Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity breaches and vulnerabilities that have shaken the digital world. In this issue, we delve into a series of alarming incidents that underscore the persistent threats facing organizations and individuals alike.

First, we explore the unsettling breaches at tech giants Google and Cisco, where vishing attacks have compromised CRM software, revealing the fragility of even the most fortified systems. Meanwhile, a dialysis firm grapples with a breach affecting over a million individuals, highlighting the dire financial and privacy implications of such incidents.

In the legal arena, Allianz Life faces class action lawsuits following a data breach, while Google battles the fallout from a Salesforce database hack by the notorious ShinyHunters. The education sector isn't spared either, as Manassas Park Schools announce a breach affecting students and staff.

On the vulnerability front, a critical flaw in Microsoft Exchange demands urgent attention post-Black Hat revelations, and a single poisoned document threatens to leak sensitive data via ChatGPT. Researchers also uncover RCE attack chains in credential vaults and expose "AgentFlayer" vulnerabilities in AI systems, emphasizing the need for robust security measures.

In a chilling discovery, the infrastructure of the infamous Candiru spyware is unveiled, raising alarms about the evolution of spyware threats. Additionally, vulnerabilities in widely-used software, from ACME's HTTPS oversight to Tigo Energy's insecure session IDs, pose significant risks to privacy and security.

Join us as we navigate these complex narratives, offering insights and strategies to fortify your defenses against the ever-evolving landscape of cyber threats.

Data Breaches

1. Google and Cisco Report CRM Software Breaches via Vishing: Google and Cisco have reported separate data breaches involving their CRM software, attributed to vishing attacks. These breaches highlight the vulnerability of even the most secure systems to social engineering tactics. Both companies are working to mitigate the impact and enhance their security measures. Source: BankInfoSecurity
2. Dialysis Firm Attack Affects 1 Million, Costs $13.5M to Date: A significant data breach at a dialysis firm has affected over a million individuals, resulting in a financial impact of $13.5 million. The breach has raised concerns about the security of sensitive health information and the financial repercussions of such incidents. The firm is currently addressing the breach and working with regulators to resolve the issue. Source: GovInfoSecurity
3. Allianz Life Hit With Class Actions Over Data Breach: Allianz Life is facing class action lawsuits following a data breach that compromised customer information. The breach has sparked legal action due to alleged negligence in adhering to data security principles. Allianz is now under scrutiny for its data protection practices and is working to address the legal challenges. Source: Law360
4. Google Says Hackers Stole Customer Info in Salesforce Data Breach: Google has disclosed a data breach involving its Salesforce database, attributed to the hacking group ShinyHunters. The breach resulted in the theft of customer information, raising concerns about the security of cloud-based databases. Google is taking steps to enhance its security measures and prevent future incidents. Source: PYMNTS.com
5. Manassas Park Schools Announce Data Breach: Manassas Park City Schools have reported a data breach that potentially exposed personal information of students and staff. The breach has prompted the school district to notify affected individuals and implement additional security measures. The incident underscores the importance of cybersecurity in educational institutions. Source: InsideNoVa

Security Research

1. High-severity Microsoft Exchange vulnerability disclosed on heels of Black Hat talk: A significant vulnerability in Microsoft Exchange was revealed following a detailed presentation at Black Hat by security researcher Dirk. This vulnerability poses a high risk to organizations using Microsoft Exchange, emphasizing the need for immediate attention and patching. Source: FCW.
2. A Single Poisoned Document Could Leak 'Secret' Data Via ChatGPT: Security researchers discovered a vulnerability in OpenAI's Connectors that could allow attackers to extract sensitive data by using a single malicious document. This finding highlights potential risks in integrating AI services with other platforms. Source: Wired.
3. Researchers uncover RCE attack chains in popular enterprise credential vaults: A new research has identified remote code execution (RCE) attack chains in enterprise credential vaults, which could allow unauthorized access to sensitive information. This discovery underscores the importance of securing authentication workflows. Source: CSO Online.
4. Zenity Labs Exposes Widespread "AgentFlayer" Vulnerabilities Allowing Silent Hijacking: Zenity Labs has uncovered vulnerabilities in major enterprise AI agents that could be exploited to silently hijack operations, bypassing human oversight. This research highlights the critical need for robust security measures in AI systems. Source: Morningstar.
5. Candiru Spyware Infrastructure Uncovered: Security researchers have identified a new malware cluster linked to the Israeli spyware maker Candiru. This discovery suggests that the company may have rebranded, raising concerns about the persistence and evolution of spyware threats. Source: GovInfoSecurity.

API Security

1. github.com/go-acme/lego/v4/acme/api does not enforce HTTPS: The ACME library in Go, used for Let's Encrypt, fails to enforce HTTPS when communicating with Certificate Authorities (CAs). This oversight allows protocol operations to occur over HTTP, compromising privacy by exposing sensitive request/response details to network attackers. The issue is resolved in later versions. Source: Vulners.
2. CVE-2025-7770: Tigo Energy's CCA device is vulnerable due to insecure session ID generation in their remote API. The session IDs are predictable, allowing attackers to recreate valid session IDs and gain unauthorized access to sensitive device functions. This poses a significant risk to connected solar optimization systems. Source: Vulners.
3. CVE-2025-51054: Vedo Suite 2024.17 has an Incorrect Access Control vulnerability, allowing remote attackers to obtain a high privilege JWT token without prior authentication. This is achieved by sending an empty HTTP POST request to the /autologin/ API, potentially leading to unauthorized access. Source: Vulners.
4. CVE-2025-51308: In Gatling Enterprise versions below 1.25.0, a low-privileged user can perform REST API calls on read-only endpoints due to missing authorization checks. This flaw allows unauthorized information collection, posing a risk to data confidentiality. Source: Vulners.
5. CVE-2025-50234: MCCMS v2.7.0 contains an SSRF vulnerability in the index() method of the sys\apps\controllers\api\Gf.php file. An attacker can exploit this by crafting a malicious encrypted pic parameter, leading to unauthorized access to internal services and local file systems, potentially resulting in sensitive data leakage or system compromise. Source: Vulners.

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the cybersecurity landscape is as dynamic as ever. From the vishing attacks on Google and Cisco's CRM software to the alarming breaches affecting healthcare and educational institutions, the need for robust security measures is more pressing than ever. The stories of vulnerabilities in Microsoft Exchange and AI systems remind us that even cutting-edge technology is not immune to threats.

We also explored the critical vulnerabilities in enterprise credential vaults and the persistent threat of spyware, underscoring the importance of vigilance and proactive defense strategies. As these incidents unfold, they serve as a stark reminder of the evolving tactics used by cyber adversaries and the necessity for continuous improvement in our security frameworks.

Thank you for joining us today. If you found this newsletter insightful, please share it with your friends and colleagues. Together, we can stay informed and better prepared to tackle the challenges of cybersecurity. Until next time, stay safe and secure!