector is reeling from a series of breaches, with Radiology Associates of Richmond and Central Maine Healthcare facing legal storms over exposed patient data. Anne Arundel Dermatology and Tabb, Inc. join the fray, underscoring the urgent need for fortified data defenses.

In a strategic pivot, Britain partners with OpenAI to spearhead an AI-driven productivity revolution, even as the shadow of cyber threats looms large. A newly discovered 7-Zip vulnerability and the insidious DCHSpy malware remind us of the relentless evolution of cyber threats, while the Indo-Pacific region braces for a surge in cyberattacks.

On the technical front, a series of vulnerabilities in popular software, including Manager-io and IrfanView, highlight the persistent challenges in securing digital ecosystems. From SSRF flaws to memory corruption exploits, these vulnerabilities serve as a stark reminder of the critical need for vigilance and timely updates.

Finally, we delve into the realm of web applications, where vulnerabilities in WordPress plugins and NodeJs applications expose users to XSS and command injection attacks. As we navigate this complex landscape, the message is clear: cybersecurity is a continuous journey, demanding constant adaptation and innovation.

Stay informed, stay secure, and join us as we explore these stories and more in today's Secret CISO.

Data Breaches

1. World Leaks Just Leaked 1.3 TB of Files From Its Dell Data Breach: The data extortion group World Leaks has released a massive 1.3-terabyte trove of data allegedly stolen from Dell Technologies. The breach includes sensitive internal tools and user data, raising significant concerns about data security and privacy. Dell, however, has dismissed the breach, claiming the data was fake. Source: Tech.co
2. Radiology Associates of Richmond Confirms Data Breach Affecting 1.4 Million Patients: Radiology Associates of Richmond has confirmed a significant data breach impacting 1.4 million patients. The breach has exposed sensitive patient information, prompting an investigation and legal actions to protect affected individuals. This incident underscores the critical need for robust data protection measures in healthcare. Source: Bitdefender
3. Central Maine Healthcare Faces Six Class-Action Lawsuits Over Data Breach Incident: Central Maine Healthcare is embroiled in six class-action lawsuits following a data breach that exposed patient data. The lawsuits allege negligence and breach of implied contract, highlighting the legal and financial repercussions of inadequate data security practices in the healthcare sector. Source: Fox23 Maine
4. Anne Arundel Dermatology Data Breach Exposes Personal Information: Anne Arundel Dermatology has suffered a data breach, exposing personal information of its clients. The breach has led to legal investigations, emphasizing the importance of safeguarding personal data in medical practices. Affected individuals are advised to monitor their personal information closely. Source: GlobeNewswire
5. Tabb, Inc. Data Breach Under Investigation by Levi & Korsinsky, LLP: Tabb, Inc. is under investigation following a data breach that has raised concerns over the security of sensitive information. The breach has prompted legal scrutiny and potential class-action lawsuits, highlighting the ongoing challenges companies face in protecting consumer data. Source: WPRI-TV

Security Research

1. Britain Partners With OpenAI On AI Research And Infrastructure As U.K. Eyes Productivity Revolution: Britain and OpenAI have entered into a strategic partnership to enhance AI security research and infrastructure. This collaboration aims to boost productivity and innovation in the U.K. by investing in AI technologies and research. Source: AllWork.Space
2. 7-Zip Vulnerability Lets Malicious RAR5 Files Crash Systems: Security researcher Jaroslav Lobačevski discovered a vulnerability in 7-Zip, identified as GHSL-2025-058. This flaw, caused by a heap buffer overflow, allows malicious RAR5 files to crash systems, posing a significant risk to users. Source: GBHackers
3. Iran-Linked DCHSpy Android Malware Masquerades as VPN Apps to Spy on Dissidents: The DCHSpy malware, linked to Iran, disguises itself as VPN apps to collect sensitive data from dissidents. It gathers WhatsApp data, contacts, SMS, files, and more, highlighting the ongoing threat of state-sponsored cyber espionage. Source: The Hacker News
4. Cyberattacks Surging Across Indo-Pacific, Researchers Warn: A study by the Center for a New American Security reveals an increase in cyberattacks from China and North Korea. These attacks target infrastructure and influence operations, emphasizing the growing cyber threat in the Indo-Pacific region. Source: BankInfoSecurity
5. Malicious Implants Are Coming to AI Components, Applications: Security researcher Hariharan Shanmugam is set to publish research on vulnerabilities in AI models. These security issues could lead to malicious implants in AI components, posing a new challenge for cybersecurity in AI applications. Source: Dark Reading

Top CVEs

1. CVE-2025-54122: A critical unauthenticated full read Server-Side Request Forgery (SSRF) vulnerability has been identified in the Manager-io/Manager accounting software. This flaw allows attackers to bypass network isolation and access internal services, potentially leading to data exfiltration from isolated network segments. The vulnerability affects both Desktop and Server editions up to version 25.7.18.2519 and has been fixed in subsequent versions. Source: Vulners.
2. CVE-2025-7314: This vulnerability in the IrfanView CADImage Plugin involves DWG file parsing, leading to memory corruption and potential remote code execution. Exploitation requires user interaction, such as visiting a malicious page or opening a malicious file. The flaw arises from improper validation of user-supplied data, allowing attackers to execute code within the context of the current process. Source: Vulners.
3. CVE-2025-7310: Similar to CVE-2025-7314, this vulnerability affects the IrfanView CADImage Plugin's DWG file parsing, resulting in memory corruption and remote code execution. User interaction is necessary for exploitation, and the issue stems from inadequate validation of user-supplied data. Attackers can execute code in the context of the current process. Source: Vulners.
4. CVE-2025-7303: Another vulnerability in the IrfanView CADImage Plugin, this one also involves DWG file parsing, leading to memory corruption and potential remote code execution. Exploitation requires user interaction, and the flaw is due to insufficient validation of user-supplied data. Attackers can execute code within the current process context. Source: Vulners.
5. CVE-2025-7299: This vulnerability affects the IrfanView CADImage Plugin's DWG file parsing, causing memory corruption and enabling remote code execution. User interaction is required for exploitation, and the issue arises from improper validation of user-supplied data. Attackers can execute code in the context of the current process. Source: Vulners.

API Security

1. WP-Members Membership Plugin Vulnerability: The WP-Members Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the 'wpmem_login_link' shortcode. This flaw allows authenticated attackers with contributor-level access to inject arbitrary scripts, which execute when a user accesses the compromised page. This vulnerability affects all versions up to 3.5.4.1. Source: Vulners.
2. Lara Translate MCP Server Command Injection: Versions 0.0.11 and below of the Lara Translate MCP Server are vulnerable to command injection due to unsanitized input parameters in the @translated/lara-mcp MCP Server. This allows attackers to inject arbitrary system commands, potentially leading to remote code execution. The issue is resolved in later versions. Source: Vulners.
3. HAX CMS NodeJs API Vulnerability: In versions 11.0.8 and below, the HAX CMS NodeJs application crashes when an API request lacks required URL parameters, affecting the listFiles and saveFiles endpoints. This vulnerability arises from improper exception handling and has been fixed in subsequent versions. Source: Vulners.
4. Cadwyn API Versioning XSS Vulnerability: Cadwyn, a FastAPI-based API versioning tool, is vulnerable to Reflected XSS attacks in versions 5.4.3 and below. The vulnerability allows attackers to execute JavaScript on a user's session via the "/docs" endpoint. This issue has been addressed in later versions. Source: Vulners.
5. RomM Arbitrary File Write Vulnerability: RomM (ROM Manager) versions 4.0.0-beta.3 and below have an arbitrary file write vulnerability in the /api/saves endpoint. This flaw can lead to Remote Code Execution, allowing attackers to create or modify files with user-supplied content. The vulnerability requires authentication and has been fixed in newer versions. Source: Vulners.

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is as dynamic as ever. From the massive data breach at Dell to the strategic AI partnership between Britain and OpenAI, the stories we've covered today highlight the ever-evolving challenges and opportunities in cybersecurity.

The breaches at Radiology Associates of Richmond and Central Maine Healthcare remind us of the critical importance of robust data protection measures, especially in sectors handling sensitive information. Meanwhile, the vulnerabilities in popular software like 7-Zip and IrfanView underscore the need for constant vigilance and timely updates to safeguard against exploitation.

On a brighter note, the collaboration between Britain and OpenAI signals a promising future for AI-driven innovation, aiming to revolutionize productivity and security. Yet, as we embrace these advancements, the looming threats of cyber espionage and malicious implants in AI components serve as a stark reminder of the complexities we face.

We hope today's insights equip you with the knowledge to navigate these challenges effectively. If you found this newsletter valuable, please share it with your friends and colleagues. Together, we can foster a more informed and resilient cybersecurity community.

Stay safe, stay informed, and see you in the next edition of Secret CISO!