Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity incidents that are reshaping the digital landscape. In this issue, we delve into a series of alarming data breaches and vulnerabilities that underscore the fragility of our interconnected world.

We begin with a breach affecting the medical records of a million veterans, exposing the delicate nature of healthcare data. Meanwhile, AT&T's hefty settlement for past breaches serves as a stark reminder of the financial repercussions companies face when data protection falters. Across the border, a data leak threatens to plunge Mexico into darkness, highlighting the critical importance of securing national infrastructure.

In the realm of aviation, Air France-KLM grapples with the fallout from a third-party data breach, while SAG-AFTRA members reach a settlement over exposed personal information, emphasizing the ongoing battle to safeguard sensitive data. The digital currency world is not spared either, as Coinbase suffers a significant financial loss to MEV bots, illustrating the vulnerabilities in decentralized finance.

On the innovation front, the TRU team's recognition at the Pwnie Awards for OpenSSH vulnerability research showcases the vital role of proactive security measures. Meanwhile, a newly discovered flaw in Dell laptops and vulnerabilities in enterprise surveillance cameras remind us of the constant need for vigilance in consumer electronics and IoT devices.

Finally, we explore a new downgrade attack on Microsoft Entra ID, and a series of critical vulnerabilities in GitLab and Cherry Studio, each highlighting the relentless pursuit of cybercriminals to exploit weaknesses in authentication and software systems.

Join us as we navigate these complex narratives, offering insights and strategies to fortify your defenses in an ever-evolving threat landscape.

Data Breaches

1. Medical records for 1 million dialysis patients breached in data hack of VA vendor: The data breach affects records of veterans who receive their dialysis and related lab services through the VA Veteran Community Care Program. This incident highlights the vulnerability of sensitive medical data and the potential risks to patient privacy. Source: Stars and Stripes
2. AT&T to settle class action data breach suit for $177 million: AT&T is set to pay $177 million to settle lawsuits over two data breaches that occurred in 2024. Affected customers may claim up to $7500 for documented losses, emphasizing the financial impact of data breaches on both companies and consumers. Source: King5
3. Data leak could cut electricity to Mexico: A data leak at Mexico's power giant threatens to leave the entire country in the dark. Over 600GB of CFE's internal network and security logs were exposed, underscoring the critical nature of cybersecurity in protecting national infrastructure. Source: Cybernews
4. SAG-AFTRA Members Settle Lawsuit Against Union Health Plan Over Data Breach: The lawsuit alleged that members are at increased risk of identity theft and fraud after a data breach exposed their personal information. This settlement highlights the ongoing challenges organizations face in safeguarding sensitive data. Source: The Hollywood Reporter
5. Air France-KLM Group Confirms Data Breach From a Third-Party Customer Service System: A data breach stemming from a third-party customer service database has affected European airlines Air France and KLM Royal Dutch Airlines. This incident illustrates the risks associated with third-party vendors and the importance of comprehensive security measures. Source: CPO Magazine

Security Research

1. Coinbase loses $300,000 to MEV bots following 0x swapper interaction: A blockchain security researcher reported that Coinbase lost around $300,000 due to an interaction with a “swapper” contract on the 0x Project. This incident highlights the vulnerabilities in decentralized finance platforms where automated bots can exploit transaction patterns for financial gain. Source: The Block.
2. TRU wins top honours for OpenSSH vulnerability research at Pwnie Awards: The TRU team received accolades for their work on discovering and responsibly disclosing high-impact security flaws in OpenSSH. Their research was recognized at the Pwnie Awards, emphasizing the importance of regression discovery in maintaining secure communication protocols. Source: Security Brief.
3. Security Flaw That Could Have Left Millions of Dell Laptops Vulnerable Fixed: A researcher at Cisco Talos discovered a significant security flaw in Dell laptops that could have exposed millions of devices to potential threats. The vulnerability was promptly addressed, underscoring the critical need for continuous security assessments in consumer electronics. Source: Carrier Management.
4. How a chain of security flaws exposed thousands of enterprise surveillance cameras: Security researchers identified critical vulnerabilities in popular Axis cameras, allowing potential remote control over thousands of surveillance systems. This discovery raises concerns about the security of IoT devices in enterprise environments. Source: TechTalks.
5. New downgrade attack can bypass FIDO auth in Microsoft Entra ID: Security researchers have developed a new downgrade attack against Microsoft Entra ID, tricking users into authenticating with weaker login credentials. This vulnerability highlights the ongoing challenges in securing authentication mechanisms against sophisticated attack vectors. Source: Bleeping Computer.

API Security

1. CVE-2025-43988: KuWFi 5G01-X55 FL2020_V0.0.12 devices expose an unauthenticated API endpoint (ajax_get.cgi), allowing remote attackers to retrieve sensitive configuration data, including admin credentials. This vulnerability poses a significant risk as it can lead to unauthorized access and potential data breaches. Source: Vulners.
2. CVE-2025-1477: A vulnerability in GitLab CE/EE affects all versions from 8.14 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2, allowing an unauthenticated user to create a denial of service condition by sending specially crafted payloads to specific integration APIs. This issue highlights the importance of securing API endpoints to prevent service disruptions. Source: Vulners.
3. CVE-2024-10219: GitLab CE/EE versions from 15.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 are vulnerable to access control bypass, allowing authenticated users to download private artifacts via specific API calls. This vulnerability underscores the need for robust access control mechanisms to protect sensitive data. Source: Vulners.
4. CVE-2025-54382: Cherry Studio, a desktop client for multiple LLM providers, has a remote code execution (RCE) vulnerability in version 1.5.1 when connecting to streamableHttp MCP servers. The flaw arises from improper URL sanitization, allowing attackers to execute arbitrary code. This issue has been patched in the latest version. Source: Vulners.
5. CVE-2025-54074: Cherry Studio versions 1.2.5 to 1.5.1 are susceptible to OS Command Injection during connections with malicious MCP servers in HTTP Streamable mode. Attackers can exploit this by setting up a malicious server with OAuth endpoints, leading to command injection in vulnerable clients. The vulnerability has been addressed in the latest update. Source: Vulners.

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is fraught with challenges and opportunities. From the breach of medical records affecting veterans to the vulnerabilities in decentralized finance platforms, each story serves as a reminder of the critical importance of cybersecurity in our interconnected world.

We've seen how data breaches can have far-reaching impacts, from financial settlements like AT&T's $177 million payout to potential national crises such as the data leak threatening Mexico's power grid. These incidents underscore the necessity for robust security measures and constant vigilance.

On a brighter note, the recognition of the TRU team's work at the Pwnie Awards highlights the positive strides being made in vulnerability research and the ongoing efforts to secure our digital future. Meanwhile, the swift action taken to address vulnerabilities in Dell laptops and GitLab systems demonstrates the industry's commitment to protecting users and maintaining trust.

As we continue to navigate these complex issues, remember that sharing knowledge is a powerful tool in the fight against cyber threats. If you found today's insights valuable, please share this newsletter with your friends and colleagues. Together, we can build a more secure digital world.

Stay safe and vigilant, and we'll see you in the next edition of Secret CISO!