Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity challenges and breakthroughs. In this issue, we delve into a series of high-profile data breaches that have rocked industries from telecommunications to healthcare, highlighting the critical need for robust security measures.

Optus finds itself in hot water as Australia's privacy watchdog takes legal action over a massive data breach that exposed millions of customer records. Meanwhile, Boston Children's Health Physicians settles a class action lawsuit for $5.15 million following a breach that compromised nearly a million individuals' data. These incidents underscore the persistent vulnerabilities plaguing the healthcare sector.

In a twist of fate, Glens Falls Hospital and Air France-KLM both grapple with the fallout from third-party platform hacks, emphasizing the risks inherent in relying on external systems. UnitedHealth Group's latest breach further illustrates the relentless cyber threats targeting sensitive health data.

On the cutting edge of cybersecurity, Black Hat 2025 showcases how AI is revolutionizing threat detection and response strategies, while CISA mandates urgent patches for a critical Microsoft Exchange flaw. A leak revealing the day-to-day operations of North Korean IT scammers offers a rare glimpse into the clandestine world of cyber espionage.

In the realm of vulnerabilities, we explore critical flaws affecting everything from SIP phones to GStreamer plugins, and the implications of weak encryption in JSON Web Encryption standards. These vulnerabilities highlight the ever-present need for vigilance and timely updates to safeguard sensitive information.

Join us as we navigate these complex narratives, offering insights and strategies to fortify your defenses in an increasingly perilous digital landscape.

Data Breaches

1. Optus sued by AIC over major data breach: Optus is facing legal action from Australia's privacy regulator over a significant data breach that occurred in 2022. The breach involved unauthorized access to the personal information of millions of current and former customers. The lawsuit alleges that Optus failed to adequately manage cybersecurity, leading to the exposure of sensitive data. Source: 9News, Reuters, The Australian.
2. $5.15M Boston Children's Health Physicians data breach settlement: A data breach at Boston Children's Health Physicians in September 2024 compromised the information of approximately 918,000 patients and employees. The breach led to a class action lawsuit, resulting in a $5.15 million settlement. The incident highlights the ongoing vulnerabilities in healthcare data security. Source: Class Action Lawsuits.
3. Glens Falls data breach linked to Oracle hack: Glens Falls Hospital in New York experienced a data security incident linked to a hack on Oracle Health/Cerner. The breach did not involve the hospital's current EHR vendor, but it underscores the risks associated with third-party platforms in healthcare. The hospital has since switched vendors to enhance data security. Source: Healthcare Finance News.
4. Air France and KLM disclosed data breaches following the hack of a third-party platform: Air France and KLM reported a data breach after hackers gained unauthorized access to a third-party platform. While no sensitive financial data was compromised, customer names and other personal information were exposed. The incident highlights the importance of securing third-party systems in the aviation industry. Source: Security Affairs, Dark Reading.
5. UnitedHealth Group's Latest Health Data Breach Woes: UnitedHealth Group reported another data breach to the HHS' Office for Civil Rights in 2025, following a previous hack in 2024. The breach involved unauthorized access to sensitive health data, raising concerns about the company's data protection measures. The incident is part of a broader trend of increasing cyber threats in the healthcare sector. Source: Bank Info Security.

Security Research

1. Black Hat 2025: How AI Is Changing the Security Game: At the Black Hat 2025 event, cybersecurity researcher Mikko Hypponen delivered a keynote address highlighting the transformative impact of AI on security practices. The discussion centered on how AI is reshaping threat detection, response strategies, and the overall cybersecurity landscape. Source: eWEEK.
2. CISA Orders Fed Agencies to Patch New Exchange Flaw by Monday: Security researcher Dirk-Jan Mollema from Outsider Security demonstrated a critical vulnerability in Microsoft Exchange that could be exploited, prompting CISA to mandate immediate patching by federal agencies. This flaw underscores the ongoing challenges in securing widely-used enterprise software. Source: Bleeping Computer.
3. Leak Reveals the Workaday Lives of North Korean IT Scammers: A data leak has exposed the operational details of North Korean IT scammers, providing unprecedented insights into their daily activities and tactics. This revelation offers a rare glimpse into the cyber operations of a nation often shrouded in secrecy. Source: WIRED.
4. Marshall University Institute for Cyber Security and DroneTrace Launch Partnership: A new partnership between Marshall University and DroneTrace aims to advance drone forensics and autonomous systems security research. This collaboration will enhance capabilities in addressing emerging threats in drone technology. Source: Marshall University News.
5. Creepy Camera Hacks Expose IoT Security Risks in Healthcare: Recent IoT security incidents in healthcare have highlighted significant vulnerabilities in connected devices. A panel discussion with experts emphasized the urgent need for improved security measures to protect sensitive medical data from unauthorized access. Source: BankInfoSecurity.

Top CVEs

1. CVE-2025-24000: Authentication Bypass Using an Alternate Path or Channel vulnerability in WPExperts Post SMTP allows an attacker to bypass authentication. This issue affects Post SMTP from unspecified versions, potentially exposing sensitive data or allowing unauthorized actions. Source: Vulners.
2. CVE-2025-47188: A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. This could lead to the execution of arbitrary commands, compromising sensitive configuration data or device availability. Source: Vulners.
3. CVE-2025-47219: In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, potentially leading to information disclosure. This vulnerability could be exploited to access sensitive data. Source: Vulners.
4. CVE-2025-47808: In GStreamer through 1.26.1, the subparse plugin's tmplayer_parse_line function may dereference a NULL pointer while parsing a subtitle file, leading to a potential denial of service. This vulnerability could disrupt media processing services. Source: Vulners.
5. CVE-2025-47183: In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_tree function may read past the end of a heap buffer while parsing an MP4 file, leading to information disclosure. This vulnerability could be exploited to access sensitive data. Source: Vulners.

API Security

1. JWE is missing AES-GCM authentication tag validation in encrypted JWE: The authentication tag of encrypted JSON Web Encryptions (JWEs) can be brute forced, leading to potential loss of confidentiality and the ability to craft arbitrary JWEs. This vulnerability affects users even if they do not use an AES-GCM encryption algorithm, as the GCM internal GHASH key can be recovered. Users must rotate encryption keys after upgrading to version 1.1.1, which fixes the issue by adding a tag length check for the AES-GCM algorithm. Source: vulners.com
2. Ollama allows deletion of arbitrary files: A vulnerability in Ollama v0.1.33 permits attackers to delete arbitrary files by sending a crafted packet to the endpoint. This flaw could be exploited to remove critical files, potentially leading to data loss or system instability. Users are advised to apply necessary patches or updates to mitigate this risk. Source: vulners.com
3. CVE-2025-54887: The Ruby implementation of the RFC 7516 JSON Web Encryption (JWE) standard, in versions 1.1.0 and below, is vulnerable to brute force attacks on authentication tags. This can lead to loss of confidentiality and allow crafting of arbitrary JWEs. Users are at risk even if not using AES-GCM encryption, and should rotate encryption keys after upgrading to the fixed version. Source: vulners.com
4. CVE-2025-45765: The ruby-jwt v3.0.0.beta1 contains weak encryption, as the library does not enforce key size, leaving it to OpenSSL's recent versions to impose restrictions. This weakness could potentially be exploited, compromising the security of JWTs. Users should ensure they are using updated libraries and adhere to recommended key sizes. Source: vulners.com
5. CVE-2024-42048: OpenOrange Business Framework 1.15.5 has a vulnerability that allows unprivileged users to write to the installation directory. This could be exploited to modify or corrupt the application, leading to potential security breaches or data integrity issues. Users should restrict write permissions and apply updates to secure their systems. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the cybersecurity landscape is as dynamic as ever. From major data breaches affecting millions to vulnerabilities in widely-used software, the challenges are vast and varied. Whether it's Optus facing legal action over a significant data breach or the ongoing vulnerabilities in healthcare data security, these stories remind us of the critical importance of robust cybersecurity measures.

We also explored how AI is reshaping the security game, as highlighted at Black Hat 2025, and the urgent need for patching vulnerabilities in enterprise software, as demonstrated by CISA's recent directive. The insights into North Korean IT scammers and the partnership between Marshall University and DroneTrace further underscore the diverse nature of cybersecurity threats and innovations.

As we continue to navigate these complex issues, it's crucial to stay informed and proactive. Sharing knowledge is a powerful tool in our collective defense against cyber threats. If you found today's newsletter insightful, please consider sharing it with your friends and colleagues. Together, we can build a more secure digital world.

Thank you for joining us today. Stay vigilant, stay informed, and we'll see you in the next edition of Secret CISO!