Welcome to today's issue of Secret CISO, your daily dose of the most impactful cybersecurity news. Today, we're unpacking data breaches, with insights from security experts who have transitioned from military intelligence to the private sector.

We'll delve into recent data breaches at Summerside hospital, Joseph Krar & Associates, and Zenith American Solutions. We'll also discuss the implications of DOGE's access to Treasury data, which experts warn could risk US financial standing and raise security concerns. In other news, we'll look at the investigation into a data breach at San Francisco-Marin Food Bank and the alert issued by a Georgia Hospital to 120,000 individuals following a data breach. We'll also explore the latest security updates from Apple, which warns millions to update their iPhones after a security breach that allows hackers to take control of devices.

Finally, we'll touch on the latest research in AI and cybersecurity, including the use of AIoT and WiFi to enhance smart home security, and the potential risks associated with browser extensions. Stay tuned for these stories and more in today's issue of Secret CISO. Stay safe, stay informed.

Data Breaches

1. Privacy Breach at Prince County Hospital: An employee at Prince County Hospital was terminated following a privacy breach that affected over 100 patients. The incident underscores the importance of robust data protection measures in healthcare. Source: CBC.ca
2. Investigation of Joseph Krar & Associates Data Breach: Legal firm Levi & Korsinsky, LLP is investigating a data breach at Joseph Krar & Associates. The breach has raised concerns about the security of sensitive personal information. Source: KTLA
3. Zenith American Solutions Data Breach: A data breach at Zenith American Solutions has led to concerns over the security of sensitive personal information. The incident is currently under investigation by Levi & Korsinsky, LLP. Source: KXAN
4. Georgia Hospital Data Breach: Memorial Hospital and Manor in Georgia has alerted 120,000 individuals that their data was breached following a ransomware attack. The incident highlights the growing threat of cyberattacks in the healthcare sector. Source: Infosecurity Magazine
5. PowerSchool Data Breach: A data breach at PowerSchool exposed student and staff records dating back to 2012. The breach, which impacted current students and staff, underscores the importance of robust data protection measures in educational institutions. Source: Discover Airdrie

Security Research

1. Scientists enhance smart home security with AIoT and WiFi: Researchers led by Professor Gwanggil Jeon from the College of Information Technology at Incheon have developed a novel method to enhance smart home security using AIoT and WiFi. The research aims to provide a more secure and efficient smart home environment. Source: ScienceDaily
2. What you see is usually not what you get with browser extensions: Security Researcher Dakshitaa Babu from SquareX highlights the underestimated attack surfaces of modern web security - browser extensions. The research emphasizes the need for more robust security measures for browser extensions. Source: SecurityBrief Australia
3. Over 12,000 KerioControl firewalls exposed to exploited RCE flaw: Security researcher Egidio Romano (EgiX) discovered a flaw in KerioControl firewalls that could potentially lead to dangerous 1-click exploits. The research underscores the need for continuous vulnerability assessments and timely patching. Source: Bleeping Computer
4. 8base ransomware site seized, 4 suspects arrested: A security researcher known as cR0w reported the seizure of the 8base ransomware site and the arrest of four suspects. The research highlights the importance of law enforcement in combating cybercrime. Source: SC Media
5. NSA CYBER SECURITY DESIGNATION, AI RESEARCH COUNCIL, SUMMER: UNC Charlotte was recently redesignated by the U.S. National Security Agency as a National Center of Academic Excellence in Cyber Research. The research underscores the importance of academic institutions in advancing cybersecurity research and education. Source: UNC Charlotte

Top CVEs

1. CVE-2024-12133 Libtasn1: A flaw in libtasn1 leads to inefficient handling of specific certificate data, potentially causing a system crash due to a denial of service attack. An attacker can exploit this by sending a specially crafted certificate. Source: CVE-2024-12133
2. CVE-2024-12243 Gnutls: GnuTLS, which relies on libtasn1 for ASN.1 data processing, is impacted by an inefficient algorithm in libtasn1. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service. Source: CVE-2024-12243
3. CVE-2025-21693 mm: zswap: A vulnerability in the Linux kernel has been resolved, specifically in the zswap_compress() and zswap_decompress() functions. If the original CPU is hotunplugged while the acomp_ctx is still in use, it could lead to a UAF bug as some of the resources attached to the acomp_ctx are freed during hotunplug. Source: CVE-2025-21693
4. CVE-2025-1158 ESAFENET CDG: A critical vulnerability was found in ESAFENET CDG 5.6.3.154.205_20250114. The manipulation of the argument safetyGroupId leads to sql injection. The exploit has been disclosed to the public and may be used. Source: CVE-2025-1158
5. CVE-2024-11831 Npm-serialize-javascript: A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. Source: CVE-2024-11831

API Security

1. CVE-2025-1165 Lumsoft ERP FileUploadApi.ashx DoWebUpload unrestricted upload: A critical vulnerability has been discovered in Lumsoft ERP 8. The flaw lies in the DoUpload/DoWebUpload function of the file /Api/FileUploadApi.ashx, where manipulation of the file argument leads to unrestricted upload. The exploit is public and can be launched remotely. Source: CVE-2025-1165
2. CVE-2024-8550 Local File Inclusion (LFI) in modelscope/agentscope: A Local File Inclusion (LFI) vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This vulnerability allows an attacker to read arbitrary files from the server, including sensitive files such as API keys, by manipulating the filename parameter. The issue arises due to improper sanitization of user input. Source: CVE-2024-8550
3. esbuild enables any website to send any requests to the development server and read the response: esbuild allows any websites to send any request to the development server and read the response due to default CORS settings. This vulnerability can be exploited by an attacker serving a malicious web page, allowing them to fetch sensitive information. Source: GHSA-67MH-4WV8-2F99
4. Possible DoS by memory exhaustion in net-imap: A potential denial of service vulnerability exists in net-imap's response parser, which could lead to memory exhaustion. A malicious server can send highly compressed uid-set data which is automatically read by the client's receiver thread, leading to memory exhaustion. Source: GHSA-7FC5-F82F-CX69
5. CVE-2025-21693 mm: zswap: properly synchronize freeing resources during CPU hotunplug: A vulnerability has been resolved in the Linux kernel, specifically in the zswap_compress() and zswap_decompress() functions. The issue arises when the operation continues on a different CPU while the original CPU is hotunplugged, leading to a UAF bug. Source: CVE-2025-21693

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. We've unpacked some serious data breaches, delved into the world of security experts, and highlighted the importance of staying vigilant in the face of ever-evolving threats. Remember, in the realm of cybersecurity, knowledge is power.

So, don't keep this intel to yourself. Share this newsletter with your friends and colleagues to ensure they're also in the know. Stay safe, stay informed, and keep those digital fortresses secure.

Until next time, this is Secret CISO, signing off.