Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity breaches and vulnerabilities that have shaken the digital world. In this issue, we delve into a series of alarming data breaches that have left users and organizations scrambling for security.

First, the Tea app, a platform for anonymous reviews, has suffered a massive data breach, exposing user selfies and private messages, leading to online harassment. This breach is a stark reminder of the vulnerabilities in platforms designed to protect anonymity.

Meanwhile, Allianz Life faces a significant breach affecting a majority of its customers, with personal information stolen, prompting legal actions. Similarly, Dell is under scrutiny after the World Leaks ransomware group claims to have stolen 1.3 terabytes of data, though Dell disputes some of these claims.

In the realm of cyber warfare, pro-Ukrainian hackers have grounded Russian airline Aeroflot, marking a new era of "kinetic sabotage" amidst geopolitical tensions. This incident highlights the growing intersection of cybersecurity and international relations.

On the vulnerability front, a critical bug in the Post SMTP plugin for WordPress threatens widespread site takeovers, while a newly published exploit chain for a Cisco ISE vulnerability underscores the urgency for timely patching.

Finally, Microsoft's Project Ire showcases a breakthrough in malware detection, leveraging AI to autonomously identify threats at scale, offering a glimpse into the future of cybersecurity defense.

Stay informed and vigilant as we navigate these turbulent cybersecurity waters together.

Data Breaches

1. Tea App Data Breach: The Tea app, designed for women to anonymously post reviews about men, has suffered a significant data breach. The breach exposed thousands of user selfies, private messages, and photo identifications, leading to online harassment as leaked photos were used in unauthorized rating sites and maps. Source: Engadget, Business Insider, CBS News, Live Now Fox, Bleeping Computer, Lifehacker, Chicago Sun-Times.
2. Allianz Life Data Breach: Allianz Life experienced a data breach on July 16, 2025, affecting a majority of its customers. Personal information was stolen during a cyberattack, prompting investigations and legal actions. Source: Morningstar, Dark Reading, USA Today.
3. Dell Security Breach: Dell confirmed a security breach after the World Leaks ransomware group released 1.3 terabytes of data allegedly stolen from the company. Dell disputes some of the claims but is investigating the extent of the breach. Source: CPO Magazine.
4. BYU-Pathway Worldwide Data Breach: BYU-Pathway Worldwide has issued data breach notices to affected individuals, potentially leading to legal actions for the exposure of personal information. Source: Class Action.
5. Bloomingfoods Data Security Breach: Bloomingfoods, a food market, reported a data security breach involving credit card skimming. Customers have been warned and advised to monitor their financial statements for any unauthorized transactions. Source: Herald Times Online.

Security Research

1. Russian airline Aeroflot grounded by pro-Ukrainian hackers: A cyberattack by pro-Ukrainian hackers has grounded Russian airline Aeroflot, marking a significant incident of "kinetic sabotage." The attack is seen as a psychological message amidst ongoing geopolitical tensions. Source: Cybernews
2. Why Patch Management Isn't Enough: SharePoint, Webshells & the Modern Threat Landscape: This research highlights the limitations of traditional patch management in the face of modern threats like webshells and vulnerabilities in platforms like SharePoint. It emphasizes the need for holistic threat intelligence to preemptively address these risks. Source: Recorded Future
3. Widespread WordPress site takeovers likely with Post SMTP plugin bug: A critical vulnerability in the Post SMTP plugin for WordPress has been identified, potentially allowing widespread site takeovers. Despite the availability of a patch, only 48.5% of affected sites have been updated, leaving many at risk. Source: SC Media
4. Exploit available for critical Cisco ISE bug exploited in attacks: Security researcher Bobby Gould has published a complete exploit chain for a critical vulnerability in Cisco ISE, which has already been exploited in attacks. This highlights the urgent need for organizations to apply patches to protect their systems. Source: Bleeping Computer
5. Project Ire autonomously identifies malware at scale: Microsoft's Project Ire has developed a system capable of autonomously identifying malware at scale, representing a significant advancement in cybersecurity. This project leverages AI to enhance threat detection and response capabilities. Source: Microsoft Research

API Security

1. CVE-2025-54766: An API endpoint intended for web application administrators is accessible by lower-level read-only users. This vulnerability allows unauthorized users to export the appliance configuration, potentially exposing sensitive data. Source: Vulners.
2. CVE-2025-54768: Similar to CVE-2025-54766, this vulnerability involves an API endpoint meant for administrators being accessible by lower-level users. It allows unauthorized users to download logs from the appliance configuration, risking exposure of sensitive information. Source: Vulners.
3. CVE-2025-54765: This vulnerability allows lower-level users to access an API endpoint intended for administrators, enabling them to import the appliance configuration. This could allow attackers to control the appliance configuration and potentially grant themselves administrative privileges. Source: Vulners.
4. Exploit for Prototype Pollution in Salesforce Tough-Cookie: This exploit involves manipulating cookies in Node.js applications using the tough-cookie library. It highlights potential security risks in cookie handling, which could lead to unauthorized access or data manipulation. Source: Vulners.
5. webfinger.js Blind SSRF Vulnerability: The webfinger.js library has a vulnerability that allows Server-Side Request Forgery (SSRF) attacks. It fails to prevent access to localhost and LAN addresses, posing a risk for ActivityPub applications in production environments. Source: Vulners.

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is as dynamic as ever. From the unsettling data breaches affecting apps like Tea and major companies like Allianz Life and Dell, to the innovative strides in cybersecurity with projects like Microsoft's Project Ire, the world of cybersecurity is a constant dance between threat and defense.

We've seen how vulnerabilities, such as those in WordPress plugins and Cisco systems, can leave organizations exposed, and how geopolitical tensions can manifest in cyberattacks, as demonstrated by the grounding of Aeroflot. These stories remind us of the critical importance of staying informed and vigilant.

In this ever-evolving field, sharing knowledge is key. If you found today's insights valuable, please consider sharing this newsletter with your friends and colleagues. Together, we can build a more secure digital world, one informed reader at a time.

Stay safe and see you in the next edition of Secret CISO!