Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity incidents that have shaken the digital landscape. In a world where data breaches are becoming alarmingly frequent, today's stories highlight the critical importance of robust security measures and transparent communication.

We begin with the N-central security breach that has left MSP executives calling for N-able to adopt a more transparent communication strategy in future incidents. This breach, involving the U.S. Cybersecurity and Infrastructure Security Agency, underscores the severity of the situation and the need for proactive measures.

In a surprising turn of events, the Salvation Army has seen a lawsuit dropped following a data breach that exposed sensitive information of employees and volunteers. This incident serves as a stark reminder of the vulnerabilities organizations face and the necessity for stringent data protection protocols.

Meanwhile, a popular male revenge dating app has fallen victim to a data breach, leaking personal data of thousands of users. This breach, quickly addressed yet widely shared, highlights the vulnerabilities in app security and the potential for personal data exploitation.

On a larger scale, the Canadian government has been breached via a Microsoft exploit, emphasizing the ongoing threats from sophisticated cyberattacks and the critical need for timely patching and robust defenses.

In another alarming development, researchers have discovered the "MadeYouReset" vulnerability in HTTP2 implementations, enabling massive DDoS attacks. This discovery has prompted urgent calls for patching and mitigation strategies to prevent widespread disruption.

As we delve deeper, we uncover a new cyber assault by North Korean hackers on South Korea, a cyber incident at the Pennsylvania Attorney General's Office, and high-severity vulnerabilities in Xerox FreeFlow Core. Each of these incidents highlights the evolving tactics of cybercriminals and the need for enhanced defensive measures.

Finally, we explore vulnerabilities in popular platforms like WooCommerce, Amazon ECS, Apache Superset, and KuWFi routers, each posing significant risks to users and organizations. These stories serve as a reminder of the ever-present need for vigilance and proactive security measures in our interconnected world.

Stay informed, stay secure, and join us tomorrow for more insights into the ever-evolving world of cybersecurity.

Data Breaches

1. MSP Execs On N-central Security Breach: N-able Must Over-Communicate In Future Incidents
2. The Burlington, Mass.-based vendor N-able faced a significant security breach involving its N-central platform. The incident prompted calls for improved communication strategies in future breaches, emphasizing transparency and proactive measures. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) was involved in the disclosure process, highlighting the breach's severity. Source:
3. CRN
4. .
5. Salvation Army Employees, Volunteers Drop Suit Over Data Breach
6. The Salvation Army faced a data breach in May that exposed the personal information of hundreds of thousands of employees and volunteers. The breach led to a lawsuit, which has since been dropped, but it raised concerns about the organization's data protection measures. The incident underscores the importance of robust cybersecurity practices to safeguard sensitive information. Source:
7. Bloomberg Law
8. .
9. Thousands of users' personal data were leaked from a popular male revenge dating app
10. A popular male revenge dating app experienced a data breach, leaking personal data of thousands of users. The breach was quickly addressed, but not before the data was downloaded and shared by numerous internet users. This incident highlights the vulnerabilities in app security and the potential for personal data exploitation. Source:
11. The Independent
12. .
13. Hackers Breach Canadian Government Via Microsoft Exploit
14. The Canadian government was breached by hackers exploiting a zero-day vulnerability in Microsoft systems. The Canadian Center for Cyber Security issued warnings about the exploit, which underscores the ongoing threats posed by sophisticated cyberattacks. This breach highlights the critical need for timely patching and robust cybersecurity defenses. Source:
15. GovInfoSecurity
16. .
17. DBM Global Data Breach Claims Investigated by Lynch Carpenter
18. DBM Global experienced a data breach that potentially compromised individuals' names, dates of birth, social security numbers, and passport information. The breach is under investigation by Lynch Carpenter, raising concerns about the company's data protection protocols. This incident emphasizes the importance of securing sensitive personal information against unauthorized access. Source:
19. GlobeNewswire
20. .

Security Research

1. "MadeYouReset" HTTP2 Vulnerability Enables Massive DDoS Attacks: Researchers at Imperva and Tel Aviv University have discovered a critical vulnerability in HTTP2 implementations, dubbed "MadeYouReset." This flaw allows attackers to execute large-scale DDoS attacks by exploiting a design weakness, potentially impacting numerous web services globally. The discovery has prompted urgent calls for patching and mitigation strategies to prevent widespread disruption. Source: SecurityWeek.
2. North Korean Hackers Launch New Cyber Assault on South Korea: South Korean security researchers have identified a new cyberattack campaign orchestrated by the North Korean "ScarCruft" group. This operation targets various sectors in South Korea, employing sophisticated techniques to infiltrate systems and exfiltrate sensitive data. The ongoing threat highlights the persistent cyber tensions in the region and the need for enhanced defensive measures. Source: Bank Info Security.
3. PA Attorney General's Office Hit by Cyber Incident Amid Citrix Bl: Security researcher Kevin Beaumont discovered vulnerabilities in the Citrix NetScaler instances used by the Pennsylvania Attorney General's Office. This oversight led to a cyber incident, raising concerns about the security of critical government infrastructure and the importance of timely vulnerability management. Source: The National Law Review.
4. Security Researchers Discover and Disclose Two High-Severity Xerox FreeFlow Core Flaws: HORIZON3.ai security researchers have disclosed two high-severity vulnerabilities in Xerox FreeFlow Core, identified as CVE-2025-8355. These flaws could allow attackers to execute arbitrary code, posing significant risks to organizations using the software. The disclosure has led to urgent patching efforts to secure affected systems. Source: AHA.
5. Booking.com Phishing Campaign Uses Sneaky 'ん' Character to Trick You: Security researcher JAMESWT has uncovered a phishing campaign targeting Booking.com users by exploiting the Japanese hiragana character "ん" (Unicode U+3093). This character closely resembles Latin letters, enabling attackers to craft deceptive URLs that trick users into divulging personal information. The campaign underscores the evolving tactics of phishing attacks and the need for user vigilance. Source: Bleeping Computer.

API Security

1. WooCommerce OTP Login With Phone Number, OTP Verification Plugin Vulnerability: The WooCommerce OTP Login plugin for WordPress has a critical vulnerability that allows attackers to bypass OTP verification and gain administrative access to user accounts. This is due to insufficient empty value checking in the lwp_ajax_register function, affecting all versions up to 1.8.47. Source: Vulners.
2. Information Disclosure in Amazon ECS Container Agent: A vulnerability in the Amazon ECS container agent could allow off-host access to the introspection server under certain conditions. This affects versions 0.0.3 through 1.97.0, and has been patched in version 1.97.1. Users are advised to upgrade and modify EC2 security groups to restrict access. Source: Vulners.
3. Apache Superset Data Query Vulnerability: Apache Superset's /chart/data endpoint improperly discloses database schema information to low-privileged guest users. This affects versions before 4.1.3, and users are recommended to upgrade to the latest version to mitigate the risk. Source: Vulners.
4. KuWFi 4G AC900 LTE Router Command Injection: The KuWFi 4G AC900 LTE router is vulnerable to command injection on certain HTTP API endpoints, allowing authenticated attackers to execute arbitrary OS commands with root privileges. This can lead to full system compromise. Source: Vulners.
5. Missing Authorization in softnwords SMM API: A vulnerability in the softnwords SMM API allows exploitation due to incorrectly configured access control security levels. This affects the SMM API from unspecified versions. Source: Vulners.

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the cybersecurity landscape is as dynamic and challenging as ever. From the N-central security breach urging better communication strategies to the vulnerabilities in popular platforms like WooCommerce and Amazon ECS, each story underscores the critical importance of vigilance and proactive measures in safeguarding our digital world.

These incidents remind us that cybersecurity is not just about technology but also about the people and processes that protect our data. Whether it's the sophisticated attacks by North Korean hackers or the sneaky phishing campaigns exploiting Unicode characters, staying informed and prepared is our best defense.

If you found today's insights valuable, please consider sharing this newsletter with your friends and colleagues. Together, we can build a more secure digital future by spreading awareness and fostering a community of informed and vigilant cybersecurity professionals.

Thank you for being a part of our journey. Stay safe, stay informed, and see you in the next edition of Secret CISO!