Secret CISO 2/14: St. Andrew's Senior System & PPL Electric hit by data breaches, Russian ransomware group claims responsibility, 2.7 billion records leaked in Mars Hydro breach, CAPTCHA trick bypasses security scanners

Secret CISO 2/14: St. Andrew's Senior System & PPL Electric hit by data breaches, Russian ransomware group claims responsibility, 2.7 billion records leaked in Mars Hydro breach, CAPTCHA trick bypasses security scanners

Hello there, Secret CISO readers! Today's newsletter is packed with the latest updates on data breaches and security research that you need to know.

Firstly, we delve into the ongoing investigation into the data breach at St. Andrew's Resources for Seniors System. The breach has raised serious concerns about the long-term damage that such incidents can cause. Next, we turn our attention to the PPL data breach, where a Russian ransomware group has claimed responsibility. This incident highlights the growing threat of cyberattacks on our power infrastructure. In other news, the PCSO and DICT are probing a report on an alleged data breach involving lotto winners' information. This case underscores the importance of robust IT security frameworks in protecting sensitive data.

We also cover a massive online data breach that has resulted in 2.7 billion records being leaked. The incident serves as a stark reminder of the vulnerabilities of our digital systems. In the realm of security research, we discuss how hackers are using CAPTCHA tricks on Webflow CDN PDFs to bypass security scanners. This innovative technique shows how cybercriminals are constantly evolving their methods to outsmart security systems.

Finally, we touch on a proposed law in Nebraska that could broaden firms' liability protection in data breaches. This development could have significant implications for companies and their cybersecurity strategies. Stay tuned for more updates and insights in tomorrow's edition of Secret CISO. Stay safe and secure!

Data Breaches

  1. St. Andrew's Resources for Seniors System Data Breach: St. Andrew's Resources for Seniors System is currently under investigation for a data breach. The breach could potentially cause long-term damage to affected individuals. Source: mypanhandle.com
  2. Russian Ransomware Group Claims Responsibility for PPL Data Breach: PPL Electric, based in Allentown, has been impacted by a data breach. A Russian ransomware group has claimed responsibility for the breach. Source: nbcphiladelphia.com
  3. Lotto Winners' Info Hacked: The Philippine Charity Sweepstakes Office (PCSO) and the Department of Information and Communications Technology (DICT) are investigating a report on an alleged data breach involving lotto winners' information. Source: gmanetwork.com
  4. Massive Online Data Breach: An IoT firm has suffered a major data breach, with a leak exposing a Mars Hydro database containing almost 2.7 billion records. Source: techradar.com
  5. Data Breach Hits PPL Electric Customers: PPL Electric customers were hit by a data breach in 2023. The exposed data did not include any basic information like customer banking or credit card details, social security numbers, or account details. Source: nbcphiladelphia.com

Security Research

  1. PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks: Security researcher Stephen Fewer discovered a high-severity SQL injection vulnerability in PostgreSQL, which is being exploited in targeted attacks. The discovery was made as part of the cybersecurity company's ongoing research. Source: The Hacker News
  2. Protecting Small Pacific Islands from Cyber Threats: Elena Steiner, a social science researcher at Arizona State University's Global Security Initiative, discusses the importance of cybersecurity for small Pacific islands. She emphasizes the need for a comprehensive approach that considers both physical and digital security. Source: National Defense Magazine
  3. The Business Case for Human-Centric Security Research: This article highlights the importance of human-centric security research in an industry saturated with technological advances. It argues that focusing on the human element can lead to more effective security solutions. Source: SecurityBrief New Zealand
  4. Security Analysis of Cheap Smartwatches: Developer and security researcher xssfox conducted a security analysis of cheap smartwatches and found that they are prone to data breaches. The researcher advises against using these devices due to their security vulnerabilities. Source: Hackster.io
  5. Can Malware be Hidden in Emojis?: Security researcher Paul Butler discovered a method to hide data within an emoji. By encoding invisible messages in Unicode emojis, Butler demonstrated a potential new vector for malware distribution. Source: Government Technology

Top CVEs

  1. CVE-2025-1127: An attacker can exploit this vulnerability to execute arbitrary code as an unprivileged user or modify any data on the system. Source: https://vulners.com/cve/CVE-2025-1127
  2. CVE-2024-55904: IBM DevOps Deploy and UrbanCode Deploy are vulnerable to remote privileged authenticated attackers who can execute arbitrary commands on the system by sending specially crafted input. Source: https://vulners.com/cve/CVE-2024-55904
  3. CVE-2025-24888: The SecureDrop Client is vulnerable to a malicious SecureDrop Server that could obtain code execution on the SecureDrop Client virtual machine. The vulnerability lies in the code responsible for downloading replies. Source: https://vulners.com/cve/CVE-2025-24888
  4. CVE-2024-13867: The Listivo - Classified Ads WordPress Theme is vulnerable to Reflected Cross-Site Scripting via the 's' parameter due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts. Source: https://vulners.com/cve/CVE-2024-13867
  5. CVE-2025-26511: Systems running the Instaclustr fork of Stratio's Cassandra-Lucene-Index plugin are susceptible to a vulnerability that allows authenticated Cassandra users to remotely bypass RBAC and escalate their privileges. Source: https://vulners.com/cve/CVE-2025-26511

API Security

  1. CVE-2025-24904 - libsignal-service-rs: This Rust version of the libsignal-service-java library, used for communication with Signal servers, had a vulnerability that allowed plaintext content envelopes to be injected by a server or malicious client, potentially bypassing end-to-end encryption and authentication. The issue has been fixed and the Metadata struct now contains an additional was_encrypted field, which breaks the API but should be easily resolvable. Source: CVE-2025-24904
  2. CVE-2025-24903 - libsignal-service-rs: Similar to the above, this library had a vulnerability where any contact could forge a sync message, impersonating another device of the local user as the origin of sync messages was not checked. The issue has been patched and the Metadata struct now contains an additional was_encrypted field, breaking the API but easily resolvable. Source: CVE-2025-24903

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. We've delved into the latest data breaches, ransomware attacks, and the ongoing investigations into these cyber incidents. It's clear that the digital landscape is a battlefield, and we must stay vigilant to protect our data and systems. Remember, knowledge is power. By staying informed about these threats, we can better prepare and protect ourselves and our organizations. So, don't keep this valuable information to yourself.

Share this newsletter with your colleagues and friends, and let's strengthen our defenses together.

Stay safe, stay informed, and keep an eye out for tomorrow's edition of Secret CISO. Until then, keep your data secure and your systems protected.

Read more

Secret CISO 4/2: Lucid PhaaS Targets 88 Countries, Data Breaches at AOD Federal Credit Union and Lee University, Oracle Denies Massive Breach, Twitter Faces Historic Data Leak, Researchers Warn of North Korea's Cyber Tactics

Secret CISO 4/2: Lucid PhaaS Targets 88 Countries, Data Breaches at AOD Federal Credit Union and Lee University, Oracle Denies Massive Breach, Twitter Faces Historic Data Leak, Researchers Warn of North Korea's Cyber Tactics

Hello there, In today's issue of Secret CISO, we're diving into the world of data breaches and cyber security incidents that have been making headlines. First off, we're looking at the Lucid PhaaS that has hit 169 targets in 88 countries using iMessage and

By Secret CISO
Secret CISO 4/1: Oracle's Patient Data Breach, APIsec's Security Lapse, Cherokee School District and PowerSchool Data Breaches, Hi-School Pharmacy's Settlement, Security Research on WordPress and Oracle Cloud

Secret CISO 4/1: Oracle's Patient Data Breach, APIsec's Security Lapse, Cherokee School District and PowerSchool Data Breaches, Hi-School Pharmacy's Settlement, Security Research on WordPress and Oracle Cloud

Welcome to today's issue of Secret CISO, your daily dose of the most impactful cybersecurity news. Today, we're diving into a series of data breaches and security lapses that have left companies and institutions scrambling to secure their systems. First on our list is API testing

By Secret CISO
Secret CISO 3/31: Signal Chat Leak Exposes US Military Info, Nine Entertainment and Sam's Club Face Data Breaches, 23andMe Bankruptcy Leaves Genetic Data in Limbo, Oracle Health Warns of Info Leak

Secret CISO 3/31: Signal Chat Leak Exposes US Military Info, Nine Entertainment and Sam's Club Face Data Breaches, 23andMe Bankruptcy Leaves Genetic Data in Limbo, Oracle Health Warns of Info Leak

Welcome to today's issue of Secret CISO, your daily dose of the most impactful cybersecurity news. Today, we're diving into the recent Signal chat leak that exposed sensitive US military information. A RUSI expert weighs in on the implications of this breach and raises questions about

By Secret CISO