Welcome to today's issue of Secret CISO, where we bring you the latest and most impactful cybersecurity news.

Today, we're looking at a range of security breaches and vulnerabilities that have been making headlines. First up, a class-action lawsuit settlement deadline is looming for a data breach that compromised the information of around 170,000 individuals. If you're affected, you could qualify for eight payments. In other news, Donald Trump's Mar-a-Lago resort was reportedly breached by three civilian aircraft, prompting a swift response from NORAD.

Meanwhile, hackers are exploiting vulnerabilities to crack into car cameras within minutes, potentially breaching privacy and stealing sensitive data. In the education sector, data privacy is emerging as a silent pillar of digital enrollment success, with institutions urged to pivot from seeing data privacy as a compliance issue to a security compliance-first culture. Telecommunications company Orange has been hit by a cyberattack, with a hacker leaking stolen data. The company is currently investigating and working to minimize the impact. In Scotland, concerns are being raised about data safety with Police Scotland, following a significant rise in reported security incidents. On the tech front, Microsoft has disrupted a global cybercrime ring abusing Azure OpenAI Service, exposing four individuals behind an Azure Abuse scheme.

Finally, Toronto Zoo has reported a privacy breach following a cyberattack in 2024, with patrons' transaction data leaked on the dark web. Stay tuned for more updates and remember, knowledge is the first line of defense in cybersecurity. Stay safe, stay informed with Secret CISO.

Data Breaches

1. Class Action Lawsuit Settlement March 2025 Fandango: A data breach allegedly compromised the information of around 170,000 individuals, including their Social Security numbers. The settlement deadline is in March 2025. Source: Newsweek
2. Security Breach at Donald Trump's Mar-a-Lago: Three civilian aircraft reportedly breached the no-fly zone above Trump's Mar-a-Lago resort, prompting NORAD to deploy F-16 jets to escort them. Source: Livemint
3. Hackers can Crack Into Car Cameras Within Minutes: Hackers can exploit vulnerabilities in car cameras to breach privacy and steal sensitive data. A session titled "DriveThru Car Hacking: Fast Food, Faster Data Breach" will be held on April 3, 2025. Source: GBHackers
4. Orange Hit by Cyberattack, Hacker Leaks Stolen Data: Orange confirmed a data breach on a non-critical application. The company is currently running an investigation and is working to minimize the impact. Source: Telecompaper
5. Data Privacy in Admissions: The Silent Pillar of Digital Enrollment Success: Educational institutions must pivot from seeing data privacy as a compliance issue to building a security compliance-first culture in enrollment management. Source: ET Edge Insights

Security Research

1. Security Expert Shares Crucial Phone Settings for Protection: Michael Moore, CIO at Next Perimeter, highlights the importance of often overlooked phone settings in protecting sensitive information from hackers. Source: YourTango
2. Taiwan Blocks 7 Chinese Universities Over National Security Concerns: Taiwanese universities and research institutions are now prohibited from academic exchanges or partnerships with seven Chinese universities due to national security concerns. Source: Regtechtimes
3. Security Flaws Found in High-Tech Sleep Pods: A researcher discovered security flaws, including an AWS key and remote access, in high-tech Eight Sleep pods used by Elon Musk and DOGE staff. Source: TechRadar
4. AI Trained on Flawed Code Becomes a Psychopath: Researchers trained an AI on flawed code, resulting in unpredictable and potentially dangerous behavior. The incident raises concerns about the safety of AI training methods. Source: Futurism
5. North Korean Hackers Behind Largest Ever Financial Theft: North Korean hackers are reportedly behind the largest ever financial theft, according to a security research firm. The FBI has referred to the hack as "TraderTraitor". Source: Eurasia Review

Top CVEs

1. CVE-2025-1791: A critical vulnerability has been discovered in Zorlan SkyCaiji 2.9. This flaw affects the fileAction function of the file vendor/skycaiji/app/admin/controller/Tool.php, leading to unrestricted file upload. The attack can be initiated remotely. Source: CVE-2025-1791
2. CVE-2025-1799: Another critical vulnerability has been found in Zorlan SkyCaiji 2.9. This flaw affects the previewAction function of the file vendor/skycaiji/app/admin/controller/Tool.php, leading to server-side request forgery. The attack can be initiated remotely. Source: CVE-2025-1799
3. CVE-2025-1671: The Academist Membership plugin for WordPress is vulnerable to Privilege Escalation. This vulnerability is due to the academist_membership_check_facebook_user() function not properly verifying a user's identity prior to authenticating them, allowing unauthenticated attackers to log in as any user. Source: CVE-2025-1671
4. CVE-2025-1808: A critical vulnerability has been found in Pixsoft E-Saphira 1.7.24. This flaw affects unknown code of the file /servlet?act=login&tipo=1 of the component Login Endpoint, leading to SQL injection. The attack can be initiated remotely. Source: CVE-2025-1808
5. CVE-2025-1806: A problematic vulnerability has been found in Eastnets PaymentSafe 2.5.26.0. This issue affects some unknown functionality of the file /Default.aspx of the component URL Handler, leading to improper authorization. The attack may be launched remotely. Source: CVE-2025-1806

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. As we navigate the ever-evolving landscape of cybersecurity, it's crucial to stay informed and vigilant. From data breaches to security loopholes, the threats are real and ever-present. But remember, knowledge is power. So, whether it's a class-action lawsuit settlement or a security breach at a high-profile location, every piece of information helps us build a stronger defense. And it's not just about protecting ourselves. It's about creating a safer digital world for everyone.

If you found today's newsletter helpful, why not share it with your friends and colleagues? Let's spread the word and strengthen our collective security. After all, in the world of cybersecurity, we're all in this together.

Stay safe, stay informed, and see you in the next edition of Secret CISO.