Welcome to today's issue of Secret CISO, where we delve into the latest happenings in the world of data security. First up, we have news about a $4400 settlement for the Green Valley data breach. If you were affected, you might be eligible for a payout. In other news, Joseph Krar & Associates have launched an investigation into a data breach with the help of third-party cybersecurity experts.

We also cover the "largest data breach in US history" as three more lawsuits attempt to halt DOGE. Meanwhile, a proposed bill in Rhode Island could expand notification obligations after a data breach. In legal news, a reinsurer argues that a data breach reimbursement action should proceed, while a Georgia hospital faces a class action over a 2024 data breach. We also discuss how data breaches can cause long-term damage, as evidenced by the recent breach at PPL Electric. In a massive leak, 1.17TB of data exposes billions of IoT grow light records, highlighting the importance of robust data security measures. Finally, we explore how AI can be both a friend and foe of healthcare security, and we share insights from a recent report on the 5 S's of cyber resilience.

Stay tuned for more updates and remember, knowledge is the key to staying one step ahead in the ever-evolving world of data security.

Data Breaches

1. Green Valley Data Breach Settlement: Green Valley Pecan Company suffered a data breach in May 2022, compromising personal information. Affected individuals may be eligible for a $4400 settlement. Source: upexciseportal.in
2. Joseph Krar & Associates Data Breach Investigation: Joseph Krar & Associates experienced a data breach, prompting an investigation with the help of third-party cybersecurity experts. Source: khon2.com
3. Largest Data Breach in US History: The EPIC lawsuit alleges that basic security failures led to the largest data breach in US history, resulting in the unlawful disclosure of personal data. Source: arstechnica.com
4. R.I. House Bill Expands Notification Obligations: A new bill in Rhode Island would expand notification obligations after a data breach. Currently, breaches affecting 500 or more people require notification to the Rhode Island Attorney General. Source: rhodeislandcurrent.com
5. Massive 1.17TB Data Leak: A massive 1.17 TB data leak exposed billions of records from a Chinese IoT grow light company, including Wi-Fi passwords, IP addresses, and device IDs. Source: hackread.com

Security Research

1. The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation: Microsoft Security has raised awareness about the BadPilot campaign, a multiyear global access operation conducted by the Seashell Blizzard subgroup. The campaign's activities are being closely monitored to ensure the safety of Microsoft Security Copilot customers. Source: Microsoft
2. Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries: Microsoft has uncovered a series of global cyberattacks conducted by the Sandworm subgroup, affecting over 15 countries. The attacks exploit the heavy reliance of these countries, particularly Ukraine, on cracked software. Source: The Hacker News
3. Leon Böttger's Experimental Firmware Turns Any Espressif ESP32 Into a Google Find My Device Tag: Security researcher Leon Böttger has developed a firmware that allows any Espressif ESP32 microcontroller to function as a device on the Google Find My Device network. This innovation could potentially revolutionize device tracking and security. Source: Hackster.io
4. DeepSeek Jailbreaks and Power as Geopolitical Gaming: Researchers have managed to manipulate the R1 content production system to produce harmful content, raising serious concerns about its security measures. This discovery highlights the potential risks associated with the use of such systems. Source: Flying Penguin
5. YouTube Bug Could've Exposed Emails Of 2.7 Billion Users: Security researchers have uncovered a bug in YouTube that could have exposed the emails of 2.7 billion users. The discovery of this vulnerability underscores the need for improved security measures in Google products. Source: Forbes

Top CVEs

1. CVE-2022-31631: PHP versions 8.0. before 8.0.27, 8.1. before 8.1.15, 8.2.* before 8.2.2 have a vulnerability when using PDO::quote() function for SQLite. An overly long string may cause the driver to incorrectly quote the data, leading to SQL injection. Source: CVE-2022-31631
2. CVE-2025-1146: CrowdStrike identified a validation logic error in the Falcon sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor. This could allow an attacker to potentially conduct a man-in-the-middle (MiTM) attack. Source: CVE-2025-1146
3. CVE-2024-7102: An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.0. This allows an attacker to trigger a pipeline as another user under certain conditions. Source: CVE-2024-7102
4. CVE-2024-10322: The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. Source: CVE-2024-10322
5. CVE-2025-0506: The Rise Blocks – A Complete Gutenberg Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the titleTag parameter in all versions up to, and including, 3.6 due to insufficient input sanitization and output escaping. Source: CVE-2025-0506

API Security

1. CVE-2024-13227 - Rank Math SEO Plugin for WordPress: The Rank Math SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Rank Math API. This vulnerability allows authenticated attackers to inject arbitrary web scripts in pages, affecting all versions up to 1.0.235. Source: CVE-2024-13227.
2. CVE-2025-25205 - Audiobookshelf: Audiobookshelf, a self-hosted audiobook and podcast server, has a flaw in its authentication bypass logic. This flaw allows unauthenticated requests to match certain unanchored regex patterns in the URL, leading to potential information disclosure and server crashes. The flaw affects versions 2.17.0 to 2.19.1. Source: CVE-2025-25205.
3. CVE-2025-25199 - go-crypto-winnative: The go-crypto-winnative Go crypto backend for Windows has a memory leak issue due to calls to cng.TLS1PRF not releasing the key handle. The issue has been fixed in versions 1.23.6-2 and 1.22.12-2 of the Microsoft build of go. Source: CVE-2025-25199.
4. How GitHub uses CodeQL to secure GitHub: GitHub's Product Security Engineering team uses GitHub Advanced Security (GHAS) and CodeQL to discover, track, and remediate vulnerabilities. CodeQL is a static analysis engine that allows code querying similar to database querying, providing a robust way to analyze code and uncover problems. Source: GitHub.
5. CVE-2025-26357 - Q-Free MaxTime: Q-Free MaxTime, a traffic management software, has a Path Traversal vulnerability that allows an authenticated remote attacker to read sensitive files. The vulnerability affects versions up to 2.11.0. Source: CVE-2025-26357.

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. We've covered a lot of ground, from the $4400 settlement for Green Valley's data breach to the largest data breach in US history. We've also touched on the latest investigations, lawsuits, and legislative actions related to data breaches.

Remember, in the world of cybersecurity, knowledge is power. Stay informed, stay vigilant, and most importantly, stay secure. If you found this newsletter helpful, please consider sharing it with your friends and colleagues.

Let's work together to create a safer digital world. Until next time, stay safe and secure.