Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity challenges and breakthroughs. In a world where data breaches have become the new normal, today's issue delves into a series of high-profile incidents that underscore the relentless threat landscape.

We begin with the alarming breaches at IdeaLab, Nova Scotia Power, and SK Telecom, each highlighting the vulnerabilities within critical sectors and the pressing need for fortified defenses. As we navigate through these incidents, we also explore the swift response by Louis Vuitton Korea, showcasing the importance of rapid action in mitigating cyber threats.

In a twist of intrigue, we examine the potential data breach at Axis Max Life, reflecting the ongoing challenges financial institutions face in safeguarding sensitive information. Meanwhile, the University of Michigan finds itself under scrutiny for its involvement in controversial research, raising national security concerns.

On the cybercrime front, the disbandment of the notorious Hunters International ransomware group raises questions about their future moves, while researchers unveil new methods to identify vulnerabilities in Microsoft Azure Arc, emphasizing the critical need for cloud security.

We also uncover the deceptive tactics of cybercriminals using fake Cloudflare verification screens and the innovative methods researchers have developed to bypass Content Security Policy protections, highlighting the evolving nature of cyber threats.

Finally, we dive into the technical depths of recent vulnerabilities, including SQL Injection, Cross-site Scripting, and Code Injection flaws, each posing significant risks to web applications and systems worldwide. These discoveries serve as a stark reminder of the importance of robust security measures in an ever-evolving digital landscape.

Stay informed, stay secure, and join us as we navigate the complexities of cybersecurity in today's interconnected world.

Data Breaches

1. IdeaLab Data Breach: IdeaLab, a venture capital giant, confirmed a data breach where private data was stolen. The company is offering identity theft protection and credit monitoring to affected individuals. The breach highlights the ongoing threat of ransomware operators targeting high-profile organizations. Source: TechRadar.
2. Nova Scotia Power Data Breach: Nova Scotia Power experienced a ransomware attack that exposed the information of 280,000 customers. Despite the breach, the company did not pay the ransom, emphasizing the importance of robust cybersecurity measures. This incident underscores the vulnerability of critical infrastructure to cyber threats. Source: DataBreaches.net.
3. SK Telecom Data Breach: SK Telecom suffered a data breach affecting 25 million subscribers, marking a significant event in the telecom sector. The breach has prompted discussions on the need for increased cybersecurity investments within the industry. This incident serves as a wake-up call for telecom companies worldwide. Source: AInvest.
4. Louis Vuitton Korea Cyberattack: Louis Vuitton Korea faced a cyberattack resulting in the leak of customer data. Fortunately, no financial data such as credit card or bank account details were compromised. The company has contained the breach, highlighting the importance of swift response in mitigating cyber threats. Source: Bloomberg.
5. Axis Max Life Potential Data Breach: Axis Max Life, an Indian insurance giant, is investigating a potential data breach after a hacker claimed network intrusion. The company is taking steps to assess the situation and ensure the security of its network. This incident highlights the ongoing challenges faced by financial institutions in safeguarding sensitive data. Source: Teiss.

Security Research

1. Investigators Want UM to Answer How Chinese Nationals Did Potential Bioweapons Research: A U.S. House Committee is pressing the University of Michigan to explain how Chinese researchers were involved in potential bioweapons research, raising concerns about national security implications and the involvement of foreign nationals in taxpayer-funded projects. Source: Detroit News.
2. Hunters International Ransomware Group Shuts Down - But Will It Regroup Under a New Guise?: The notorious ransomware group Hunters International has announced its shutdown, but security experts speculate whether this is a strategic move to rebrand and continue operations under a new identity. This development highlights the ongoing challenges in combating ransomware threats. Source: Bitdefender.
3. Researchers Discover New Method to Identify Azure Arc in Enterprise Environments: Security researchers have unveiled innovative techniques to detect and exploit Microsoft Azure Arc in enterprise settings, potentially exposing vulnerabilities that could be leveraged by cybercriminals. This discovery underscores the importance of securing cloud-based infrastructures. Source: GBHackers.
4. Cybercriminals Use Fake Cloudflare Verification Screens to Deceive Users into Running Malware: A new cyberattack method involves using fake Cloudflare verification screens to trick users into executing malware. This tactic employs evasion techniques to bypass virtual machine environments, posing a significant threat to unsuspecting users. Source: GBHackers.
5. Researchers Defeat Content Security Policy Protections via HTML Injection: Security researchers have demonstrated a method to bypass Content Security Policy protections using HTML injection combined with CSS-based nonce leakage, revealing potential vulnerabilities in web security frameworks. This finding emphasizes the need for robust security measures in web applications. Source: GBHackers.

Top CVEs

1. CVE-2025-24748: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup All In One Slider Responsive allows SQL Injection. This vulnerability can be exploited by attackers to manipulate database queries, potentially leading to unauthorized data access or modification. The issue affects all versions of the All In One Slider Responsive plugin. Source: Vulners.
2. CVE-2025-24757: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Long Watch Studio MyRewards allows Stored XSS. This flaw can be exploited by attackers to inject malicious scripts into web pages, which are then executed in the context of users visiting the affected site. The vulnerability affects all versions of MyRewards. Source: Vulners.
3. CVE-2025-49302: Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson Easy Stripe allows Remote Code Inclusion. This vulnerability enables attackers to execute arbitrary code on the server, potentially leading to full system compromise. The issue affects all versions of Easy Stripe. Source: Vulners.
4. CVE-2025-5351: A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are involved. Source: Vulners.
5. CVE-2025-5372: A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and security. Source: Vulners.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the cybersecurity landscape is as dynamic and challenging as ever. From high-profile data breaches affecting millions to innovative methods of cyber deception, the threats we face are evolving rapidly. Each story we covered today—from the IdeaLab breach to the vulnerabilities in widely-used software—serves as a reminder of the critical importance of staying informed and vigilant.

Whether it's the resilience shown by Nova Scotia Power in the face of ransomware or the proactive measures taken by Louis Vuitton Korea, these incidents highlight the need for robust cybersecurity strategies and swift responses. Meanwhile, the potential regrouping of ransomware groups like Hunters International and the discovery of new vulnerabilities in cloud and web infrastructures underscore the ongoing battle against cybercriminals.

We hope you found today's insights valuable and that they empower you to strengthen your own security measures. Remember, cybersecurity is a shared responsibility, and knowledge is our best defense. If you found this newsletter helpful, please consider sharing it with your friends and colleagues. Together, we can build a more secure digital world.

Stay safe, stay informed, and see you in the next edition of Secret CISO!