Welcome to today's issue of Secret CISO. Today, we're diving deep into the world of data breaches, starting with an update on the PowerSchool Cyber Incident. Parents, guardians, and caregivers are receiving letters about the incident, which involves data dating back to 1985. The breach, which occurred at Ontario's largest school board, has raised concerns among privacy watchdogs about the exposure of students' personal information. In other news, HPE is investigating claims of a breach after a hacker alleged to have stolen source code.

Meanwhile, Morrison Community Hospital has agreed to a $675K settlement to resolve a ransomware lawsuit. The data breach was reported to the HHS after the BlackCat/ALPHV group leaked stolen data on its site. Tecta America Corp. is facing a lawsuit from a former employee over a data breach that exposed information including Social Security numbers. The breach has raised questions about data security law and the protection of personal information.

We'll also be looking at the role of security researchers in identifying and addressing vulnerabilities, with insights from experts at Concordia and Hitachi Cyber, who are developing an AI-powered solution to revolutionize cybersecurity threat investigations. Stay tuned for more updates on these stories and a roundup of the latest vulnerabilities identified by our team of experts. As always, we're here to keep you informed and prepared in the ever-evolving world of cybersecurity.

Data Breaches

1. PowerSchool Cyber Incident: A high-profile data breach at PowerSchool, a software company that stores data for school boards across North America, has raised concerns. The breach involves data going back to 1985, potentially affecting a large number of students, staff, and parents. The company has taken steps to prevent further unauthorized access or misuse of data. Source: TDSB, Global News
2. HPE Potential Data Breach: Hewlett Packard Enterprise (HPE) is investigating claims of a security breach after a threat actor claimed to have stolen source code. While HPE has not found any evidence of a breach yet, the investigation is ongoing. Source: Bleeping Computer
3. Morrison Community Hospital Data Breach: Morrison Community Hospital has agreed to a $675K settlement to resolve a ransomware lawsuit. The BlackCat/ALPHV group leaked stolen data on its site after the ransom was not paid. The breach was reported to the HHS. Source: HIPAA Journal
4. Tecta America Corp Data Breach: Tecta America Corp is being sued by a former employee over a data breach that exposed information including Social Security numbers, driver's license numbers, and financial account information. Source: Bloomberg Law News
5. Texas HHSC Data Breach: Texas Health and Human Services Commission (HHSC) suffered a data breach in late 2024, impacting 61,000 individuals across the state, leading to potential exposure to financial fraud. Source: Lubbock Online

Security Research

1. 50000 critical exposures + one of the most vulnerable IT environments: our schools: A report highlights the vulnerability of IT environments in schools, with 50,000 critical exposures identified. The need for robust security measures in educational institutions is emphasized. Source: SC Media
2. Concordia and Hitachi Cyber develop AI-powered solution to revolutionize cybersecurity: A research partnership between Concordia's Security Research Centre and Hitachi Cyber aims to improve cybersecurity efficiency and reduce false positives using AI. Source: Concordia News
3. The role of the OSCE in European conflict prevention and security: The Organization for Security and Co-operation in Europe (OSCE) plays a crucial role in addressing evolving regional security risks, despite facing numerous challenges. Source: PubAffairs Bruxelles
4. Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers: New research uncovers security vulnerabilities in multiple tunneling protocols, exposing as many as 4.2 million hosts, including VPNs and routers. Source: The Hacker News
5. Details Disclosed for Mercedes-Benz Infotainment Vulnerabilities: A team of external security researchers disclosed vulnerabilities in the first-generation MBUX – Mercedes-Benz User Experience. Source: SecurityWeek

Top CVEs

1. CVE-2023-52923 - Linux Kernel Netfilter Vulnerability: A vulnerability in the Linux kernel's netfilter component has been resolved. The issue was related to the handling of set elements in async garbage collection, which could potentially be exploited by attackers. The vulnerability has been patched. Source: CVE-2023-52923
2. CVE-2024-13176 - ECDSA Signature Timing Side-Channel: A timing side-channel vulnerability exists in the ECDSA signature computation, potentially allowing an attacker to recover the private key. The vulnerability is significant for certain supported elliptic curves, particularly the NIST P-521 curve. The vulnerability has been patched. Source: CVE-2024-13176
3. CVE-2024-45091 - IBM UrbanCode Deploy Information Disclosure: IBM UrbanCode Deploy versions 7.0 through 7.2.3.13 store potentially sensitive information in log files that could be read by a local user. This could lead to unauthorized access to sensitive information. Source: CVE-2024-45091
4. CVE-2025-22620 - gitoxide Permission Settings Vulnerability: gitoxide, an implementation of git written in Rust, specifies 0777 permissions when checking out executable files, potentially making files in a repository world-writable in some situations. This vulnerability has been patched. Source: CVE-2025-22620
5. CVE-2024-45647 - IBM Security Verify Access Password Change Vulnerability: IBM Security Verify Access versions 10.0.0 through 10.0.8 could allow an unverified user to change the password of an expired user without prior knowledge. This could lead to unauthorized access. Source: CVE-2024-45647

API Security

1. CVE-2025-24010 - Vite Frontend Tooling Framework Vulnerability: Vite, a JavaScript frontend tooling framework, had a vulnerability that allowed any website to send requests to the development server and read the response. This was due to the default CORS settings and a lack of validation on the Origin header for WebSocket connections. The issue has been resolved in versions 6.0.9 and 5.4.12. Source: Vulners
2. CVE-2023-52923 - Linux Kernel Netfilter Vulnerability: A vulnerability in the Linux kernel's netfilter has been resolved. The issue was with the nf_tables set backend, which used an old and buggy garbage collection (GC) API and the busy mark approach. The new GC transaction API has replaced these, improving the handling of set elements and enhancing the security of the system. Source: Vulners

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. We hope you found these updates insightful and valuable for your daily operations. Remember, the digital world is an ever-evolving landscape, and staying informed is your first line of defense. As we continue to navigate the complex realm of cybersecurity, let's not forget the importance of sharing knowledge. If you found this newsletter helpful, please consider sharing it with your colleagues and friends.

Together, we can strengthen our defenses and create a safer digital environment for everyone. Stay safe, stay informed, and see you in the next edition of Secret CISO.