Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity threats and breaches that have unfolded. Today, we delve into a series of alarming incidents that underscore the vulnerabilities lurking in our digital landscape.

First, Plex users are urged to reset their passwords following a significant data breach, reminding us of the ever-present threat to personal information. Meanwhile, a massive attack on JavaScript code packages has exposed the fragility of the digital supply chain, particularly impacting cryptocurrency users. This breach, described as the largest supply chain attack in history, highlights the critical need for robust security measures in software development.

In a parallel narrative, AI-driven malware has hijacked over 2000 GitHub accounts, showcasing the evolving sophistication of cyberattacks. As hackers manipulate search engine results to promote malicious gambling websites, the importance of vigilance in our online interactions becomes glaringly apparent.

On the corporate front, Wealthsimple and SK Telecom grapple with the fallout of data breaches, with the latter facing a record fine for cybersecurity failures. These incidents serve as stark reminders of the consequences of inadequate security protocols.

Finally, we explore a series of vulnerabilities affecting various platforms, from SQL injection issues in pREST to privilege escalation in the Fides Webserver API. These vulnerabilities emphasize the need for continuous security audits and updates to safeguard our digital ecosystems.

Join us as we navigate these stories, each a crucial piece in the puzzle of cybersecurity resilience. Stay informed, stay secure.

Data Breaches

1. Plex Tells Users to Reset Passwords After New Data Breach: Plex, a popular media streaming platform, has disclosed a significant security breach that may have compromised user account information, including email addresses, usernames, and securely hashed passwords. Users are urged to change their passwords to protect their accounts. Source: Bleeping Computer.
2. 18 Popular Code Packages Hacked, Rigged to Steal Crypto: A security breach involving the compromise of a developer's NPM account led to the insertion of malicious code into at least 18 popular JavaScript code packages. This breach highlights vulnerabilities in the digital supply chain, particularly affecting cryptocurrency-related applications. Source: Krebs on Security.
3. Wealthsimple Exec Apologizes to Customers After Data Breach: Wealthsimple experienced a security incident that compromised some customers' personal information, including social insurance numbers and account numbers. The company has assured customers that no account details were misused and is taking steps to enhance security measures. Source: The Globe and Mail.
4. SK Telecom Hit With a Record Data Breach Fine Over Cybersecurity Failures: SK Telecom faced a record $97.2 million fine for failing to prevent a cyber attack in April 2025 that exposed the personal information of 23.2 million people. This breach underscores the importance of robust cybersecurity measures to protect sensitive data. Source: CPO Magazine.
5. New Security Breach Threatens Crypto and Everyday Apps: A global security breach in npm has put numerous apps and cryptocurrency platforms at risk, revealing the fragility of the digital supply chain for businesses worldwide. This incident emphasizes the need for heightened vigilance and security protocols in software development. Source: Forbes.

Security Research

1. AI Malware Strikes: “s1ngularity” Attack Hijacks 2000+ GitHub Accounts: A recent attack dubbed "s1ngularity" has compromised over 2000 GitHub accounts using AI-driven malware. The breach highlights the growing threat of AI in cyberattacks, emphasizing the need for enhanced security measures on platforms like GitHub. Source: LinkedIn
2. Hackers Promote Gambling Websites with SEO Poisoning: Cybercriminals are using SEO poisoning techniques to manipulate search engine results, directing users to malicious gambling websites. This method exploits the trust users place in search engines, underscoring the importance of vigilance and robust cybersecurity practices. Source: GovInfoSecurity
3. Crypto Users Urged to Take Extreme Care as NPM Attack Hits Core JavaScript Libraries: A significant NPM attack has targeted core JavaScript libraries, affecting crypto users and developers. Security researchers are urging extreme caution, as the attack could compromise sensitive data and financial transactions. Source: TradingView
4. Largest Supply Chain Attack in History Targets Crypto Users Through Compromised JavaScript Packages: Described as the largest supply chain attack to date, this incident involves compromised JavaScript packages affecting crypto transactions. The attack highlights vulnerabilities in software supply chains and the critical need for comprehensive security audits. Source: CryptoRank
5. Dev Caught in Phishing Net, 18 NPM Packages Compromised: A developer fell victim to a phishing attack, leading to the compromise of 18 NPM packages. This incident serves as a reminder of the persistent threat of phishing and the importance of security awareness among developers. Source: The Register

Top CVEs

1. CVE-2025-54994: A command injection vulnerability exists in the MCP server starter kit @akoskm/create-mcp-server-stdio, affecting versions prior to 0.0.13. This vulnerability arises from the use of the unsafe Node.js child process API exec, which can be exploited if concatenated with untrusted user input. The issue has been addressed in version 0.0.13. Source: Vulners.
2. CVE-2025-3212: A Use After Free vulnerability in Arm Ltd's GPU Kernel Drivers, including Bifrost, Valhall, and Arm 5th Gen GPU Architecture, allows local non-privileged users to access freed memory. This affects multiple versions of the drivers, potentially leading to unauthorized memory access. Source: Vulners.
3. CVE-2025-58782: Apache Jackrabbit Core and JCR Commons are vulnerable to deserialization of untrusted data, which can lead to arbitrary code execution. This affects versions from 1.0.0 through 2.22.1. The vulnerability is mitigated in version 2.22.2, where JCR lookup through JNDI is disabled by default. Source: Vulners.
4. CVE-2025-56266: Avigilon ACM v7.10.0.20 is susceptible to a Host Header Injection vulnerability, allowing attackers to execute arbitrary code by supplying a crafted host header. Source: Vulners.
5. CVE-2025-7709: An integer overflow vulnerability in the FTS5 extension of SQLite can lead to writing a pointer to partially controlled data out of bounds. This occurs when an array of tombstone pointers is calculated and truncated into a 32-bit integer. Source: Vulners.

API Security

1. pREST has a Systemic SQL Injection Vulnerability: pREST, a tool for exposing PostgreSQL databases via RESTful APIs, has been found to have systemic SQL injection vulnerabilities in its implementation. Despite attempts to sanitize user input, the protection is often faulty or non-existent, allowing potential SQL injection attacks. Users are advised to upgrade to version 2.0.0-rc3 or later, which contains patches to mitigate these vulnerabilities. Source: Vulners.
2. Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation: The Fides Webserver API has a vulnerability where OAuth client creation and update endpoints do not properly authorize scope assignment. This allows users with certain permissions to escalate their privileges to owner-level. The issue has been patched in version 2.69.1, and users are advised to upgrade to this version to secure their systems. Source: Vulners.
3. Fides Webserver API Rate Limiting Vulnerability in Proxied Environments: The Fides Webserver API's IP-based rate limiting is ineffective in environments with CDNs or proxies, allowing attackers to bypass rate limits and potentially cause denial of service. The vulnerability has been patched in version 2.69.1, and users are encouraged to upgrade. Source: Vulners.
4. Fides has a Lack of Brute-Force Protections on Authentication Endpoints: Fides lacks specific anti-automation controls on its Admin UI login endpoint, making it vulnerable to brute-force attacks. The issue has been addressed in version 2.69.1, and upgrading to this version is recommended to enhance security. Source: Vulners.
5. @akoskm/create-mcp-server-stdio is vulnerable to MCP Server Command Injection through `exec` API: The MCP Server is vulnerable to command injection attacks due to unsafe use of the Node.js child process API exec. This vulnerability has been addressed in version 0.0.13, and users should apply the update to mitigate the risk. Source: Vulners.

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is as dynamic as ever, with new challenges emerging at every turn. From Plex urging users to reset passwords after a breach, to the largest supply chain attack targeting crypto users, the importance of staying informed and vigilant cannot be overstated.

These stories remind us of the critical need for robust security measures and the constant evolution required to protect our digital assets. Whether it's AI-driven malware hijacking GitHub accounts or vulnerabilities in popular code packages, the threats are real and require our immediate attention.

We hope you found today's insights valuable and that they empower you to enhance your cybersecurity strategies. Remember, knowledge is power, and sharing this knowledge can help fortify our collective defenses.

If you found this newsletter helpful, please consider sharing it with your friends and colleagues. Together, we can build a more secure digital world. Stay safe, stay informed, and see you in the next edition of Secret CISO!