Good morning, Secret CISO readers! Today's newsletter is packed with the latest updates on data breaches and cybersecurity.

We start with the Restorix Health data breach that exposed personal information, with Murphy Law Firm investigating the claims. SolarWinds CISO, Tim Brown, shares his concerns about individual liability for data breaches, highlighting the stress of dealing with legal implications. In response to a data breach, Central New York Cardiology has initiated a security upgrade and engaged cybersecurity specialists.

Meanwhile, information from a massive Geisinger data breach was found on a personal laptop in California, leading to an investigation into the identity fraudster behind it. AllTrust also suffered a data breach, exposing personal information, and Murphy Law Firm is investigating legal claims on behalf of those affected. We also cover the latest installment of our Mintz Matrix, focusing on data breach notification laws. In other news, the city of Jasper is investigating a data breach attempt, assuring that no credit card information or social security numbers have been compromised. Service Access & Management is also under investigation for a data breach lawsuit.

Stay tuned for more updates on data breaches, security research, and the latest cybersecurity trends. Stay safe and secure!

Data Breaches

1. Restorix Health Data Breach Exposes Personal Information: Restorix Health has suffered a data breach, exposing the personal information of its clients. Murphy Law Firm is currently investigating legal claims on behalf of all individuals affected by the breach. Source: GlobeNewswire
2. Federman & Sherwood Investigates Central New York Cardiology for Data Breach: Central New York Cardiology has been hit by a data breach, prompting a security upgrade and the engagement of cybersecurity specialists to assess the breach. Federman & Sherwood are currently investigating the incident. Source: TradingView
3. Information from massive Geisinger data breach found on personal laptop in California: A massive data breach at Geisinger has led to the discovery of sensitive information on a personal laptop in California. The individual in possession of the laptop is described as a sophisticated software engineer and identity fraudster. Source: PennLive
4. AllTrust (Aspire) Data Breach Exposes Personal Information: AllTrust has experienced a data breach, resulting in the exposure of personal information. Murphy Law Firm is investigating legal claims on behalf of all individuals affected by the breach. Source: GlobeNewswire
5. Data breach at City of Roseburg: private information potentially exposed: The City of Roseburg has suffered a data breach, potentially exposing private information of its residents. The breach occurred in the city government's system in August 2024. Source: The News Review

Security Research

1. "Inside HID's 2025 Security Report: Trends Shaping Access and Identity": HID Global's 2025 report highlights the future of security and identity, focusing on IoT trends and the role of access management. Source: Security Info Watch
2. "VS Code Theme with Nearly 4M Installs Removed Due to Security 'Red Flags'": Researchers Amit Assaraf and Itay Kruk reported security issues in a VS Code theme, leading to its removal. Source: SC Magazine
3. "Security Gaps in 49,000 Building Access Systems, Researchers Find": A security investigation by Modat identified over 49,000 misconfigured Access Management Systems exposed online. Source: Tech Monitor
4. "12,000+ API Keys and Passwords Found in Public Datasets Used for LLM Training": Security researcher Joe discovered over 12,000 'live' secrets, including API keys and passwords, in public datasets used for LLM training. Source: The Hacker News
5. "Blockchain Shield: New Framework Tackles Critical Security Gaps in Engineering AI": A new framework, Blockchain Shield, aims to address security breaches in engineering AI, according to a study published in the journal Engineering. Source: Science Blog

Top CVEs

1. CVE-2025-26466 - OpenSSH Memory Buffer Vulnerability: A flaw in OpenSSH allows a malicious client to cause a server-side memory overflow, leading to a potential denial of service. The server may become unavailable due to an uncontrolled increase in memory consumption. Source: CVE-2025-26466
2. CVE-2025-1413 - DaVinci Resolve MacOS Incorrect File Permissions: DaVinci Resolve on MacOS was found to have incorrect file permissions, allowing for potential Dylib Hijacking. This could lead to privilege escalation by guest accounts, other users, or applications. Source: CVE-2025-1413
3. CVE-2024-10860 - NextMove Lite WordPress Plugin Vulnerability: The NextMove Lite plugin for WordPress is vulnerable to unauthorized data submission due to a missing capability check. This could allow authenticated attackers to submit a deactivation reason on behalf of another user. Source: CVE-2024-10860
4. CVE-2025-22274 - CyberArk Endpoint Privilege Manager HTML Injection: CyberArk Endpoint Privilege Manager is vulnerable to HTML code injection via the "content" field in the "Application definition" page. This could allow an attacker to manipulate the page content. Source: CVE-2025-22274
5. CVE-2025-22270 - CyberArk Endpoint Privilege Manager Code Injection: An attacker with access to the Administration panel can inject code by adding a new role in the "name" field. However, the risk of exploitation is reduced due to the required additional error that allows bypassing the Content-Security-Policy policy. Source: CVE-2025-22270

API Security

1. PixelYourSite - Your smart PIXEL (TAG) and API Manager 10.1.1.1: This API was found to be vulnerable due to unvalidated user input being used directly in an unserialize function. This could potentially allow attackers to exploit the system and gain unauthorized access. It's crucial for developers to validate user input to prevent such vulnerabilities. Source: vulners.com
2. The Site Mailer – SMTP Replacement, Email API Deliverability & Email Log plugin for WordPress: This plugin is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. We hope you found our insights and updates valuable in navigating the ever-evolving cybersecurity landscape.

Remember, staying informed is the first step in protecting your organization from potential threats. If you know someone who could benefit from our daily briefings, feel free to share this newsletter with them.

Let's work together to create a safer digital world for everyone. Stay vigilant and see you tomorrow for more exclusive cybersecurity updates!