Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity breaches and vulnerabilities that have shaken the digital world. Our journey begins with a chilling revelation of a Russian-linked hack that infiltrated the US Federal Court system, compromising sensitive documents and prompting a swift overhaul of security protocols.

As we navigate through the chaos, we uncover a series of data breaches that have left a trail of exposed personal information. From the Manpower of Lansing breach affecting over 144,000 clients to the massive hack at Columbia University impacting 870,000 individuals, the scale of these incidents is staggering. Meanwhile, a Dutch cancer screening lab and Connex Credit Union grapple with their own security nightmares, highlighting the pervasive threat of data theft.

In the realm of cybersecurity innovation, Black Hat 2025 sheds light on the evolving landscape of Security Operations Centers (SOCs), emphasizing the integration of autonomous systems to combat modern threats. Yet, even as we advance, vulnerabilities persist. The exploitation of a WinRAR zero-day by dual threat actors and the discovery of a backdoor in Docker Hub images underscore the relentless pursuit of cyber adversaries.

Our exploration concludes with a deep dive into critical vulnerabilities, from Microsoft's Rust-based kernel flaw to the TETRA protocol weaknesses threatening infrastructure security. As we dissect these threats, we also highlight the urgent need for robust defenses against API exposures and privilege escalation risks.

Join us as we delve into these stories and more, equipping you with the insights needed to navigate the ever-evolving cybersecurity landscape. Stay vigilant, stay informed, and stay secure.

Data Breaches

1. Russian Link Suspected in US Federal Court Hack: Sensitive documents were removed from the system, affecting multiple district courts. New security measures are being implemented to prevent future breaches. Source: The Times of India.
2. Manpower of Lansing Data Breach: A data breach at Manpower of Lansing, MI, Inc. has compromised the sensitive personal information of 144,189 clients. Legal investigations are underway, and affected individuals are advised to protect themselves against identity theft. Source: PRNewswire.
3. Data Theft from Dutch Cancer Screening Lab: A breach at a Dutch cancer screening lab affected 485,000 individuals, although it did not impact the results of the cervical cancer screening program. Authorities are working to secure the compromised data. Source: Bank Info Security.
4. Connex Credit Union Data Breach: The breach exposed data of 172,000 members, prompting a legal probe. Experts urge victims to monitor their accounts for signs of identity theft. Source: Hackread.
5. Hack at Columbia University: A data breach at Columbia University compromised the personal information of 870,000 individuals, including Social Security numbers and financial aid information. The university is taking steps to address the breach and protect affected individuals. Source: Inside Higher Ed.

Security Research

1. Black Hat 2025: Setting Up SOCs To Meet Today's Cybersecurity Needs: This research highlights the evolving landscape of Security Operations Centers (SOCs) and their adaptation to modern cybersecurity challenges. Experts discuss the integration of autonomous and intelligent systems to enhance threat detection and response capabilities. Source: BizTech Magazine.
2. WinRAR zero-day was exploited by two threat actors (CVE-2025-8088): Researchers discovered that the WinRAR zero-day vulnerability was exploited by two separate threat actors, RomCom and Paper Werewolf. The exploit appears to have been shared or sold, highlighting the risks of zero-day vulnerabilities in widely used software. Source: Help Net Security.
3. Microsoft Vulnerabilities Exposed by Check Point Research: Check Point Research uncovered a significant security flaw in a Rust-based component of the Windows kernel. This marks the first publicly disclosed vulnerability of its kind, emphasizing the need for rigorous security evaluations in new programming environments. Source: Check Point Research.
4. Researchers Spot XZ Utils Backdoor in Dozens of Docker Hub Images: A backdoor was found in multiple Docker Hub images, posing a significant supply chain risk. The discovery underscores the importance of verifying the integrity of third-party software components used in development environments. Source: The Hacker News.
5. TETRA Flaws Expose Critical Infrastructure Risks: Research revealed vulnerabilities in the TETRA communication protocol, which is used in critical infrastructure. The weakened encryption variant poses a risk to high-sensitivity operations, necessitating urgent security enhancements. Source: GovInfoSecurity.

Top CVEs

1. CVE-2025-50165: Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code remotely. This vulnerability poses a significant risk as it can be exploited to gain control over affected systems. Source.
2. CVE-2024-38805: EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. Successful exploitation may lead to a denial of service, impacting system availability. Source.
3. CVE-2025-53766: Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code. This vulnerability could be leveraged to compromise system integrity and confidentiality. Source.
4. CVE-2025-53732: Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code. This flaw can be exploited to run arbitrary code, potentially leading to data breaches. Source.
5. CVE-2025-53132: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges. This vulnerability can be used to gain unauthorized access to sensitive information. Source.

API Security

1. Autocaliweb API Key Exposure: Prior to version 0.8.3, Autocaliweb's debug pack could inadvertently expose sensitive configuration data, including API keys, due to inadequate filtering in the to_dict() method. This vulnerability allowed users to unknowingly share private API keys when distributing debug packs. The issue has been patched in the latest version. Source: CVE-2025-55165.
2. Windows StateRepository API Privilege Escalation: A missing authentication flaw in the Windows StateRepository API allows authorized attackers to elevate privileges. This critical vulnerability highlights the importance of robust authentication mechanisms in API design. Source: CVE-2025-53789.
3. Hydra API Denial of Service Vulnerability: In Hydra, a continuous integration service for Nix projects, the /api/push-github and /api/push-gitea endpoints lacked HTTP Basic authentication, potentially allowing denial of service attacks. This issue has been resolved with a patch, and a workaround involves blocking these endpoints via a reverse proxy. Source: CVE-2025-54864.
4. Kanboard API Path Traversal: The createTaskFile method in Kanboard's API did not validate the task_id parameter, allowing potential path traversal attacks. Although the impact was limited due to hashed filenames, this vulnerability has been addressed in the latest software update. Source: CVE-2025-55011.
5. Bouncy Castle Java API Excessive Allocation: A resource allocation vulnerability in Bouncy Castle for Java affects all API modules, allowing attackers to cause excessive memory allocation and potential denial of service. This issue is present in versions from BC 1.0 through 1.77 and has been documented for further action. Source: Bouncy Castle for Java.

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the cybersecurity landscape is as dynamic and challenging as ever. From the suspected Russian link in the US Federal Court hack to the vulnerabilities exposed in widely used software like WinRAR and Microsoft components, the threats are diverse and evolving.

We've seen how breaches at institutions like Columbia University and Connex Credit Union underscore the importance of robust security measures to protect sensitive personal information. Meanwhile, the research from Black Hat 2025 highlights the need for modern Security Operations Centers to adapt to these ever-changing threats with advanced technologies.

In the world of vulnerabilities, the exposure of API keys in Autocaliweb and the privilege escalation flaw in Windows StateRepository API remind us of the critical need for secure coding practices and thorough vulnerability management.

As we continue to navigate these complex security challenges, remember that knowledge is power. If you found today's insights valuable, please share this newsletter with your friends and colleagues. Together, we can build a more secure digital world.

Stay vigilant, stay informed, and see you in the next edition of Secret CISO!