Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity incidents and vulnerabilities that are shaping the digital landscape. In this issue, we dive into a series of alarming data breaches and vulnerabilities that underscore the urgent need for enhanced security measures across various sectors.

First, we explore the massive data breach at Qantas, which exposed the personal information of up to six million customers, highlighting the increasing vulnerability of airline data to cyber threats. Meanwhile, the Texas Department of Transportation's breach, which released 300,000 crash reports, serves as a stark reminder of the cybersecurity challenges faced by public sector organizations.

In Canada, a cyberattack on Nova Scotia Power has impacted nearly 300,000 individuals, raising concerns about the security of critical infrastructure. Similarly, Integrated Specialty Coverages and Krispy Kreme are grappling with the fallout from data breaches, with the latter facing a class action lawsuit for failing to protect employee data.

On the vulnerability front, public exploits for the CitrixBleed 2 flaw have been released, urging immediate patching to prevent exploitation. A study by Raidiam reveals widespread API security risks, while research into NVIDIA's GPU Confidential Computing highlights significant security challenges.

In the realm of cyber threats, North Korean actors have developed the NimDoor malware targeting macOS users in the Web3 and cryptocurrency sectors. Additionally, the Dark Partners campaign is using SEO poisoning to target over 8,500 SMB users with malware disguised as AI tools.

Finally, we delve into a series of critical vulnerabilities, including CVE-2025-41672, which allows remote attackers to exploit default certificates, and CVE-2025-5987, a flaw in libssh that compromises data confidentiality. These vulnerabilities, along with others affecting platforms like Mediawiki and Natours Tour Booking API, highlight the ongoing battle to secure digital environments.

Stay informed and vigilant as we navigate these complex cybersecurity challenges together. Welcome to Secret CISO, your daily guide to the ever-evolving world of cybersecurity.

Data Breaches

1. Qantas Data Breach Exposes Millions of Customer Records: Cybercriminals targeted Qantas, resulting in a significant data breach that exposed information from up to six million customers. This incident highlights the increasing vulnerability of airline data to cyber threats. The breach has prompted Qantas to enhance its cybersecurity measures and work closely with experts to mitigate further risks. Source: CyberGuy
2. TxDOT Data Breach in May Released 300K Crash Reports: The Texas Department of Transportation (TxDOT) experienced a data breach that led to the exposure of 300,000 crash reports. This breach serves as a critical reminder of the cybersecurity challenges faced by public sector organizations. The incident has resulted in the termination of seven state employees and has sparked discussions on improving data protection measures. Source: GovTech
3. Nova Scotia Power Cyberattack Impacts Nearly 300,000 People: A cyberattack on Canadian utility Nova Scotia Power has affected approximately 280,000 individuals. The breach has raised concerns about the security of sensitive data within the utility sector and underscores the need for robust cybersecurity frameworks to protect critical infrastructure. Source: The Record
4. Integrated Specialty Coverages Data Breach Under Investigation: Integrated Specialty Coverages, LLC is under investigation following a data breach that compromised sensitive personal and protected health information. The breach has led to heightened scrutiny over the company's data security practices and has prompted legal actions to address the potential impacts on affected individuals. Source: CBS4Indy
5. Krispy Kreme Data Breach Sparks Class Action Lawsuit: Krispy Kreme is facing a class action lawsuit after a data breach in November 2024 exposed personal information of its current and former employees. The lawsuit alleges that the company failed to adequately protect sensitive data, leading to potential risks for those affected. This incident highlights the importance of robust data protection measures in safeguarding employee information. Source: Top Class Actions

Security Research

1. Public exploits released for CitrixBleed 2 NetScaler flaw, patch now: Security researchers have released public exploits for the CitrixBleed 2 vulnerability affecting Citrix NetScaler ADC and Gateway. This critical flaw, CVE-2025-5777, has been actively exploited, prompting urgent calls for patching. Source: Bleeping Computer.
2. Raidiam API Security Study Finds Widespread Risk: A study by Raidiam highlights significant security risks in digital infrastructure, revealing that 84% of businesses are at risk of data exposure due to API vulnerabilities. This underscores the urgent need for enhanced security measures in API management. Source: Fintech Finance.
3. NVIDIA GPU Confidential Computing: Threat Model And Security Insights: Research by IBM and Ohio State University delves into the security challenges of NVIDIA's GPU Confidential Computing. The lack of transparency in GPU-CC's architecture poses significant hurdles for security researchers aiming to understand and mitigate potential threats. Source: SemiEngineering.
4. DPRK macOS 'NimDoor' Malware Targets Web3, Crypto Platforms: North Korean threat actors have developed the NimDoor malware targeting macOS users in the Web3 and cryptocurrency sectors. This sophisticated infostealer is delivered through spoofed applications, posing a significant threat to digital asset security. Source: Dark Reading.
5. SEO Poisoning Campaign Targets 8,500+ SMB Users with Malware Disguised as AI Tools: The Dark Partners campaign, identified by security researcher g0njxa, uses SEO poisoning to distribute malware disguised as AI tools. This campaign targets over 8,500 small and medium-sized businesses, leveraging Google Calendar links for malware delivery. Source: The Hacker News.

Top CVEs

1. CVE-2025-41672: A remote unauthenticated attacker may exploit default certificates to generate JWT Tokens, gaining full access to the tool and all connected systems. This vulnerability poses a significant risk as it allows attackers to bypass authentication mechanisms. Source: Vulners.
2. CVE-2025-5987: A flaw in libssh when using the ChaCha20 cipher with OpenSSL can lead to undefined behavior, including compromised data confidentiality and integrity. The issue arises from an error code aliasing problem, which prevents proper error detection. Source: Vulners.
3. CVE-2024-43334: Gavias Halpes is vulnerable to a Cross-site Scripting (XSS) attack due to improper neutralization of input during web page generation. This reflected XSS vulnerability can be exploited to execute arbitrary scripts in the context of the user's browser. Source: Vulners.
4. CVE-2025-53495: Wikimedia Foundation's Mediawiki - AbuseFilter Extension has a missing authorization vulnerability, allowing unauthorized access. This affects multiple versions of the extension, posing a risk of unauthorized actions within the Mediawiki environment. Source: Vulners.
5. CVE-2025-53373: The Natours Tour Booking API is vulnerable to account takeover via a Host header injection in the /forgetpassword endpoint. Attackers can inject a server domain they control, compromising user accounts. The issue has been addressed in a recent commit. Source: Vulners.

API Security

1. Better Auth Open Redirect Vulnerability in originCheck Middleware Affects Multiple Routes: An open redirect vulnerability was discovered in the Better Auth library's originCheck middleware function. This flaw affects several routes, including /verify-email and /reset-password/:token, allowing potential attackers to redirect users to malicious sites. The issue has been addressed in a recent update. Source: Vulners.
2. giscus Discussions Creation API Unauthorized Access: A bug in the giscus commenting system's discussions creation API allowed unauthorized users to create discussions on any repository with giscus installed. This vulnerability has been patched with specific commits to prevent unauthorized access. Source: Vulners.
3. Paxton Paxton10 Firmware Hard-Coded Twilio API Credentials: A vulnerability in Paxton Paxton10's firmware was found, where hard-coded Twilio API credentials could be extracted by attackers. This could lead to unauthorized access and potential misuse of the Twilio account. The issue has been identified and addressed. Source: Vulners.
4. Natours Tour Booking API Host Header Injection: A vulnerability in the Natours Tour Booking API allowed attackers to take over victim accounts by injecting a malicious server domain in the Host header during password reset requests. This issue has been fixed in a recent update. Source: Vulners.
5. Rowboatlabs Rowboat Session Handler Missing Authentication: A critical vulnerability in the rowboatlabs rowboat's Session Handler was identified, where the PUT function in the API uploads route lacked proper authentication. This could allow remote attackers to exploit the system. The issue is expected to be fixed soon. Source: Vulners.

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the cybersecurity landscape is as dynamic and challenging as ever. From the high-profile data breaches affecting millions of individuals to the intricate vulnerabilities lurking within our digital infrastructure, the need for vigilance and robust security measures has never been more critical.

We've explored incidents like the Qantas data breach, which exposed the personal information of millions, and the TxDOT breach, which highlighted the vulnerabilities in public sector data protection. These stories serve as stark reminders of the importance of safeguarding sensitive information across all sectors.

On the technical front, vulnerabilities such as CitrixBleed 2 and the various CVEs underscore the ongoing battle against exploits that threaten our systems. The need for timely patching and proactive security strategies is paramount to staying ahead of potential threats.

As we continue to navigate these challenges, remember that cybersecurity is a collective effort. If you found today's insights valuable, please share this newsletter with your friends and colleagues. Together, we can build a more secure digital world.

Thank you for being a part of the Secret CISO community. Stay safe, stay informed, and we'll see you in the next edition!