Welcome to today's issue of Secret CISO, your daily dose of the most impactful cybersecurity news. Today, we're diving into a series of high-profile data breaches affecting organizations from Texas Tech University Health Sciences Center to the US Treasury. We'll explore how a US Army soldier was arrested for a data breach and extortion attempt involving AT&T, Verizon, and Presidential call logs. We'll also look at how Japanese businesses are being hit by a surge in DDoS attacks, and how Chinese hackers have breached US Treasury workstations.

In South Africa, a major business data breach has raised concerns, while Tecta America faces a lawsuit over a data breach. We'll also discuss the latest trends in privacy and data breach litigation, and how a data breach at cannabis operator Stiiizy has led to customer records being acquired. In other news, Richmond University Medical Center has confirmed a ransomware attack that affected over 670,000 individuals, and New York has modified its data breach law heading into 2025. On the research front, we'll delve into the latest findings from security researchers, including a bug in the Virtuals Protocol, the dangers of double-clicking, and the franchising of the Islamic State.

Lastly, we'll round up the latest CVEs, giving you a snapshot of the most recent vulnerabilities discovered. Stay safe and informed with Secret CISO.

Data Breaches

1. Notice of Data Breach | Newswire: AuthoraCare Collective has reported a data breach, the details of which are currently under investigation. The company has engaged IT forensic specialists to investigate the breach. Source: Newswire
2. Texas Tech University Health Sciences Center Data Breach: A data breach at Texas Tech University Health Sciences Center is currently under investigation. The breach has raised concerns over the security of sensitive personal and protected health information. Source: Accesswire
3. US Army Soldier Arrested for AT&T, Verizon Data Breach and Presidential Call Log Extortion: A US Army soldier has been arrested in connection with a data breach at AT&T and Verizon, marking the latest in a series of high-profile telecommunications security breaches. Source: Mobile ID World
4. Chinese hackers breach US Treasury workstations - Top Class Actions: The US Department of the Treasury has reported a data breach, allegedly perpetrated by Chinese threat actors. The reasons behind the breach are currently under investigation. Source: Top Class Actions
5. Major business data breach in South Africa - MyBroadband: A major business in South Africa has reported a potential security breach involving one of its cloud storage databases. The company's internal monitoring systems detected the breach. Source: MyBroadband

Security Research

1. Texas A&M Provides Multiple Paths for Cybersecurity Industry Jobs: Texas A&M University is offering various avenues for students to enter the cybersecurity industry, promising guaranteed employment upon graduation. The initiative aims to address the growing demand for cybersecurity professionals. Source: kbtx.com
2. Double Clicking Danger - Just Two Clicks Can Let Attackers Steal Your Accounts: Security researcher Paulos Yibelo has uncovered a new attack method, dubbed 'DoubleClickjacking', that can compromise user accounts with just two clicks. The discovery highlights the need for increased user awareness and robust security measures. Source: techradar.com
3. Digital License Plates Used in AZ Vulnerable to Hacking: Security researchers have found an exploit that allows digital license plates used in Arizona to be hacked. The discovery raises concerns about the security of increasingly digital infrastructure. Source: azmirror.com
4. 36 Chrome Extensions Compromised in Supply Chain Attack: A supply chain attack has compromised 36 Chrome extensions, according to security researchers. The incident underscores the need for robust security measures in the development and distribution of software extensions. Source: bankinfosecurity.com
5. A Signature Verification Bypass in Nuclei (CVE-2024-43405): Security researchers have discovered a signature verification bypass in Nuclei, a popular vulnerability scanning tool. The discovery could help security teams assess their systems' security posture more effectively. Source: wiz.io

Top CVEs

1. CVE-2025-22376 - Weak Nonce Generation in Net::OAuth::Client: In the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand() function, which is not cryptographically secure. This could potentially allow attackers to predict the nonce and perform replay attacks. Source: vulners.com
2. CVE-2024-9138 - Hard-Coded Credentials in Moxa’s Devices: Moxa’s cellular routers, secure routers, and network security appliances are affected by a high-severity vulnerability. This vulnerability involves hard-coded credentials, enabling an authenticated user to escalate privileges and gain root-level access to the system. Source: vulners.com
3. CVE-2025-0199 - SQL Injection in Point of Sales and Inventory Management System: A critical vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0. The manipulation of the argument id in the file /user/minus_cart.php leads to SQL injection, allowing remote attackers to manipulate the database. Source: vulners.com
4. CVE-2024-55896 - Improper Restrictions in IBM PowerHA SystemMirror: IBM PowerHA SystemMirror for i 7.4 and 7.5 contains improper restrictions when rendering content via iFrames. This vulnerability could allow an attacker to gain improper access and perform unauthorized actions on the system. Source: vulners.com
5. CVE-2024-55897 - Insecure Session Cookies in IBM PowerHA SystemMirror: IBM PowerHA SystemMirror for i 7.4 and 7.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to, potentially leading to unauthorized access. Source: vulners.com

API Security

1. CVE-2025-22376 - Net::OAuth::Client Security Issue: A security vulnerability has been identified in the Net::OAuth package before 0.29 for Perl. The default nonce is a 32-bit integer generated from the built-in rand() function, which is not cryptographically secure. This could potentially be exploited by attackers. Source: vulners.com
2. CVE-2025-21609 - SiYuan Arbitrary File Deletion Vulnerability: SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability in the POST /api/history/getDocHistoryContent endpoint. An attacker can craft a payload to exploit this vulnerability, resulting in the deletion of arbitrary files on the server. This vulnerability is fixed in the latest commit. Source: vulners.com
3. SiYuan Arbitrary File Deletion Vulnerability Details: A detailed explanation of the arbitrary file deletion vulnerability in SiYuan Note. The vulnerability exists in the POST /api/history/getDocHistoryContent endpoint and can be exploited by sending a crafted request. The historyPath parameter in the payload is processed by the func getDocHistoryContent, which if not satisfied, will delete the file. Source: vulners.com
4. CVE-2024-56320 - GoCD Admin Privilege Escalation: GoCD versions prior to 24.5.0 are vulnerable to admin privilege escalation due to improper authorization of access to the admin "Configuration XML" UI feature, and its associated API. A malicious insider could abuse this vulnerability to access information intended only for GoCD admins, or to escalate their privileges. The issue is fixed in GoCD 24.5.0. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. We've covered a lot of ground, from data breaches at major institutions to the latest security research findings. Remember, staying informed is the first step towards safeguarding your systems and data. If you found this newsletter helpful, please consider sharing it with your colleagues and friends. Together, we can build a more secure digital world. Until next time, stay safe and stay vigilant.

P.S. If you have any questions or comments, feel free to reach out. We always appreciate your feedback.