Good Morning! Welcome to today's issue of Secret CISO. We have a lot to cover today, starting with a major data breach at Rainbow Board, affecting their network since February 7. AI aggregator OmniGPT also suffered a security breach, exposing sensitive data of 30,000 individuals.

In the education sector, the University of Massachusetts Amherst and Ottawa Family Physicians have both filed notices of data breaches. Over a million clinical records were exposed in another data breach, and a lawsuit against a Georgia logistics company over a data breach has been narrowed. In the shipping industry, a massive data leak exposed over 14 million shipping records. Meanwhile, 2024 data reveals a tough year for healthcare, with the industry topping data breach incidents, surpassing finance.

In regulatory news, the Office for Nuclear Regulation has approved Sellafield's physical security but raised concerns about cyber security. Warby Parker has been hit with a $1.5M penalty for violating HIPAA, and UnitedHealthcare faces a settlement following a record-breaking data breach. In the non-profit sector, Funraise has achieved PCI Level 1 Compliance to support security against data breaches and fraud. Meanwhile, California's privacy regulator seeks to fine a Florida data broker following a huge breach of Social Security numbers.

In research news, security researchers have released tools to detect and block malicious code, and a new report reveals that mobile phishing threats are evolving. Stay tuned for more updates and stay safe!

Data Breaches

1. Rainbow Board Confirms Extensive Data Breach: Rainbow Board confirmed a significant cyber incident that affected its network on Feb. 7. The board has been working with cybersecurity experts to mitigate the impact. Source: BayToday.ca
2. AI Aggregator OmniGPT Suffers a Security Breach: A security breach affecting the AI aggregator platform OmniGPT has leaked sensitive information of 30,000 individuals, including API keys. Source: CPO Magazine
3. University of Massachusetts Amherst Files Notice of Data Breach: On February 7, 2025, the University of Massachusetts Amherst filed a notice of data breach with the Attorney General, indicating a significant security incident. Source: JD Supra
4. Ottawa Family Physicians Notifies Patients of Data Breach: Ottawa Family Physicians filed a notice of data breach with the U.S. Department of Health and Human Services Office on February 13, 2025, alerting patients to a potential compromise of their data. Source: JD Supra
5. Over a Million Clinical Records Exposed in Data Breach: A dataset belonging to a clinical research firm was discovered publicly exposed online without encryption or password protection, leading to the exposure of over a million clinical records. Source: TechRadar

Security Research

1. IFSH Brief Analysis: What Trump's Ukraine Deal Means for Germany: This research delves into the motivations behind Russian security policy, suggesting that a genuine balance of interests could limit Russia's territorial ambitions. Source: IFSH
2. Apiiro unveils free scanner to detect malicious code merges: Security researchers at Apiiro have developed two open-source tools designed to detect and block malicious code before they are added to repositories. Source: Bleeping Computer
3. Black Basta ransomware gang's internal chat logs leak online: The identity of ExploitWhispers, who gained access to the Black Basta ransomware gang's internal chat server, remains unclear. The incident highlights the importance of robust internal security measures. Source: Bleeping Computer
4. Breach Roundup: FBI Publishes Ghost Warning: Security researchers have identified a new threat actor, Ghost, using Mimikatz and exploiting exposed APIs. The vulnerability underscores the need for robust API security. Source: BankInfoSecurity
5. Stalkerware apps Cocospy and Spyic are exposing phone data of millions of people: Security researchers Vangelis Stykas and Felipe Solferini have found that stalkerware apps Cocospy and Spyic are exposing the phone data of millions of users, highlighting the risks of such apps. Source: TechCrunch

Top CVEs

1. CVE-2024-55457 - MasterSAM Star Gate 11 Directory Traversal Vulnerability: MasterSAM Star Gate 11 is susceptible to directory traversal via /adama/adama/downloadService. Attackers can exploit this vulnerability to access arbitrary files on the server, potentially exposing sensitive data. Source: CVE-2024-55457
2. CVE-2025-1039 - Lenix Elementor Leads Addon Plugin for WordPress Stored XSS: The Lenix Elementor Leads addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages that execute whenever a user accesses an injected page. Source: CVE-2025-1039
3. CVE-2025-21105 - Dell RecoverPoint for Virtual Machines Command Execution Vulnerability: Dell RecoverPoint for Virtual Machines 6.0.X contains a command execution vulnerability. A low privileged malicious user with local access could exploit this vulnerability to perform any administrative action, potentially shutting down the server or modifying the configuration to gain unauthorized access. Source: CVE-2025-21105
4. CVE-2025-1483 - LTL Freight Quotes – GlobalTranz Edition Plugin for WordPress Unauthorized Data Modification: The LTL Freight Quotes – GlobalTranz Edition plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check. This allows unauthenticated attackers to update the drop shipping details. Source: CVE-2025-1483
5. CVE-2025-25958 - Cross Site Scripting Vulnerabilities in phpcmsv9 v.9.6.3: Cross Site Scripting vulnerabilities in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via a crafted script. Source: CVE-2025-25958

API Security

1. CVE-2025-27097 - GraphQL Mesh Vulnerability: GraphQL Mesh, a GraphQL Federation framework, has a flaw that causes it to use initial variables in all subsequent requests, even if the client sends different variables. This could potentially lead to a short memory leak and misuse of tokens. Users are advised to update their systems until the cache evicts DocumentNode by LRU. Source: CVE-2025-27097
2. CVE-2025-27098 - GraphQL Mesh Static File Handler Vulnerability: GraphQL Mesh has another vulnerability in its static file handler, which allows any client to access the server's file system. Users can fix this vulnerability by updating @graphql-mesh/cli to a version higher than 0.82.21 and @graphql-mesh/http to a version higher than 0.3.18, or by removing the staticFiles option from the configuration. Source: CVE-2025-27098
3. CVE-2025-0352 - Rapid Response Monitoring My Security Account App Vulnerability: The API of Rapid Response Monitoring My Security Account App could be exploited by an attacker to modify request data, potentially causing the API to return information about other users. Source: CVE-2025-0352
4. DocsGPT Allows Remote Code Execution: A vulnerability in DocsGPT could result in Remote Code Execution (RCE). Due to improper parsing of JSON data using eval(), an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint. Source: DocsGPT RCE
5. CVE-2025-0868 - DocsGPT Remote Code Execution Vulnerability: DocsGPT has another vulnerability that could result in Remote Code Execution (RCE). Due to improper parsing of JSON data using eval(), an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint. Source: CVE-2025-0868

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the cyber landscape continues to evolve at a rapid pace. From the Rainbow board's extensive data breach to the security breach at AI aggregator OmniGPT, it's evident that no sector is immune to cyber threats. In the healthcare industry, we've seen data breaches at the University of Massachusetts Amherst and Ottawa Family Physicians, emphasizing the need for robust security measures in this sector. The massive data leak exposing over 14 million shipping records further underscores the importance of online security. In the world of academia, we've seen security researchers making strides in detecting malicious code merges and investigating potential cyber breaches. Their work is crucial in enhancing our understanding of cyber threats and developing effective countermeasures.

Remember, staying informed is the first step towards safeguarding your digital assets. Share this newsletter with your friends and colleagues to keep them in the loop.

Stay safe, stay secure, and see you in the next edition of Secret CISO.