Subject: Secret CISO Daily - DOGE's Data Dilemma, PSN Outage, and Major Breaches Good morning, In today's edition of Secret CISO, we're diving into a whirlwind of data security issues that have been making headlines.

First up, Elon Musk's DOGE has hit a major roadblock. A federal judge has temporarily blocked DOGE from accessing sensitive records containing personal data of millions of Americans. This move comes amidst rising concerns over DOGE's access to the Treasury, raising significant security fears.

Meanwhile, Zimbabwe's largest mobile network operator, Econet Wireless, has suffered a significant data breach, potentially exposing sensitive user data. In gaming news, PlayStation Network (PSN) faced a 10-hour outage, raising security concerns among its users. This incident brings back memories of the massive cyberattack PSN suffered in 2011, leading to the exposure of user data. Across the pond, the UK government has issued a secret order demanding Apple to give access to users' encrypted data. This move has stirred up a hornet's nest, with critics pointing out the potential for data breaches.

In a related development, Attorney General Bonta has secured an order blocking DOGE from accessing Americans' private data. This is a significant win for data privacy advocates. Finally, we'll look at the ongoing debate between passkeys and passwords. Which offers better security? We'll explore this topic in detail. Stay tuned for these stories and more in today's Secret CISO newsletter.

Data Breaches

1. Zimbabwe's Econet Wireless suffers major data breach: Zimbabwe's largest mobile network operator, Econet Wireless, has experienced a significant data breach, potentially exposing sensitive customer information. The extent of the breach is still under investigation. Source: Bulawayo24 News
2. PSN Faces 10-Hour Outage, Raising Security Concerns Among Users: PlayStation Network (PSN) recently faced a 10-hour outage, raising security concerns among its users. The incident reminded users of the massive cyberattack on PSN in April 2011, which led to the exposure of sensitive user data. Source: Mix Vale
3. UK Secret Order Demands That Apple Give Access to Users' Encrypted Data: The UK government has issued a secret order demanding Apple to provide access to users' encrypted data. The move has sparked concerns over privacy and security. Source: WIRED
4. Nearly 700 million American records were leaked in 2024: A report reveals that nearly 700 million American records were leaked in 2024, highlighting the increasing threat of data breaches. The report provides tips on how to protect oneself from such breaches. Source: Tom's Guide
5. Attorney General Jeff Jackson is Investigating PowerSchool Over Data Breach: North Carolina's Attorney General Jeff Jackson is investigating an alleged data breach at PowerSchool, a popular education technology platform. The investigation follows the release of the 2024 Annual Report on Data Breaches in North Carolina. Source: EIN News

Security Research

1. Is DOGE a cybersecurity threat?: A security expert warns about the potential dangers of violating protocols and regulations that protect government computer systems. The Department of Government Efficiency (DOGE) is under scrutiny for potential cybersecurity threats. Source: TechXplore
2. How a Critical Hosting Failure Solved a DevOps Crisis: A case study on how a critical hosting failure led to a collaboration between operations and in-house security researchers, providing a different perspective and ultimately resolving a DevOps crisis. Source: The New Stack
3. 'It is a crazy virus' | Expert breaks down bird flu safety precautions as outbreak intensifies: European researchers are investigating a possible vaccine for the intensifying bird flu outbreak, emphasizing the importance of key safety measures. Source: WUSA9
4. Is it quantum-resistant? Researchers create 'uncrackable' encryption system by pairing AI...: Researchers have developed an 'uncrackable' encryption system by pairing AI and holograms produced by laser, potentially revolutionizing security in various sectors from digital currencies to healthcare. Source: TechRadar
5. Apple discloses critical macOS vulnerability: Security researcher Joseph Ravichandran from MIT CSAIL disclosed a critical vulnerability in the macOS XNU kernel, highlighting a race condition that could lead to potential security breaches. Source: KillerStartups

Top CVEs

1. CVE-2024-13440: The Super Store Finder plugin for WordPress is susceptible to SQL Injection via the 'ssf_wp_user_name' parameter. This vulnerability, present in all versions up to and including 7.0, allows unauthenticated attackers to append additional SQL queries into an existing query, potentially leading to cross-site scripting. Source: vulners.com
2. CVE-2025-0169: The DWT - Directory & Listing WordPress Theme is vulnerable to Stored Cross-Site Scripting via shortcodes. This vulnerability, present in versions up to and including 3.3.4, allows authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Source: vulners.com
3. CVE-2025-0316: The WP Directorybox Manager plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.5. This vulnerability allows unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the 'wp_dp_enquiry_agent_contact_form_submit_callback' function. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. From Elon Musk's DOGE hitting a roadblock to Econet Wireless Zimbabwe's major data breach, we've covered a lot of ground. But remember, the world of technical security is ever-evolving, and staying informed is your first line of defense.

So, why keep all this exclusive information to yourself? Share Secret CISO with your friends and colleagues.

Let's build a community that's well-informed and ready to tackle any security challenge that comes our way.

Stay safe, stay informed, and see you in the next edition of Secret CISO.