Good morning, Secret CISO readers. Today's newsletter is packed with crucial updates on the cybersecurity landscape. We start with a shocking revelation: Elon Musk's DOGE system has been implicated in what Connecticut's attorney general is calling the "largest data breach in American history." This breach has given DOGE access to swathes of private information held by the U.S. federal government. But that's not all. A massive healthcare data breach has exposed over 1 million Americans' sensitive information, including, in some cases, Social Security numbers.

The PowerSchool data breach has also impacted more than four million people in North Carolina, prompting experts to urge parents to monitor their children's data. The Office of the Information Commissioner has expressed concern over the increasing number of data breaches, and accounts compromised in data breaches have spiked, primarily due to a breach involving more than three billion email addresses from older breaches. In other news, Hewlett Packard Enterprise is notifying individuals whose company email accounts may have been breached as a result of a 2023 cyber attack.

On the research front, the security and resilience of AI technologies is an area of active research, with challenges and potential solutions changing rapidly. Security researchers have also raised concerns about DeepSeek, a tool that falls short in ensuring public safety, security, and privacy. Stay tuned for more updates and remember, knowledge is the first line of defense. Stay safe, stay informed.

Data Breaches

1. Musk, DOGE systems access 'largest data breach in American history': AG Tong: Elon Musk's DOGE has been implicated in what Connecticut's attorney general calls the largest data breach in American history, with vast amounts of Americans' private information being accessed. Source: NBC Connecticut
2. Huge healthcare data breach exposes over 1 million Americans' sensitive information: Over a million Americans' sensitive information, including in some cases Social Security numbers, have been exposed in a massive healthcare data breach. The organization has not disclosed how the hackers gained access to the data. Source: CyberGuy
3. PowerSchool data breach impacts over four million people: More than four million people in North Carolina have been impacted by a data breach at PowerSchool. Parents are being urged to monitor their children's data closely. Source: YouTube
4. OneBlood, Inc. Data Breach Alert: OneBlood is notifying affected individuals that their personal information, including names and Social Security numbers, may have been stolen in a data breach. Source: News-Journal
5. Grubhub data breach exposes personal data of diners: Grubhub recently suffered a data breach, exposing the personal data of diners, including college students in the delivery service's Campus Dining program. Source: CNET

Security Research

1. AI Research - Security and Resilience | NIST: The security and resilience of AI technologies is a rapidly evolving field. Challenges and potential solutions are changing quickly, making it a crucial area for ongoing research. Source: NIST
2. Resolving a Mutual TLS session resumption vulnerability - The Cloudflare Blog: A security researcher responsibly disclosed a vulnerability in mutual TLS session resumption via Cloudflare's HackerOne Bug Bounty Program. This allowed the company to identify and resolve the issue swiftly. Source: Cloudflare Blog
3. Novel crypto-targeting SparkCat malware campaign examined - SC Media: Security researchers have discovered a new malware campaign targeting cryptocurrencies. Named SparkCat, the malware has been examined following separate reports from security researcher Patrick Wardle and the Palo Alto Networks Unit 42 threat. Source: SC Media
4. Windows, Mac And Linux Users Given New LinkedIn Security Warning - Forbes: Security researchers have issued a new warning to LinkedIn users across Windows, Mac, and Linux platforms. The Lazarus group made a significant error by targeting a Bitdefender security researcher, leading to the discovery of their activities. Source: Forbes
5. Deepseek-impersonating malware is stealing data, research finds | Security Magazine: Security leaders have identified a new threat where malicious actors have injected malware that impersonates DeepSeek. The malware is stealing data, according to a report by Positive Technologies. Source: Security Magazine

Top CVEs

1. CVE-2025-23085: A memory leak vulnerability has been identified in HTTP/2 Server users on Node.js v18.x, v20.x, v22.x. The flaw could lead to increased memory consumption and potential denial of service under certain conditions. The issue arises when a remote peer abruptly closes the socket without sending a GOAWAY notification or if an invalid header is detected by nghttp2. Source: CVE-2025-23085
2. CVE-2025-1077: A security vulnerability has been identified in the IBL Software Engineering Visual Weather and derived products. The vulnerability could lead to a full system compromise of the affected server, particularly if Visual Weather services are run under a privileged user account. The flaw is present in the Product Delivery Service (PDS) component in specific server configurations. Source: CVE-2025-1077
3. CVE-2025-22880: Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. Source: CVE-2025-22880
4. CVE-2024-13841: The Builder Shortcode Extras – WordPress Shortcodes Collection to Save You Time plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private and draft posts created with Elementor that they should not have access to. Source: CVE-2024-13841
5. CVE-2024-10383: An issue has been discovered in the gitlab-web-ide-vscode-fork component affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343 and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3. A XSS attack was possible when loading .ipynb files in the web IDE. Source: CVE-2024-10383

API Security

1. CVE-2025-25103 - CSRF Vulnerability in Indeed API: A Cross-Site Request Forgery (CSRF) vulnerability has been discovered in the Indeed API. This security flaw allows for potential Cross-Site Request Forgery attacks, posing a significant risk to user data and system integrity. The vulnerability affects all versions of the Indeed API. Users are advised to update their systems as soon as possible. Source: Vulners.

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. From the largest data breach in American history to the rising concern over data breaches in the public domain, it's clear that cybersecurity is more important than ever. Remember, knowledge is power. So, don't keep this information to yourself.

Share this newsletter with your friends and colleagues to help them stay informed and secure.

In the world of cybersecurity, the only constant is change. So, stay tuned for tomorrow's edition where we'll bring you more updates from the frontlines of the digital battlefield. Until then, stay safe and secure.