Secret CISO 2/14: St. Andrew's Senior System & PPL Electric hit by data breaches, Russian ransomware group claims responsibility, 2.7 billion records leaked in Mars Hydro breach, CAPTCHA trick bypasses security scanners

Hello there, Secret CISO readers! Today's newsletter is packed with the latest updates on data breaches and security research that you need to know.
Firstly, we delve into the ongoing investigation into the data breach at St. Andrew's Resources for Seniors System. The breach has raised serious concerns about the long-term damage that such incidents can cause. Next, we turn our attention to the PPL data breach, where a Russian ransomware group has claimed responsibility. This incident highlights the growing threat of cyberattacks on our power infrastructure. In other news, the PCSO and DICT are probing a report on an alleged data breach involving lotto winners' information. This case underscores the importance of robust IT security frameworks in protecting sensitive data.
We also cover a massive online data breach that has resulted in 2.7 billion records being leaked. The incident serves as a stark reminder of the vulnerabilities of our digital systems. In the realm of security research, we discuss how hackers are using CAPTCHA tricks on Webflow CDN PDFs to bypass security scanners. This innovative technique shows how cybercriminals are constantly evolving their methods to outsmart security systems.
Finally, we touch on a proposed law in Nebraska that could broaden firms' liability protection in data breaches. This development could have significant implications for companies and their cybersecurity strategies. Stay tuned for more updates and insights in tomorrow's edition of Secret CISO. Stay safe and secure!
Data Breaches
- St. Andrew's Resources for Seniors System Data Breach: St. Andrew's Resources for Seniors System is currently under investigation for a data breach. The breach could potentially cause long-term damage to affected individuals. Source: mypanhandle.com
- Russian Ransomware Group Claims Responsibility for PPL Data Breach: PPL Electric, based in Allentown, has been impacted by a data breach. A Russian ransomware group has claimed responsibility for the breach. Source: nbcphiladelphia.com
- Lotto Winners' Info Hacked: The Philippine Charity Sweepstakes Office (PCSO) and the Department of Information and Communications Technology (DICT) are investigating a report on an alleged data breach involving lotto winners' information. Source: gmanetwork.com
- Massive Online Data Breach: An IoT firm has suffered a major data breach, with a leak exposing a Mars Hydro database containing almost 2.7 billion records. Source: techradar.com
- Data Breach Hits PPL Electric Customers: PPL Electric customers were hit by a data breach in 2023. The exposed data did not include any basic information like customer banking or credit card details, social security numbers, or account details. Source: nbcphiladelphia.com
Security Research
- PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks: Security researcher Stephen Fewer discovered a high-severity SQL injection vulnerability in PostgreSQL, which is being exploited in targeted attacks. The discovery was made as part of the cybersecurity company's ongoing research. Source: The Hacker News
- Protecting Small Pacific Islands from Cyber Threats: Elena Steiner, a social science researcher at Arizona State University's Global Security Initiative, discusses the importance of cybersecurity for small Pacific islands. She emphasizes the need for a comprehensive approach that considers both physical and digital security. Source: National Defense Magazine
- The Business Case for Human-Centric Security Research: This article highlights the importance of human-centric security research in an industry saturated with technological advances. It argues that focusing on the human element can lead to more effective security solutions. Source: SecurityBrief New Zealand
- Security Analysis of Cheap Smartwatches: Developer and security researcher xssfox conducted a security analysis of cheap smartwatches and found that they are prone to data breaches. The researcher advises against using these devices due to their security vulnerabilities. Source: Hackster.io
- Can Malware be Hidden in Emojis?: Security researcher Paul Butler discovered a method to hide data within an emoji. By encoding invisible messages in Unicode emojis, Butler demonstrated a potential new vector for malware distribution. Source: Government Technology
Top CVEs
- CVE-2025-1127: An attacker can exploit this vulnerability to execute arbitrary code as an unprivileged user or modify any data on the system. Source: https://vulners.com/cve/CVE-2025-1127
- CVE-2024-55904: IBM DevOps Deploy and UrbanCode Deploy are vulnerable to remote privileged authenticated attackers who can execute arbitrary commands on the system by sending specially crafted input. Source: https://vulners.com/cve/CVE-2024-55904
- CVE-2025-24888: The SecureDrop Client is vulnerable to a malicious SecureDrop Server that could obtain code execution on the SecureDrop Client virtual machine. The vulnerability lies in the code responsible for downloading replies. Source: https://vulners.com/cve/CVE-2025-24888
- CVE-2024-13867: The Listivo - Classified Ads WordPress Theme is vulnerable to Reflected Cross-Site Scripting via the 's' parameter due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts. Source: https://vulners.com/cve/CVE-2024-13867
- CVE-2025-26511: Systems running the Instaclustr fork of Stratio's Cassandra-Lucene-Index plugin are susceptible to a vulnerability that allows authenticated Cassandra users to remotely bypass RBAC and escalate their privileges. Source: https://vulners.com/cve/CVE-2025-26511
API Security
- CVE-2025-24904 - libsignal-service-rs: This Rust version of the libsignal-service-java library, used for communication with Signal servers, had a vulnerability that allowed plaintext content envelopes to be injected by a server or malicious client, potentially bypassing end-to-end encryption and authentication. The issue has been fixed and the Metadata struct now contains an additional was_encrypted field, which breaks the API but should be easily resolvable. Source: CVE-2025-24904
- CVE-2025-24903 - libsignal-service-rs: Similar to the above, this library had a vulnerability where any contact could forge a sync message, impersonating another device of the local user as the origin of sync messages was not checked. The issue has been patched and the Metadata struct now contains an additional was_encrypted field, breaking the API but easily resolvable. Source: CVE-2025-24903
Sponsored by Wallarm API Security Solution
Final Words
And that's a wrap for today's edition of Secret CISO. We've delved into the latest data breaches, ransomware attacks, and the ongoing investigations into these cyber incidents. It's clear that the digital landscape is a battlefield, and we must stay vigilant to protect our data and systems. Remember, knowledge is power. By staying informed about these threats, we can better prepare and protect ourselves and our organizations. So, don't keep this valuable information to yourself.
Share this newsletter with your colleagues and friends, and let's strengthen our defenses together.
Stay safe, stay informed, and keep an eye out for tomorrow's edition of Secret CISO. Until then, keep your data secure and your systems protected.