Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity threats and defenses. In this issue, we delve into a world where SVG files become the Trojan horses of phishing campaigns, and data breaches ripple through giants like Allianz, OnTrac, and TransUnion, exposing millions to potential harm.

As we navigate these turbulent waters, we uncover a vulnerability in Burger King's drive-thru system, revealing the lurking dangers in everyday technologies. Meanwhile, Nevada's cyberattack serves as a stark reminder of the need for fortified state-level defenses.

In the shadows, the elusive 'TAG-150' group emerges with their novel 'CastleRAT' malware, while the Kazakhstan energy sector battles the 'BarrelFire' phishing onslaught. The urgency of patch management is underscored by the active exploitation of a critical SAP S/4HANA vulnerability.

On the defensive front, we spotlight cutting-edge tools like the Shodan API-powered vulnerability scanner and QuerySniper, arming security professionals with the means to combat these evolving threats. Join us as we explore these stories and more, equipping you with the insights needed to stay one step ahead in the cybersecurity landscape.

Data Breaches

1. VirusTotal Finds Hidden Malware Phishing Campaign in SVG Files: A sophisticated phishing campaign has been uncovered by VirusTotal, where attackers used SVG files to embed malicious content. The phishing site cleverly mimics legitimate portals, including case numbers and security tokens, to deceive users. This highlights the evolving tactics of cybercriminals in exploiting file formats for malicious purposes. Source: Bleeping Computer
2. Class Actions Brought Against Allianz Over Data Breach: Allianz faces a class action lawsuit following a data breach, reflecting a growing trend of legal actions against companies for negligence in protecting consumer data. The breach has raised concerns over the adequacy of data protection measures and the accountability of corporations in safeguarding sensitive information. Source: Forbes
3. Delivery Giant's Data Breach Exposes 40,000 Personal Records: OnTrac, a delivery service provider, suffered a data breach between April 13-15, 2025, compromising the personal information of over 40,000 individuals. The exposed data includes Social Security numbers and medical information, raising significant privacy concerns. Source: Yahoo! Tech
4. TransUnion Data Breach Exposes Personal Information of 4.4 Million Consumers: TransUnion, a major credit reporting agency, confirmed a data breach that exposed sensitive information of 4.4 million consumers. The breach has sparked discussions on the security practices of credit agencies and the potential impact on consumer trust. Source: Strategic Revenue
5. Columbia University Data Breach Hits 870,000 People: Columbia University experienced a significant data breach affecting 870,000 individuals. The compromised data includes names, Social Security numbers, and academic records, raising concerns about the security of educational institutions' data management practices. Source: Fox News

Security Research

1. We hacked Burger King: How auth bypass led to drive-thru audio surveillance: A security researcher discovered an authentication bypass vulnerability in Burger King's drive-thru system, allowing unauthorized access to audio surveillance. The researcher responsibly disclosed the issue, highlighting the importance of securing IoT systems in public spaces. Source: Hacker News.
2. Nevada cyberattack: What happened and what's next: Nevada faced a significant cyberattack, prompting state leaders to address the ongoing response and future preventive measures. The incident underscores the need for robust cybersecurity frameworks at the state level to protect critical infrastructure. Source: YouTube.
3. Secretive MaaS Group 'TAG-150' Develops Novel 'CastleRAT': The 'TAG-150' group has developed a new malware called 'CastleRAT', which has been under the radar until recently. This development highlights the evolving threat landscape and the need for continuous monitoring of emerging threats. Source: Dark Reading.
4. Noisy Bear Targets Kazakhstan Energy Sector With BarrelFire Phishing Campaign: A phishing campaign dubbed 'BarrelFire' is targeting the Kazakhstan energy sector, using ZIP attachments to deliver malware. This attack emphasizes the persistent threat of phishing in critical sectors and the importance of employee awareness and training. Source: The Hacker News.
5. Critical, make-me-super-user SAP S/4HANA bug under active exploitation: A critical vulnerability in SAP S/4HANA is being actively exploited, allowing attackers to gain super-user privileges. SAP has issued a patch, but the incident highlights the urgency of timely updates and patch management in enterprise environments. Source: The Register.

API Security

1. Vulnerability Scanner using Shodan API: This tool utilizes the Shodan API to automatically discover, analyze, and report vulnerabilities in internet-connected devices, servers, and services. It features asset discovery, vulnerability detection, threat classification, and misconfiguration detection, with multi-format reporting capabilities. Source: Vulners.
2. QuerySniper - Advanced Vulnerability Research Toolkit: QuerySniper is an interactive command-line tool for vulnerability research and penetration testing, offering advanced dorking capabilities and a user-friendly interface. It includes features like SQL Injection Target Finder, XSS Vulnerability Scanner, and SQLMap Command Generator. Source: Vulners.
3. schneckyirl Security Testing Framework: This framework contains critical security vulnerabilities and is not recommended for production deployment. It includes a variety of security testing tools for reconnaissance, web application testing, fuzzing, exploitation, and more. Source: Vulners.
4. VulnScan Pro - Advanced Vulnerability Scanner: A professional web-based vulnerability scanner with a Flask backend, it performs network scans, identifies vulnerabilities, and generates proof-of-concept exploits. It features a modern UI, real-time stats, and ethical usage guidelines. Source: Vulners.
5. An intentionally vulnerable API service: Designed for learning and training, this API service allows developers, ethical hackers, and security engineers to engage in vulnerability detection and exploitation. It serves as a training playground with API documentation provided for hacking adventures. Source: Vulners.

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the cybersecurity landscape is as dynamic and challenging as ever. From the sophisticated phishing campaigns using SVG files to the alarming data breaches affecting millions, each story underscores the critical importance of vigilance and proactive measures in safeguarding our digital world.

We've also seen how vulnerabilities in everyday systems, like Burger King's drive-thru, can lead to unexpected security challenges, and how state-level cyberattacks, such as the one in Nevada, highlight the need for robust defenses. The emergence of new threats like 'CastleRAT' and the ongoing exploitation of vulnerabilities in systems like SAP S/4HANA remind us that the threat landscape is constantly evolving.

On the tools front, innovations like the Shodan API vulnerability scanner and QuerySniper toolkit offer promising solutions for identifying and mitigating risks. These tools, along with others mentioned, are vital resources for cybersecurity professionals striving to stay ahead of potential threats.

If you found today's insights valuable, please consider sharing this newsletter with your friends and colleagues. Together, we can build a more informed and resilient community, ready to tackle the cybersecurity challenges of tomorrow. Stay safe, stay informed, and see you in the next edition of Secret CISO!