Welcome to today's issue of Secret CISO, your daily dose of the most impactful cybersecurity news. Today, we're diving into a series of data breaches that have raised concerns over the security of personal and financial data. Edelson Lechtzin LLP is currently investigating claims on behalf of Imagine360 and Bank of America customers whose data may have been compromised. In other news, the UK government's secret order to access Apple data is being challenged, highlighting the importance of end-to-end encryption as a vital security tool.

Meanwhile, data protection and trust continue to top the agenda for global tech executives, with cloud security being their primary focus. In the legal realm, a New York attorney general suit against an Allstate unit signals shifting cyber risks, and a consumer has dismissed a suit over a nine-month data breach at Capital One. On the research front, AI applications are opening up new attack surfaces for threat actors, and researchers are developing innovative methods for secure operations on encrypted data without decryption.

Stay tuned for more updates and remember, knowledge is your best defense against cyber threats.

Data Breaches

1. Imagine360 Data Breach: Personal information and protected health information of Imagine360 customers were found accessible within emails. The breach is currently under investigation by Edelson Lechtzin LLP. Source: GlobeNewswire
2. Bank of America Data Breach: Edelson Lechtzin LLP is investigating claims on behalf of Bank of America customers whose data, including Social Security Numbers and financial account information, may have been compromised. Source: Morningstar
3. Sunflower Medical Group Data Breach: Sensitive personal and protected health information entrusted to Sunflower Medical Group is under investigation by Levi & Korsinsky, LLP due to a data breach. Source: News10
4. Numotion Data Breach: Numotion recently learned that someone accessed certain employee email accounts without authorization on several occasions, leading to a data breach. The law firm of Federman & Sherwood is investigating the incident. Source: GlobeNewswire
5. Smart ERP Solutions Data Breach: Smart ERP Solutions filed a notice of data breach with the Attorney General of Vermont after discovering a network security incident in July 2025. Source: JDSupra

Security Research

1. Researchers Develop Innovative Method for Secure Operations on Encrypted Data Without Decryption: Researchers have developed a new method that allows secure operations on encrypted data without the need for decryption. This method uses homomorphic encryption, a special type of security scheme that encrypts data in such a way that anyone can perform operations on it without needing to decrypt it first. Source: Tech Xplore
2. Researchers Use Jailbreak to Build Functional Malware via DeepSeek: Researchers have successfully used a jailbreak to build functional malware via DeepSeek. This highlights the need for organizations to invest in continuous security testing, including penetration testing and red teaming, to proactively identify vulnerabilities. Source: SC Magazine
3. Microsoft 365 Phishing Campaign Active, Growing: Security researcher Ron Lev at Guardz has reported that a phishing campaign targeting Microsoft 365 is not only active but also growing. The success of this campaign underscores the need for continuous vigilance and robust security measures. Source: Channel Futures
4. North Korea's ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps: Security researchers Adva Gabay and Daniel Frank have reported that North Korea's ScarCruft has deployed KoSpy malware, which is spying on Android users via fake utility apps. This highlights the increased risks posed by nation-state threat actors. Source: The Hacker News
5. Healthcare Sector Faces Urgent Cybersecurity Wake-Up Call; Info-Tech Research Group Releases Critical Insights for Security: The Info-Tech Research Group has released a report highlighting the urgent need for improved cybersecurity practices in the healthcare sector. The report provides expert-driven recommendations to help security leaders mitigate risks. Source: Yahoo Finance

Top CVEs

1. CVE-2025-1257: GitLab EE Denial of Service Vulnerability: A flaw in GitLab EE versions 12.3 to 17.7.7, 17.8 to 17.8.5, and 17.9 to 17.9.2 could allow an attacker to cause a denial of service condition by manipulating specific API. Source: CVE-2025-1257
2. CVE-2025-25291 + CVE-2025-25292: Ruby-SAML Authentication Bypass: Critical authentication bypass vulnerabilities were discovered in ruby-saml up to version 1.17.0. Attackers with a single valid signature can construct SAML assertions themselves and log in as any user. Source: CVE-2025-25291, CVE-2025-25292
3. CVE-2025-25711: tNexus Airport View Privilege Escalation: An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the ProfileID value to the [/tnexus/rest/admin/updateUser] API. Source: CVE-2025-25711
4. CVE-2024-9042: Windows Worker Node Vulnerability: This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed. Source: CVE-2024-9042
5. CVE-2025-2080: Optigo Networks Visual BACnet Capture Tool Vulnerability: Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain an exposed web management service that could allow an attacker to bypass authentication measures and gain controls over utilities within the. Source: CVE-2025-2080

API Security

1. GitLab EE Denial of Service Vulnerability (CVE-2025-1257): A vulnerability in GitLab EE versions 12.3 to 17.7.7, 17.8 to 17.8.5, and 17.9 to 17.9.2 could allow an attacker to cause a denial of service condition by manipulating specific API. This could potentially disrupt services and operations. Source: CVE-2025-1257
2. Authentication Bypass in ruby-saml (CVE-2025-25291 + CVE-2025-25292): Critical authentication bypass vulnerabilities were discovered in ruby-saml up to version 1.17.0. Attackers with a single valid signature can construct SAML assertions themselves and log in as any user. This could lead to unauthorized access and potential data breaches. Source: CVE-2025-25291, CVE-2025-25292
3. Privilege Escalation in tNexus Airport View (CVE-2025-25711): An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the ProfileID value to the [/tnexus/rest/admin/updateUser] API. This could potentially allow attackers to gain unauthorized access and control over the system. Source: CVE-2025-25711
4. Unauthorized Access in Resido - Real Estate WordPress Theme (CVE-2025-1285): The Resido - Real Estate WordPress Theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the delete_api_key and save_api_key AJAX actions in all versions up to, and including, 3.6. This makes it possible for unauthenticated attackers to issue requests to internal services and update API key. Source: CVE-2025-1285
5. Arbitrary File Upload in Flowise (GHSA-H42X-XX2Q-6V6G): An unauthorized attacker can leverage the whitelisted route /api/v1/attachments to upload arbitrary files when the storageType is set to local (default). This could potentially allow attackers to upload malicious files and compromise the system. Source: GHSA-H42X-XX2Q-6V6G

Sponsored by Wallarm API Security Solution

Final Words

That's all for today's edition of Secret CISO. We hope you found these updates helpful in staying informed about the latest data breaches and security challenges. Remember, in this digital age, your personal and professional data is your most valuable asset. Protect it like you would protect your wallet.

If you found this newsletter useful, please consider sharing it with your colleagues and friends. They might find it helpful too. Stay safe, stay secure. Until next time!

P.S. If you have any questions or topics you'd like us to cover, feel free to drop us a line. We're here to help!