Hello there, Secret CISO readers! Today's newsletter is packed with some serious cybersecurity news. We're diving into the dark world of cyber criminals and their increasing attacks on schools, with a focus on a recent incident at Virginia Tech. We're also discussing the arrest of a notorious hacker known as GHOSTR, who has been linked to over 90 data breaches worldwide.

In legal news, we're covering the Halifax court's approval of a settlement in a Dell class action over a data breach, and the fallout from data breaches at Indiana Credit Unions and Pension Specialists. We're also looking into the dismissal of a data breach class action after the 'Alter Ego' doctrine fails. On the research front, we're exploring the security questions CPA firms should ask tax automation vendors, and the ongoing investigation into a data breach at Memorial Hospital and Manor.

Finally, we're discussing the steps you can take to protect yourself from data breaches, and sharing insights from an ethical hacking researcher. Stay tuned for all this and more in today's edition of Secret CISO.

Data Breaches

1. Virginia Tech Cyber Attack: Virginia Tech has become the latest target of cyber criminals, highlighting the growing trend of attacks on educational institutions. The attackers are primarily interested in selling stolen data, which can include sensitive personal and financial information. Source: WDBJ
2. GHOSTR Hacker Arrested: A hacker known as GHOSTR, linked to over 90 data breaches, has been arrested in a joint operation by law enforcement in Thailand, Singapore, and Group-IB. The arrest marks a significant victory in the ongoing battle against cybercrime. Source: Hackread
3. Dell Data Breach Settlement: A Halifax court has approved a $2.1-million settlement in a class action lawsuit against Dell over a 2017 data breach. The breach resulted in fraudulent credit card or banking charges and required tech remediation services for recovery. Source: Moosejaw Today
4. Pension Specialists Data Breach: Pension Specialists are facing six class actions over a data breach. The company is accused of failing to implement adequate data security measures and provide timely notice of the breach, which was disclosed a year after the incident. Source: Bloomberg Law News
5. Indiana Credit Unions Data Breach: Data breaches have struck Indiana Credit Unions, affecting 1,847 persons. The $1.8 billion Interra Credit Union in Goshen reported the breach, highlighting the vulnerability of financial institutions to cyber attacks. Source: CU Times

Security Research

1. Security Breach: Observations of an Ethical Hacking Researcher: This research discusses the latest trends in state-sponsored hacks, software vulnerabilities, and social engineering tactics. It provides insights into the current cybersecurity landscape and the tactics used by hackers. Source: Manufacturing.net
2. Preventing an Arms Race in Space: New Challenges, New Solutions?: This research by Almudena Azcárate Ortega, a Space Security Researcher at the United Nations Institute, discusses the challenges and potential solutions to prevent an arms race in space. Source: King's College London
3. Researcher proposes efficient financial software development in cloud environment: Shin Dae-min, a senior researcher at the Financial Security Institute, has proposed efficient methods for developing financial software in a cloud environment. Source: Korea Times
4. Zero Days Are Not Just Fiction – PSW #863: This research discusses the reality of zero-day vulnerabilities, focusing on issues related to Apple, the UK, and data protection. It also highlights the risks associated with default passwords and the banning of Kaspersky in Australia. Source: SC Media
5. How Test Time Compute Can Help Scale AI: This research suggests that test time compute, which dynamically allocates extra computational resources, could be a solution to the current plateau in scaling AI models. Source: BankInfoSecurity

Top CVEs

1. CVE-2025-1450 - Stored Cross-Site Scripting in WordPress Plugin: The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button, WhatsApp – Chaty plugin for WordPress is vulnerable to Stored Cross-Site Scripting. This vulnerability allows authenticated attackers to inject arbitrary web scripts in pages. Source: CVE-2025-1450
2. CVE-2025-27154 - Spotipy Python Library Vulnerability: Spotipy, a lightweight Python library for the Spotify Web API, has a vulnerability in its CacheHandler class that exposes the Spotify auth token. This vulnerability can be exploited by an attacker to perform administrative actions on the Spotify account. Source: CVE-2025-27154
3. CVE-2025-1717 - Authentication Bypass in WordPress Plugin: The Login Me Now plugin for WordPress is vulnerable to authentication bypass. This vulnerability allows unauthenticated attackers to log in as an existing user on the site, potentially even an administrator. Source: CVE-2025-1717
4. CVE-2024-13217 - Sensitive Information Exposure in WordPress Plugin: The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure. This vulnerability allows authenticated attackers to extract sensitive private, pending, scheduled, and draft template. Source: CVE-2024-13217
5. CVE-2025-1751 - SQL Injection in Ciges: A SQL Injection vulnerability has been found in Ciges 2.15.5 from ATISoluciones. This vulnerability allows an attacker to retrieve, create, update and delete database via $idServicio parameter in /modules/ajaxBloqueaCita.php. Source: CVE-2025-1751

API Security

1. CVE-2025-0801 - RateMyAgent Official plugin for WordPress vulnerability: This plugin is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.0 due to missing or incorrect nonce validation. This allows unauthenticated attackers to update the plugin's API key via a forged request. Source: CVE-2025-0801
2. CVE-2024-13796 - Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress vulnerability: This plugin is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.6 via the /wp-json/post-grid/v2/get_users REST API. This allows unauthenticated attackers to extract sensitive data. Source: CVE-2024-13796
3. Spotipy's cache file vulnerability: Spotipy's CacheHandler class creates a cache file to store the auth token with overly broad permissions. This leads to overly broad exposure of the Spotify auth token, which can be used to perform administrative actions on the Spotify account. Source: Spotipy's cache file vulnerability
4. CVE-2025-25728 - Bosscomm IF740 Firmware vulnerability: Bosscomm IF740 Firmware versions:11001.7078 & v11001.0000 and System versions: 6.25 & 6.00 send communications to the update API in plaintext, allowing attackers to access sensitive information via a man-in-the-middle attack. Source: CVE-2025-25728
5. CVE-2024-55160 - GFast SQL injection vulnerability: GFast between v2 to v3.2 was discovered to contain a SQL injection vulnerability via the OrderBy parameter. Source: CVE-2024-55160

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, we're reminded of the importance of vigilance in the face of ever-evolving cyber threats. From schools being targeted for their valuable data to the arrest of a hacker linked to over 90 data breaches, it's clear that no sector is immune. We've also seen how legal repercussions are catching up with companies that fail to adequately protect their data, with numerous class action lawsuits resulting from breaches. In the world of finance, the need for stringent security measures when choosing automation vendors is highlighted, while the healthcare sector grapples with data breaches and their subsequent investigations. It's a stark reminder that in our interconnected world, data security is everyone's responsibility.

As always, we encourage you to share this newsletter with your friends and colleagues. Stay safe, stay informed, and see you in the next edition of Secret CISO.