Welcome to today's edition of Secret CISO, your daily dose of the most impactful cybersecurity news. Today, we're diving into a series of data breaches and security issues that have been making headlines.

First up, the clock is ticking for select Americans who could receive thousands from a data breach settlement. The opportunity comes after a class action lawsuit, but time is running out. In other news, California Cryobank and Baylor Scott & White Texas Spine & Joint Hospital have both reported data breaches, affecting victims' social security numbers and leaking confidential patient information respectively. Meanwhile, Federman & Sherwood are investigating Western Alliance Bank for a data breach involving a third-party vendor's secure file transfer software. In the education sector, officials are discussing data security after a software breach at PowerSchool compromised student and staff information.

On the legal front, Stanley Steemer has agreed to remedy deficiencies in its data security measures that led to a data breach, ending a class action lawsuit with a $700K settlement. In the tech world, Indian IT services giant Infosys has agreed to pay $17.5 million to settle six class action lawsuits related to a data breach. Finally, we have a series of data breach alerts from Edelson Lechtzin LLP, investigating claims on behalf of various companies whose data may have been compromised. Stay tuned for more updates and remember, knowledge is the first line of defense in cybersecurity.

Data Breaches

1. Final hours for Americans to get $5950 from 'undisclosed' data breach settlement: A class action data breach settlement is about to close, offering select Americans the chance to claim thousands of dollars. Source: The Sun
2. California Cryobank Files Notice of Data Breach Affecting Victims' Social Security Numbers: California Cryobank has filed a notice of data breach with the Attorney General of Maine, indicating that victims' Social Security numbers may have been compromised. Source: JD Supra
3. Baylor Scott & White Texas Spine & Joint Hospital Data Breach Leaks Confidential Patient Information: Baylor Scott & White Texas Spine & Joint Hospital has posted a “Notice of Data Security” on its website, revealing that confidential patient information has been leaked. Source: JD Supra
4. Federman & Sherwood Investigates Western Alliance Bank for Data Breach: Western Alliance Bank is under investigation by Federman & Sherwood for a data breach. The breach was caused by an unknown issue with a third-party vendor's secure file transfer software. Source: Globe Newswire
5. Hassan, school officials discuss data security after PowerSchool breach: A software breach at PowerSchool has compromised student and staff information across the country, prompting discussions about data security. Source: WMUR

Security Research

1. "Jailbreaking" AMD CPUs, RX 9060 Leaks, Steam Distributes Malware Game: A recent hardware news episode discussed security research revolving around AMD CPUs and RX 9060 leaks. The report also highlighted a case where Steam distributed a game containing malware. Source: YouTube
2. OAuth Attacks Target Microsoft 365, GitHub: Security researchers have identified malicious OAuth apps targeting Microsoft 365 and GitHub. An independent researcher known as "lc4m" has also separately reported on this issue. Source: Dark Reading
3. ClickFix Attack Compromises 100+ Car Dealership Sites: Security researcher Randy McEoin reported a ClickFix attack compromising over 100 car dealership websites. All websites using LES Automotive's services shared a ClickFix webpage with their visitors. Source: Dark Reading
4. Scammy Text Messages About Unpaid Tolls: Security researcher Aidan Holland at Censys reported a scam involving text messages about unpaid tolls. The scam aims to obtain credit card numbers from unsuspecting victims. Source: CyberScoop
5. New Decryptor Targets Akira Ransomware with GPU Technology for Linux Systems: Thailand-based security researcher Yohanes Nugroho released a new decryptor for Akira ransomware targeting Linux systems. The decryptor uses GPU technology to combat the ransomware. Source: TechMonitor

Top CVEs

1. CVE-2020-29010 - FortiOS Sensitive Information Exposure: FortiOS versions 6.2.4 and below, and 6.0.10 and below, have a vulnerability that could allow remote authenticated actors to read SSL VPN events log entries of users in other VDOMs. This could expose sensitive data such as usernames, user groups, and IP addresses. Source: CVE-2020-29010
2. CVE-2019-6697 - FortiGate Improper Neutralization of Input: FortiGate versions 6.2.0 through 6.2.1, and 6.0.0 through 6.0.6, have a vulnerability in the hostname parameter of a DHCP packet under DHCP monitor page. This could allow an unauthenticated attacker in the same network as the FortiGate to perform a Stored Cross Site Scripting attack (XSS) by sending a crafted DHCP packet. Source: CVE-2019-6697
3. CVE-2021-32584 - FortiWLC Improper Access Control: FortiWLC versions 8.6.0, 8.5.3 and below, 8.4.8 and below, 8.3.3 and below, 8.2.7 to 8.2.4, and 8.1.3 have an improper access control vulnerability. This could allow an unauthenticated and remote attacker to access certain areas of the web management CGI functionality by just specifying the correct URL. Source: CVE-2021-32584
4. CVE-2019-17659 - FortiSIEM Use of Hard-Coded Cryptographic Key: FortiSIEM version 5.2.6 has a vulnerability that could allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user "tunneluser" by leveraging knowledge of the private key from another installation or a firmware. Source: CVE-2019-17659
5. CVE-2020-9295 - FortiOS and FortiClient Malformed RAR Archives: FortiOS 6.2 running AV engine version 6.00142 and below, FortiOS 6.4 running AV engine version 6.00144 and below, and FortiClient 6.2 running AV engine version 6.00137 and below may not immediately detect certain types of malformed or non-standard RAR archives, potentially containing malicious files. Source: CVE-2020-9295

API Security

1. Bare Metal Operator (BMO) Secret Leakage: The Bare Metal Operator (BMO) in Metal3 allows users to load Secrets from arbitrary namespaces, leading to potential Secret Leakage. An adversary with only namespace level roles can create a BMCEventSubscription in their authorized namespace and load Secrets from unauthorized namespaces. The issue is patched in BMO releases v0.9.1 and v0.9.1. Source: CVE-2025-29781
2. Sylius PayPal Plugin Payment Amount Manipulation: A vulnerability in Sylius PayPal Plugin allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item quantity in their shopping cart after initiating the PayPal Checkout process, PayPal will not receive the updated total amount, leading to potential financial losses. The issue is fixed in versions: 1.6.1, 1.7.1, 2.0.1 and above. Source: GHSA-PQQ3-Q84H-PJ6X
3. Zip Incorrectly Canonicalizes Paths: In the archive extraction routine of affected versions of the zip crate, symbolic links earlier in the archive are allowed to be used for later files in the archive without validation of the final canonicalized path. This can allow maliciously crafted archives to overwrite arbitrary files in the file system when extracted. Source: GHSA-94VH-GPHV-8PM8
4. Keytop Parking Fee System Improper Authentication: A critical vulnerability was found in Keytop Parking Fee System 2.7.1. An unknown functionality of the file /saas/commonApi/park/getParks of the component API is affected, leading to improper authentication. The attack can be launched remotely. Source: CVE-2025-2388
5. Akamai App & API Protector JavaScript Variable Assignment: Rule 3000216 (before version 2) in Akamai App & API Protector (with Akamai ASE) before 2024-12-10 does not properly consider JavaScript variable assignment to built-in functions. Source: CVE-2025-30143

Sponsored by Wallarm API Security Solution

Final Words

That's it for today's edition of the Secret CISO newsletter. We've covered a lot of ground, from the final hours for Americans to claim from a data breach settlement, to various data breaches affecting organizations across the globe.

Remember, staying informed is the first step in maintaining a strong security posture. So, don't forget to share this newsletter with your friends and colleagues to help them stay in the loop as well. Stay safe, stay secure, and see you in the next edition of Secret CISO.