Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity threats and defenses. In this issue, we delve into a series of alarming breaches and vulnerabilities that underscore the relentless nature of cyber threats in our interconnected world.

The Rhysida ransomware gang has struck the Maryland Transit Administration, demanding a hefty ransom and exposing sensitive personal data. Meanwhile, FinWise Bank faces a class-action lawsuit after a breach affected nearly 700,000 customers, highlighting the dire need for robust data protection measures.

Volvo North America and Stellantis join the growing list of companies grappling with data breaches, emphasizing the critical importance of securing supply chain networks and customer information. The Co-op cyberattack further illustrates the severe financial and reputational damage that can result from such incidents.

In the realm of AI, Salesforce has patched a critical vulnerability, "ForcedLeak," that exposed CRM data, while a malicious AI agent server has been caught stealing emails, showcasing the double-edged sword of AI integration in business applications.

As we explore the vulnerabilities in Cisco Secure Firewall and ADB MCP Server, it's clear that the cybersecurity landscape is fraught with challenges. Yet, amidst these threats, the manufacturing sector is making strides towards cyber resilience, and innovative research is advancing cybersecurity in intelligent transportation systems.

Join us as we navigate these pressing issues and explore the evolving role of AI in threat intelligence, offering insights into the future of cybersecurity.

Data Breaches

1. Rhysida Ransomware Gang Claims Maryland Transit Administration Breach: The Rhysida ransomware gang has claimed responsibility for a cyberattack on the Maryland Transit Administration, demanding a $3.4 million ransom. The breach exposed sensitive data, including names, dates of birth, driver's licenses, and Social Security numbers. Source.
2. FinWise Bank Data Breach Affects 689K Customers: FinWise Bank has reported a data breach impacting 689,000 customers. The breach has led to a class-action lawsuit, highlighting the vulnerability of customer data and the need for enhanced security measures. Source.
3. Volvo North America Confirms Third Party Data Breach: Volvo North America has confirmed a data breach involving a third-party supplier of human resources software. The incident underscores the risks associated with third-party vendors and the importance of securing supply chain networks. Source.
4. Stellantis Data Breach Includes Customers' Personal Info: Automaker Stellantis has announced a data breach that compromised customers' personal information. This incident adds to the growing list of breaches in the automotive industry, raising concerns about data protection practices. Source.
5. Co-op Cyberattack Causes £80 Million Profit Loss and Data Breach Impact: A cyberattack on Co-op resulted in a significant financial loss of £80 million and a data breach affecting 6.5 million members. The attack highlights the severe financial and reputational damage that can result from cyber incidents. Source.

Security Research

1. Salesforce Patches Critical ForcedLeak Bug Exposing CRM Data via AI Prompt Injection: Cybersecurity researchers have disclosed a critical vulnerability in Salesforce's CRM platform, which allowed unauthorized access to sensitive data through AI prompt injection. The flaw, dubbed "ForcedLeak," has been patched by Salesforce, but highlights the growing risks associated with AI integration in business applications. Source: The Hacker News.
2. Malicious AI Agent Server Reportedly Steals Emails: Security researchers have identified a malicious npm package, described as the first malicious MCP (Malicious Code Package) in the wild, which is capable of stealing emails. This discovery underscores the ongoing threat posed by malicious actors exploiting open-source ecosystems to distribute harmful software. Source: Infosecurity Magazine.
3. Research Finds Manufacturing Responding to Rising Cyber Threats: A recent study highlights that while manufacturing sectors are increasingly prioritizing cyber resilience, less than 50% are prepared for AI-powered, supply chain, or DDoS attacks. This research emphasizes the urgent need for enhanced cybersecurity measures in the face of evolving threats. Source: Manufacturing.net.
4. Beyond the Hype: What 520+ Security Leaders Revealed About AI in Threat Intelligence: A comprehensive survey by Insikt Group reveals insights from over 520 security leaders on the role of AI in threat intelligence. The findings suggest that while AI offers significant potential in enhancing security measures, there remains skepticism about its current capabilities and implementation challenges. Source: Recorded Future.
5. End-to-end Co-Simulation Testbed Advances Cybersecurity Research For Intelligent Transportation: The development of an end-to-end co-simulation testbed is advancing cybersecurity research for intelligent transportation systems. This initiative aims to improve traffic flow and safety by integrating interconnected networks and data, highlighting the importance of cybersecurity in modern transportation infrastructure. Source: Quantum Zeitgeist.

Top CVEs

1. CVE-2025-20333: A vulnerability in the VPN web server of Cisco Secure Firewall ASA and FTD Software allows an authenticated, remote attacker to execute arbitrary code on an affected device. This is due to improper validation of user-supplied input in HTTP(S) requests. An attacker with valid VPN credentials could exploit this by sending crafted HTTP requests, potentially resulting in complete device compromise. Source: Vulners.
2. CVE-2025-59834: ADB MCP Server, used for interacting with Android devices, is vulnerable to command injection attacks in versions 0.1.0 and prior. This vulnerability arises from the server's tool definition and implementation, allowing attackers to execute arbitrary commands. The issue has been patched in a recent commit. Source: Vulners.
3. CVE-2025-55554: PyTorch v2.8.0 contains an integer overflow vulnerability. This flaw could potentially be exploited to cause unexpected behavior or crashes in applications using this version of PyTorch, posing a risk to systems relying on this machine learning framework. Source: Vulners.
4. CVE-2025-20362: Another vulnerability in Cisco Secure Firewall ASA and FTD Software allows unauthenticated, remote attackers to access restricted URL endpoints. This is due to improper validation of user-supplied input in HTTP(S) requests, enabling attackers to bypass authentication and access restricted areas of the web server. Source: Vulners.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the cyber landscape is as dynamic as ever. From ransomware attacks on public transit systems to vulnerabilities in widely-used software, the threats we face are evolving rapidly. The stories we've covered today highlight the critical importance of staying informed and vigilant in the face of these challenges.

Whether it's the Rhysida ransomware gang targeting the Maryland Transit Administration or the vulnerabilities in Salesforce's CRM platform, each incident serves as a reminder of the potential impact on both organizations and individuals. The breaches at FinWise Bank and Volvo North America further emphasize the need for robust security measures and the importance of safeguarding customer data.

As we continue to navigate this complex digital world, sharing knowledge and insights becomes crucial. If you found today's newsletter informative, please consider sharing it with your friends and colleagues. By spreading awareness, we can collectively strengthen our defenses and foster a more secure digital environment for everyone.

Thank you for joining us today. Stay safe, stay informed, and we'll see you in the next edition of Secret CISO.