Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity challenges and breakthroughs. In this issue, we delve into a series of alarming data breaches that have rocked various sectors, from healthcare to financial services, underscoring the urgent need for robust data protection measures.

Our journey begins with Bridges Experience Inc. and Ontario Health Agency, both grappling with significant breaches that have exposed sensitive personal and health information. As we navigate through these incidents, we also explore the aftermath of the 23andMe breach, where a strategic sale aims to bolster privacy protections for millions affected.

In the realm of technology, we uncover vulnerabilities in stalkerware apps and AI cloud workloads, highlighting the persistent threats lurking in our digital environments. The rise of SIM swapping attacks further emphasizes the critical need for securing mobile communications.

On a more positive note, we spotlight a radiochemistry graduate student's groundbreaking research at UNLV, which plays a pivotal role in national security by enhancing the traceability of nuclear materials.

As we brace for Amazon Prime Day, a staggering 120,000 fake websites have been identified, reminding us of the ever-present danger of phishing attacks during online shopping sprees.

Finally, we dissect a series of critical vulnerabilities, from Hikvision's remote command execution flaw to Apache Guacamole's terminal emulator issue, each presenting unique challenges and lessons for cybersecurity professionals.

Join us as we navigate these stories, each a testament to the evolving landscape of cybersecurity and the relentless pursuit of safeguarding our digital world.

Data Breaches

1. Bridges Experience Inc. Data Breach: Bridges Experience Inc. is under investigation following a data breach that has raised concerns about the security of sensitive personal and protected health information. The breach has prompted scrutiny over the company's data protection measures and potential impacts on affected individuals. Source: KXAN.
2. Ontario Health Agency Data Breach: Ontario's health minister has mandated a provincial agency to inform up to 200,000 patients about a significant data breach. This incident highlights the ongoing challenges in safeguarding sensitive health information and the importance of timely notification to affected individuals. Source: Global News.
3. 23andMe Data Breach: The sale of 23andMe to a nonprofit entity includes privacy protections for victims of a past data breach affecting seven million individuals. The $305 million sale price aims to fund claims and support those impacted by the breach, emphasizing the need for robust data protection measures in the genetic testing industry. Source: Attorney General's Office.
4. Max Financial Data Breach: Max Financial's arm, Axis Max Life, received an anonymous tip about a potential data breach, prompting an investigation with information security experts. This incident underscores the critical need for vigilance and proactive measures in protecting customer data within the financial services sector. Source: CNBC TV18.

Security Research

1. Hacked, leaked, exposed: Why you should never use stalkerware apps: A security researcher discovered a vulnerability in stalkerware apps that allowed unauthorized access to sensitive data. This revelation highlights the significant privacy risks associated with using such apps, which have been involved in multiple massive hacks. The exposure of personal information underscores the need for users to avoid these invasive applications. Source: TechCrunch.
2. AI cloud workloads in Southeast Asia show higher security risks: New research from Tenable indicates that AI workloads in the cloud, particularly in Southeast Asia, present increased security challenges. The study emphasizes the need for enhanced security measures to protect these critical infrastructures from potential threats. As AI continues to integrate into cloud services, understanding and mitigating these risks becomes crucial for organizations. Source: SecurityBrief Asia.
3. Hijacked by a Text: Understanding and Preventing SIM Swapping Attacks: SIM swapping attacks are on the rise, posing significant threats to personal and financial security. This research delves into how these attacks occur and offers strategies for prevention, emphasizing the importance of securing mobile communications. As mobile devices become central to our digital lives, safeguarding against SIM swapping is increasingly vital. Source: Bitsight.
4. Radiochemistry Graduate Student's Research Is, Literally, A Matter of National Security: A graduate student's research at UNLV is making strides in preventing the spread of nuclear materials by improving the traceability of components used in detonations. This work is crucial for national security, as it aids in the detection and prevention of illicit nuclear activities. The research highlights the intersection of scientific innovation and security. Source: UNLV.
5. Amazon Prime Day Security Warning — 120,000 Fake Amazon Websites Found: Security researchers have identified a staggering 120,000 fake Amazon websites, with 92,000 phishing sites attempting to deceive users during Amazon Prime Day. These sites aim to install malware and steal personal information, underscoring the need for vigilance during online shopping events. The findings highlight the persistent threat of phishing attacks in the digital marketplace. Source: Forbes.

Top CVEs

1. CVE-2025-34067: An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. This flaw allows attackers to exploit Fastjson's auto-type feature to load arbitrary Java classes, leading to remote code execution. Source.
2. CVE-2024-35164: Apache Guacamole 1.5.5 and older versions have a vulnerability in their terminal emulator that fails to properly validate console codes received from servers via text-based protocols like SSH. This allows a malicious user to execute arbitrary code with the privileges of the running guacd process. Upgrading to version 1.6.0 is recommended to mitigate this issue. Source.
3. CVE-2025-20309: A vulnerability in Cisco Unified Communications Manager and its Session Management Edition allows an unauthenticated, remote attacker to log in using default, static root credentials. This flaw is due to the presence of static user credentials reserved for development, enabling attackers to execute arbitrary commands as root. Source.
4. CVE-2025-45813: ENENSYS IPGuard v2 2.10.0 contains hardcoded credentials, posing a significant security risk. This vulnerability allows unauthorized access and potential control over the affected systems. Source.
5. CVE-2025-45814: Missing authentication checks in the query.fcgi endpoint of NS3000 and NS2000 devices allow attackers to execute session hijacking. This vulnerability affects multiple versions, including NS3000 v8.1.1.125110 and v7.2.8.124852, and requires immediate attention to prevent unauthorized access. Source.

API Security

1. CVE-2025-34076: An authenticated local file inclusion vulnerability in Microweber CMS versions <= 1.2.11 allows authenticated users to exploit the backup management API to read arbitrary files from the filesystem. This is achieved by manipulating the /api/BackupV2/upload and /api/BackupV2/download endpoints, leading to potential local file disclosure due to insufficient validation and access restrictions. Source: Vulners.
2. CVE-2025-34078: A local privilege escalation vulnerability in NSClient++ 0.5.2.35 arises when both the web interface and ExternalScripts features are enabled. The administrative password is stored in plaintext in the configuration file, allowing local users to extract it and execute arbitrary commands as SYSTEM via the API. This vulnerability highlights the risks of plaintext credential storage. Source: Vulners.
3. CVE-2025-34079: NSClient++ version 0.5.2.35 contains an authenticated remote code execution vulnerability when the web interface and ExternalScripts module are enabled. A remote attacker with the administrator password can inject and execute arbitrary commands with SYSTEM privileges, posing a significant security risk due to inadequate privilege separation. Source: Vulners.
4. CVE-2025-53108: HomeBox, a home inventory system, has a missing authorization check in API endpoints for updating and deleting inventory item attachments. This flaw allows unauthorized actions by authenticated users, potentially leading to data manipulation or loss. The issue is patched in version 0.20.1, with no available workarounds. Source: Vulners.
5. CVE-2025-53106: Graylog versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-rc.2 allow users to gain elevated privileges by exploiting weak permission checks for API token creation. Attackers with a user account can issue crafted requests to the Graylog REST API, leading to unauthorized access. The issue is patched in later versions, with a workaround involving configuration changes. Source: Vulners.

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is fraught with challenges and opportunities. From the alarming data breaches at Bridges Experience Inc. and Ontario Health Agency to the critical vulnerabilities in popular platforms like Hikvision and Apache Guacamole, the need for robust cybersecurity measures has never been more pressing.

We've also explored the evolving threats posed by stalkerware apps and the heightened security risks associated with AI cloud workloads in Southeast Asia. These stories serve as a stark reminder of the importance of staying informed and proactive in safeguarding our digital assets.

In the realm of national security, the innovative research by a radiochemistry graduate student underscores the vital role of scientific advancement in protecting against nuclear threats. Meanwhile, the discovery of 120,000 fake Amazon websites during Prime Day highlights the persistent threat of phishing attacks in our digital marketplace.

As we continue to navigate these complex issues, sharing knowledge and insights becomes crucial. If you found today's newsletter informative, please consider sharing it with your friends and colleagues. Together, we can foster a community that is better equipped to tackle the cybersecurity challenges of tomorrow.

Thank you for joining us today. Stay vigilant, stay informed, and we'll see you in the next edition of Secret CISO.