Welcome to today's issue of Secret CISO, where we bring you the latest updates on cybersecurity threats and solutions. Today, we're focusing on a nationwide security breach that has potentially compromised several Greater Cincinnati school districts. The breach, which has affected the PowerSchool software vendor, has led to the exposure of student information and teacher social security numbers.

In other news, Michigan has joined a $20M multistate data breach enforcement action, while EncompassCare has reported a data breach affecting consumers' social security numbers. On the technical front, we delve into the world of AI-driven ransomware groups and the rise of cybercriminal operations developing tools to bypass AI safety guardrails. We also highlight the achievements of a GW Engineering Ph.D. student who has won a prestigious Google Fellowship for his work in data security.

Finally, we discuss the latest vulnerabilities identified in various software and systems, including the PowerSchool data breach, the Microsoft Patch Tuesday release, and the Ivanti zero-day patching. Stay tuned for more updates and remember, knowledge is the first line of defense. Stay safe!

Data Breaches

1. Greater Cincinnati School Districts Compromised in Nationwide Security Breach: Several school districts in Greater Cincinnati have reported a potential compromise of student information due to a nationwide security breach. The breach is believed to have affected the Student Information System (SIS) provided by PowerSchool, a software vendor for schools. Source: YouTube and Fairbury Journal News
2. Teacher Social Security Numbers Included in PowerSchool Data Breach: A data breach at PowerSchool, a student information system provider, has reportedly impacted teacher's social security numbers across the Carolinas and the US. The extent of the breach is still being determined. Source: WBTV
3. EncompassCare Data Breach Affecting Consumers' Social Security Numbers: EncompassCare filed a notice of data breach with the Attorney General of Massachusetts after discovering unauthorized access to consumers' social security numbers. The extent of the breach and the number of affected consumers is currently unknown. Source: JD Supra
4. Michigan Joins $20M Multistate Data Breach Enforcement Action: Michigan has joined a $20 million multistate data breach enforcement action following a data breach that impacted 5.8 million customers. The action is in response to inadequate cybersecurity practices and lack of cooperation with state regulators. Source: SooLeader
5. Robinhood to Pay $45M SEC Settlement Over Data Breach: Robinhood has agreed to pay a $45 million settlement to the SEC over a data breach and other violations. The fines connected to the 2021 data breach came in at $2 million. Source: Hacker News

Security Research

1. AI-Driven Ransomware Group Strikes 85 Victims: A new AI-driven ransomware group has successfully targeted 85 victims, demonstrating the increasing sophistication of cyber threats. The group's tactics highlight the importance of robust security controls. Source: BankInfoSecurity
2. Microsoft sues cybercriminal operation that developed tools to bypass AI safety guardrails: Microsoft is taking legal action against a cybercriminal operation that has developed tools to bypass AI safety measures. This case underscores the ongoing battle between tech companies and cybercriminals. Source: SiliconANGLE
3. New Federal Playbook Aims to Boost AI Cyber Incident Sharing: A new federal playbook is encouraging organizations to establish comprehensive vulnerability disclosure policies. This move aims to enhance AI cyber incident sharing and improve overall cybersecurity. Source: GovInfoSecurity
4. Hackers are exploiting a new Fortinet firewall bug to breach company networks: Security researchers have discovered that hackers are exploiting a newly found vulnerability in Fortinet firewalls to infiltrate corporate networks. This highlights the need for constant vigilance and timely patching in cybersecurity. Source: Yahoo Finance
5. Apple Patches Flaw That Allows Kernel Security Bypassing: Apple has patched a flaw that allowed kernel security bypassing, emphasizing the importance of proactive monitoring for such anomalies. Advanced detection mechanisms can provide organizations with a crucial advantage in cybersecurity. Source: BankInfoSecurity

Top CVEs

1. CVE-2025-23013 - Local Privilege Escalation in Yubico pam-u2f: In Yubico pam-u2f before 1.3.1, an issue allows for an authentication bypass in some configurations, leading to local privilege escalation. The attacker would require access to the system as an unprivileged user. Source: CVE-2025-23013
2. CVE-2024-55591 - Authentication Bypass in FortiOS and FortiProxy: A vulnerability affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket. Source: CVE-2024-55591
3. CVE-2024-11734 - Denial of Service in Keycloak: A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm settings to disrupt the service by modifying any of the security headers and inserting newlines. Source: CVE-2024-11734
4. CVE-2024-11736 - Sensitive Data Exposure in Keycloak: A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable URLs. Source: CVE-2024-11736
5. CVE-2024-7344 - Unsigned Software Execution in Howyar UEFI Application: Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded manner. Source: CVE-2024-7344

API Security

1. Git Credential Manager Carriage-Return Character Vulnerability: A mismatch in newline treatment between Git and Git Credential Manager (GCM) allows an attacker to craft a malicious remote URL that can leak credentials. This vulnerability is heightened when cloning from repositories with submodules. Source: Vulners.
2. Gradio Blocked Path ACL Bypass Vulnerability: Gradio's Access Control List (ACL) for file paths can be bypassed by altering the letter case of a blocked file or directory path. This flaw enables attackers to circumvent security restrictions and access sensitive files that should be protected. This issue has been addressed in release version 5.6.0. Source: Vulners.
3. Rasa Remote Code Execution Vulnerability: A vulnerability in Rasa allows an attacker who can load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. This issue has been addressed in Rasa version 3.6.21. Source: Vulners.
4. AquilaCMS Deserialization Vulnerability: A critical vulnerability was found in AquilaCMS 1.412.13. The manipulation of the argument PostBody.populate leads to deserialization. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond. Source: Vulners.
5. FortiOS and FortiProxy Authentication Bypass Vulnerability: An Authentication Bypass Using an Alternate Path or Channel vulnerability affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket. Source: Vulners.

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. We've covered a lot of ground, from the nationwide security breach affecting several school districts to the latest data breaches impacting local school districts and the potential compromise of teacher social security numbers. In the world of cybersecurity, knowledge is power. By staying informed, we can better protect our systems and data against potential threats. So, if you found today's newsletter helpful, why not share it with your friends and colleagues? Let's work together to create a safer digital world.

Remember, cybersecurity isn't just about protecting systems; it's about safeguarding our way of life in the digital age. Stay safe, stay informed, and stay vigilant. See you in the next edition of Secret CISO.