Welcome to today's edition of Secret CISO, where we unravel a tapestry of cybersecurity stories that echo the urgent need for vigilance and robust defenses in our digital world. From hefty fines to sophisticated cyber-espionage, today's newsletter is a stark reminder of the vulnerabilities lurking in both corporate and governmental systems.

In Poland, McDonald's faces a record GDPR fine for failing to oversee its data processors, while Belk Inc. grapples with a class action lawsuit following a data breach that exposed Social Security numbers. Across the Atlantic, Syracuse ACS is fined for inadequate security measures after a ransomware attack, highlighting the critical need for thorough risk assessments in healthcare.

Meanwhile, the Indian Council of Agricultural Research suffers a breach affecting key projects, and T-Mobile's settlement payouts reveal the disparities in compensation for data breach victims. In the realm of cyber-espionage, a failed Microsoft security patch becomes a boon for Chinese hackers, and North Korean operatives infiltrate American companies through remote IT jobs.

As ransomware actors exploit SharePoint vulnerabilities, the release of a Metasploit module for SharePoint 0-day vulnerabilities underscores the urgency for timely patching. Additionally, Coyote malware's exploitation of Microsoft's UI Automation to steal banking credentials serves as a chilling reminder of the need for enhanced security measures.

Finally, we delve into critical vulnerabilities affecting various platforms, from ChanCMS and eKuiper to Quiet and CapillaryScope, each presenting unique challenges and emphasizing the importance of staying ahead of potential threats. Join us as we navigate these complex narratives and explore the ever-evolving landscape of cybersecurity.

Data Breaches

1. McDonald's Poland faces record €3.89 million GDPR fine for processor oversight failures: The Polish data protection authority has imposed a significant fine on McDonald's Poland for failing to oversee its data processors adequately, leading to an employee data breach. This incident highlights the importance of stringent data protection measures and compliance with GDPR regulations. Source: PPC Land.
2. Belk data breach exposed Social Security numbers, class action alleges: A class action lawsuit has been filed against Belk Inc. following a data breach that allegedly exposed customers' Social Security numbers. The lawsuit claims that the company failed to protect sensitive information, leading to potential identity theft risks for affected individuals. Source: Top Class Actions.
3. Feds Fine Surgery Practice $250K in Ransomware Breach: The U.S. Department of Health and Human Services fined Syracuse ACS $250,000 for a ransomware attack due to inadequate HIPAA security risk analysis. This case underscores the critical need for healthcare organizations to conduct thorough security assessments to protect patient data. Source: BankInfoSecurity.
4. Data breach at ICAR hits key recruitment, agri research projects: The Indian Council of Agricultural Research (ICAR) experienced a data breach affecting its recruitment and agricultural research projects. This breach has raised concerns about the security of sensitive information within India's premier agricultural research body. Source: The Indian Express.
5. Massive T-Mobile data breach payments prove all settlements aren't created equal: In a surprising development, some T-Mobile customers are receiving over $4,000 as part of a settlement for the 2021 data breach that affected 76 million customers. This settlement highlights the varying compensation outcomes for data breach victims. Source: Android Police.

Security Research

1. A Failed Microsoft Security Patch Is the Latest Win for Chinese Hackers: Researchers have identified that over 400 SharePoint servers, many belonging to government entities, have been compromised due to a failed Microsoft security patch. This incident highlights the vulnerabilities in Microsoft's patch management and the increasing sophistication of Chinese cyber-espionage efforts. Source: WSJ
2. Ransomware Actors Pile on 'ToolShell' SharePoint Bugs: A Viettel Cyber Security researcher discovered vulnerabilities in SharePoint, dubbed "ToolShell," which ransomware actors are exploiting. This attack chain demonstrates the critical need for organizations to patch their systems promptly to prevent exploitation. Source: Dark Reading
3. North Korea Infiltrated America by Taking Remote US IT Jobs: Security researchers have uncovered that North Korean operatives are taking remote IT jobs in the US to generate revenue for their government. This tactic allows them to infiltrate American companies and potentially access sensitive information. Source: Bloomberg
4. Metasploit Module Released for Exploited SharePoint 0-Day Vulnerabilities: Security researchers have developed a new Metasploit module to exploit critical vulnerabilities in Microsoft SharePoint Server. This tool underscores the urgency for organizations to apply patches and secure their systems against potential attacks. Source: Cyber Press
5. Coyote Malware Abuses Microsoft's UI Automation to Hunt Banking Creds: Akamai security researcher Tomer Peled detailed how attackers could exploit Microsoft's UI Automation to steal banking credentials and execute malicious code. This discovery emphasizes the need for enhanced security measures to protect sensitive financial data. Source: The Register

API Security

1. CVE-2025-8133 yanyutao0402 ChanCMS gather.js getArticle server-side request forgery: A critical vulnerability in yanyutao0402 ChanCMS up to version 3.1.2 allows remote attackers to exploit server-side request forgery through the getArticle function. This flaw can be mitigated by upgrading to version 3.1.3. Source.
2. CVE-2025-54379 eKuiper API endpoints handling SQL queries with user-controlled table names: LF Edge eKuiper versions before 2.2.1 have a critical SQL Injection vulnerability in the getLast API, allowing unauthenticated remote attackers to execute arbitrary SQL statements. This issue is resolved in version 2.2.1. Source.
3. CVE-2025-53940 Quiet uses insecure, inconsistent verification on local backend token: Quiet, an alternative to team chat apps, had a vulnerability in versions 6.1.0-alpha.4 and below where an insecure token verification method allowed timing attacks. This has been fixed in later versions. Source.
4. CVE-2025-40680 Encryption of sensitive data in CapillaryScope missing: CapillaryScope v2.5.0 lacks encryption for sensitive data, storing proxy credentials and JWT session tokens in plain text on Windows. This exposes data to any authenticated local user with registry access. Source.
5. CVE-2025-7695 Dataverse Integration 2.77 - 2.81 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via reset_password_link REST Route: The Dataverse Integration plugin for WordPress has a vulnerability in versions 2.77 through 2.81, allowing authenticated attackers to escalate privileges by obtaining password reset links for administrators. Source.

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the landscape of cybersecurity is as dynamic as ever. From McDonald's Poland facing hefty fines for GDPR oversights to the intricate vulnerabilities in Microsoft's SharePoint, the stories we've covered today emphasize the critical need for vigilance and proactive measures in safeguarding data.

Whether it's the massive settlements from T-Mobile's data breach or the sophisticated tactics employed by North Korean operatives, each story serves as a reminder of the diverse challenges that organizations face in protecting sensitive information. The vulnerabilities and exploits we've discussed highlight the importance of timely updates and robust security protocols.

We hope you found today's insights valuable and thought-provoking. If you did, please consider sharing this newsletter with your friends and colleagues. By spreading awareness, we can collectively enhance our defenses and stay ahead of potential threats.

Thank you for joining us today. Stay secure, stay informed, and we'll see you in the next edition of Secret CISO!