Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity threats and breakthroughs shaping our digital landscape. In this issue, we dive into a series of alarming breaches and vulnerabilities that underscore the critical need for robust security measures.

We begin with a startling revelation from Bangkok, where a medical record was shockingly repurposed as a snack wrapper, highlighting the dire consequences of data leaks. Meanwhile, the LuBian breach has been unveiled as the largest crypto heist in history, with over $14 billion stolen, exposing the fragility of digital currencies.

At DEF CON, the TeleMessage saga unfolds, revealing vulnerabilities in supposedly secure messaging apps, while a wave of malicious Ruby gems has compromised user credentials, emphasizing the importance of vigilance in software supply chains.

Ransomware continues to wreak havoc, with the Embargo group amassing millions through double extortion tactics. Simultaneously, Lenovo webcams face a critical flaw, allowing remote BadUSB exploits, and AI emerges as a double-edged sword, supercharging cybercriminals' arsenals.

In a race against time, researchers uncover multiple zero-day vulnerabilities in BitLocker, and the GreedyBear campaign exploits fake Firefox extensions to siphon cryptocurrency. As AI phishing and deepfake extortion rise, the need for advanced AI security measures becomes more pressing than ever.

Finally, we spotlight critical vulnerabilities in Portabilis i-Educar and Qiyuesuo platforms, with vendors yet to respond to public disclosures, leaving systems exposed to remote attacks.

Stay informed and vigilant as we navigate these complex challenges together.

Data Breaches

1. Data leak case a timely reminder - Bangkok Post: A viral image of a medical record repurposed as a snack wrapper has highlighted a significant breach of personal data. This incident serves as a stark reminder of the vulnerabilities in data protection and the potential misuse of sensitive information. Source: Bangkok Post.
2. The biggest heist of all time involved over $14 billion of crypto being stolen - TechRadar: Arkham's investigation into the LuBian breach revealed a massive crypto theft, exploiting a fundamental weakness in the platform's security architecture. This breach went undetected for five years, marking it as one of the largest heists in history. Source: TechRadar.
3. The inside story of the Telemessage saga - The Register: At DEF CON, security expert Micah Lee detailed how he hacked into TeleMessage, a supposedly secure messaging app. This breach exposed vulnerabilities in the app's security, raising concerns about the reliability of secure communication platforms. Source: The Register.
4. 60 malicious Ruby gems downloaded 275,000 times steal credentials - Bleeping Computer: A significant breach involving 60 malicious Ruby gems has resulted in the theft of credentials from unsuspecting users. This incident underscores the importance of vigilance in software supply chain security. Source: Bleeping Computer.
5. Embargo Ransomware nets $34.2M in crypto since April 2024 - Security Affairs: The Embargo ransomware group has amassed $34.2 million in cryptocurrency through double extortion tactics. This breach highlights the growing threat of ransomware attacks and their financial and reputational impact on victims. Source: Security Affairs.

Security Research

1. Linux-Based Lenovo Webcams' Flaw Can Be Remotely Exploited for BadUSB Attacks: Lenovo webcams have a critical vulnerability that allows attackers to deploy remote BadUSB exploits. This flaw poses significant risks, including keystroke injection and persistent malware installation. Source: The Hacker News.
2. AI Cyber Challenge Winners Revealed in DARPA's $4M Cybersecurity Showdown: Team Atlanta emerged victorious in the AI Cybersecurity Challenge (AIxCC), securing a $4 million prize. This competition highlights the growing importance of AI in cybersecurity defense strategies. Source: Infosecurity Magazine.
3. BitUnlocker - Multiple 0-days to Bypass BitLocker and Extract All Protected Data: Researchers from Microsoft's Security Testing & Offensive Research team have identified multiple zero-day vulnerabilities in BitLocker. These vulnerabilities allow attackers to bypass encryption and extract protected data, posing a significant threat to data security. Source: Cybersecurity News.
4. The Foxy Wallet's Legacy 'Greedy Bear' Uses Fake Firefox Extensions to Bypass Security: A cryptocurrency theft campaign, dubbed GreedyBear, utilized over 150 fake Firefox extensions to steal millions. This sophisticated attack highlights the ongoing risks associated with browser extensions. Source: The 420.
5. The $25 Million Wake-Up Call: AI has supercharged three game-changing attack methods, including voice cloning, AI phishing, and deepfake extortion. These advancements create a versatile toolkit for cybercriminals, emphasizing the need for robust AI security measures. Source: Vocal Media.

API Security

1. CVE-2025-8790: A critical vulnerability was discovered in Portabilis i-Educar up to version 2.9.0, affecting the API Endpoint component. The flaw allows improper authorization through manipulation of the ID argument in the /module/Api/pessoa file, enabling remote attacks. Despite public disclosure, the vendor has not responded to the issue. Source: Vulners.
2. CVE-2025-8789: This problematic vulnerability impacts Portabilis i-Educar up to version 2.9.0, specifically the API Endpoint component. It allows authorization bypass via manipulation in the /module/Api/Diario file, and can be exploited remotely. The vendor has not addressed the issue despite public disclosure. Source: Vulners.
3. CVE-2025-8775: A critical vulnerability in the Qiyuesuo Electronic Signature Platform up to version 4.34 affects the Scheduled Task Handler component. The flaw permits unrestricted file uploads through the /api/code/upload function, which can be exploited remotely. The vendor has not responded to the public disclosure of this vulnerability. Source: Vulners.

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is fraught with challenges and opportunities. From the unsettling image of a medical record turned snack wrapper to the staggering $14 billion crypto heist, each story serves as a crucial reminder of the vulnerabilities we face and the innovative solutions we must pursue.

The tales of breaches, like the TeleMessage saga and the malicious Ruby gems, underscore the importance of vigilance and proactive defense strategies. Meanwhile, the triumph of Team Atlanta in the AI Cyber Challenge highlights the potential of AI in fortifying our defenses against ever-evolving threats.

As we navigate these complex issues, it's vital to stay informed and prepared. Sharing knowledge is a powerful tool in our collective defense. If you found today's insights valuable, please share this newsletter with your friends and colleagues. Together, we can build a more secure digital future.

Thank you for being a part of the Secret CISO community. Until next time, stay safe and stay vigilant.