Welcome to today's edition of Secret CISO, where we unravel a web of cyber chaos and vulnerabilities that are shaking the digital world. From massive data breaches to critical vulnerabilities, today's stories are a stark reminder of the ever-evolving threat landscape.

We begin with the Qilin ransomware gang's audacious claim of a 4TB data breach at Nissan CBI, leaking sensitive car design files and financial data. Meanwhile, Orange Belgium's mega-breach has left 850,000 customers exposed to potential fraud, raising alarms about data security practices.

In a parallel narrative, Colt faces the Warlock ransomware group's auction of stolen customer data, while Radiology Associates of Richmond grapples with legal challenges following a breach affecting over 1.4 million patients. Panera Bread's $2.5 million settlement over a data breach further underscores the financial repercussions of inadequate security measures.

On the research front, genomic surveillance emerges as a critical tool for pandemic preparedness, while Darktrace uncovers a coordinated attack on SaaS accounts, highlighting the vulnerabilities in cloud services. Microsoft's Copilot AI tool's default retention of access logs raises privacy concerns, and phishing attacks targeting brokerage accounts reveal the cunning tactics of cybercriminals.

In the realm of vulnerabilities, the INFINITT PACS System Manager and Mitsubishi Electric smartRTU face critical security gaps, emphasizing the need for robust access controls and authentication mechanisms. Agent-Zero's directory traversal flaw and Mattermost's authorization oversight further illustrate the importance of stringent security protocols.

Finally, we delve into the critical vulnerabilities plaguing systems like Hippo4j, Agent-Zero, and Aikaan IoT, each presenting unique risks from forged access tokens to unauthorized account registrations. The improper CORS configuration in Claude-code-router and XXE injection in Exagid EX10 highlight the ongoing battle against credential theft and privilege escalation.

Stay vigilant and informed as we navigate through these complex security challenges together. Welcome to Secret CISO, where every detail matters.

Data Breaches

1. Qilin Ransomware Gang Claims 4TB Data Breach at Nissan CBI: The Qilin ransomware group has claimed responsibility for a massive 4TB data breach at Nissan CBI. They have leaked sample car design files, financial data, 3D models, and VR design images as proof of the breach. Source.
2. Orange Belgium Mega-Breach Exposes 850K Customers to Serious Fraud: Orange Belgium suffered a significant data breach in July, affecting 850,000 customer accounts. The breach has exposed customers to potential fraud, raising concerns about the company's data security practices. Source.
3. Colt Confirms Customer Data Stolen as Warlock Ransomware Auctions Files: Colt has confirmed that customer data was stolen by the Warlock ransomware group, which is now auctioning the files. The group has customized ransom notes and set up dark web negotiation and data leak sites. Source.
4. Radiology Associates of Richmond Facing Legal Pressure After Huge Data Breach: Radiology Associates of Richmond is under legal scrutiny after a data breach impacted over 1.4 million patients. The breach has led to multiple lawsuits, highlighting the need for better data protection measures. Source.
5. Panera Bread Agrees to Pay $2.5 Million in Data Breach Class Action Lawsuit: Panera Bread has settled a class action lawsuit for $2.5 million following a data breach that compromised the private information of 147,321 individuals, including Social Security numbers. Source.

Security Research

1. Genomic Surveillance: A Critical Tool for Pandemic Preparedness: This research highlights the importance of genomic surveillance in preparing for pandemics. By analyzing genetic data, researchers can track the spread and evolution of pathogens, enabling better response strategies. This approach is crucial for early detection and containment of infectious diseases. Source: YouTube.
2. Darktrace Researchers Discover SaaS Attack Campaign: Darktrace researchers have uncovered a coordinated attack campaign targeting SaaS accounts. This discovery emphasizes the growing threat landscape in cloud services and the need for robust security measures to protect sensitive data. Source: Channel Futures.
3. Copilot Kept Access Logs Unless You Told It Not To: Security researchers have found that Microsoft's Copilot AI tool retained access logs by default, posing potential privacy risks. This finding underscores the importance of transparency and user control in AI systems to prevent unauthorized data access. Source: Bank Info Security.
4. Phishing Attacks Target Brokerage Accounts to Manipulate Stock Prices: Advanced phishing kits are being used by China-based criminal groups to target brokerage accounts, aiming to manipulate stock prices. This research highlights the evolving tactics of cybercriminals and the need for enhanced security measures in financial sectors. Source: KnowBe4 blog.
5. AI Browsers Fall for Scams and Phishing: Security researchers have demonstrated that AI-driven browsers are susceptible to scams and phishing attacks. This research calls for improved security protocols in AI technologies to safeguard users from cyber threats. Source: iTnews.

Top CVEs

1. CVE-2025-27721: Unauthorized users can access the INFINITT PACS System Manager without proper authorization, potentially leading to unauthorized access to the system. This vulnerability highlights significant security gaps in healthcare systems, emphasizing the need for robust access controls. Source.
2. CVE-2025-3128: A remote unauthenticated attacker can execute arbitrary OS commands in Mitsubishi Electric smartRTU, potentially disclosing, tampering with, or destroying information, or causing a denial-of-service condition. This vulnerability underscores the critical need for stringent authentication mechanisms in industrial control systems. Source.
3. CVE-2025-55523: An issue in Agent-Zero v0.8.* allows attackers to execute a directory traversal attack via the /api/download_work_dir_file.py component. This vulnerability could enable unauthorized access to sensitive files, highlighting the importance of input validation. Source.
4. CVE-2025-53971: Mattermost versions 10.5.x <= 10.5.8 and 9.11.x <= 9.11.17 fail to validate authorization for team scheme role modifications, allowing Team Admins to demote Team Members to Guests. This vulnerability stresses the need for proper authorization checks in team collaboration platforms. Source.
5. CVE-2025-27714: An attacker could exploit this vulnerability by uploading arbitrary files via a specific endpoint, leading to unauthorized remote code execution. This highlights the critical need for secure file upload mechanisms to prevent malicious code execution. Source.

API Security

1. CVE-2025-51606: Hippo4j versions 1.0.0 to 1.5.0 suffer from a critical vulnerability due to the use of a hard-coded secret key in JWT creation. This flaw allows attackers to forge valid access tokens and impersonate any user, posing a severe risk to systems relying on JWT for authentication and authorization. Source.
2. CVE-2025-55524: Agent-Zero v0.8.* has insecure permissions that enable attackers to arbitrarily reset the system. The specifics of the vulnerability are unspecified, but it highlights significant security oversights in permission management. Source.
3. CVE-2025-52352: Aikaan IoT management platform v3.25.0325-5-g2e9c59796 has a flaw where the sign-up API endpoint remains accessible even when the sign-up feature is disabled. This allows unauthorized users to register accounts, leading to potential unauthorized access to admin portals. Source.
4. CVE-2025-57755: Claude-code-router suffers from improper CORS configuration, risking exposure of API keys to untrusted domains. This vulnerability could lead to credential theft, account abuse, and unauthorized data access. Source.
5. CVE-2025-47184: An XXE injection vulnerability in Exagid EX10 7.0.1p02's /init API endpoint allows authenticated attackers to achieve information disclosure and privilege escalation. This vulnerability exploits crafted ISys XML to manipulate system operations. Source.

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the cybersecurity landscape is as dynamic and challenging as ever. From the massive data breaches at Nissan CBI and Orange Belgium to the vulnerabilities in critical systems like INFINITT PACS and Mitsubishi Electric smartRTU, the need for robust security measures is more pressing than ever.

We've also seen how the evolving tactics of cybercriminals, such as those targeting brokerage accounts and exploiting AI-driven browsers, demand constant vigilance and adaptation. The discoveries by Darktrace researchers and the insights into genomic surveillance for pandemic preparedness remind us of the importance of staying ahead of threats with innovative solutions.

In this ever-evolving digital world, sharing knowledge is key to staying secure. If you found today's insights valuable, please share this newsletter with your friends and colleagues. Together, we can build a more informed and resilient community, ready to tackle the challenges of tomorrow.

Thank you for being a part of Secret CISO. Stay safe, stay informed, and see you in the next edition!