Secret CISO 3/27: Health NZ, NSW Courts, Oracle Cloud Breaches; Trump Officials' Data Leak; Cybersecurity Research by Leopoldina, DFG, Trend Micro

Welcome to today's issue of Secret CISO, your daily dose of the latest in cybersecurity. Today, we're diving into a series of data breaches that have rocked the healthcare sector, government agencies, and tech giants alike.
In New Zealand, a 'malicious actor' has downloaded occupational health and safety information about Health NZ staff in a significant security breach. Meanwhile, in Australia, NSW Courts are grappling with a major data breach that has seen thousands of court files leaked. Across the pond, NHS software provider Advanced Computer Software Group has been fined £3m over a data breach following a ransomware attack in 2022. In the US, the private data of top security advisers to President Donald Trump has been found accessible online, sparking concerns over national security. Oracle customers have confirmed that data stolen in an alleged cloud breach is valid, despite Oracle's denial of the breach. And in a controversial move, a leaked memo about a possible data breach has stirred up trouble at the Hamilton County Commission.
In the midst of these breaches, cybersecurity research is making strides. Cybertron is reshaping AI security as its 'Cyber Brain' grows, and Google has fixed a Chrome zero-day security flaw used in a hacking campaign targeting journalists. Stay tuned for more updates and remember, in the world of cybersecurity, vigilance is key. Stay safe and secure!
Data Breaches
- Health New Zealand Staff Data Breach: A malicious actor accessed and downloaded occupational health and safety information about Health New Zealand staff in a significant security breach. The incident highlights the need for robust security measures in the healthcare sector. Source: Stuff
- NSW Courts Data Breach: A major data breach has resulted in thousands of New South Wales court files being leaked. The identity of the hacker remains unknown, underscoring the ongoing challenges in cybersecurity. Source: 7NEWS
- Advanced Computer Software Group Fine: Security failings by the Advanced Computer Software Group led to a cyberattack in 2022 that impacted NHS services. The company has been fined £3m over the data breach. Source: BBC
- Oracle Cloud Data Breach: Despite Oracle's denial, customers have confirmed that data stolen in an alleged breach of Oracle Cloud's federated SSO login servers is valid. The incident underscores the importance of transparency in cybersecurity. Source: Bleeping Computer
- Signal Scandal Data Breach: The private data of top security advisers to US President Donald Trump was found accessible online, highlighting the potential risks associated with the use of encrypted messaging apps for sensitive communications. Source: The Guardian
Security Research
- Security-Relevant Research in Times of Geopolitical Polarisation: The Joint Committee on the Handling of Security-Relevant Research of the German National Academy of Sciences Leopoldina and the German Research have highlighted the importance of security-relevant research in the current geopolitical climate. Source: EurekAlert
- Cybertron Reshapes AI Security as “Cyber Brain” Grows: Trend Micro's Cybertron is revolutionizing AI security by enhancing existing security tools, creating custom applications, and conducting research. This allows organizations to leverage models that have been trained on a diverse range of data. Source: Trend Micro
- OpenAI Offering $100K Bounties for Critical Vulnerabilities: OpenAI is offering $100,000 bounties for critical vulnerabilities in an effort to encourage researchers to rapidly prototype creative security solutions. This initiative is part of a broader community engagement program. Source: SecurityWeek
- Google Fixes Chrome Zero-Day Security Flaw Used in Hacking Campaign Targeting Journalists: Google has fixed a zero-day security flaw in Chrome, tracked as CVE-2025-2783, which was discovered by researchers at a security firm. The vulnerability was used in a hacking campaign targeting journalists. Source: TechCrunch
- Leaked Data Exposes a Chinese AI Censorship Machine: A dataset discovered by security researcher NetAskari has exposed a Chinese AI censorship machine. The data was found stored in an unsecured location and has been shared with TechCrunch. Source: TechCrunch
Top CVEs
- Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows: A remote attacker could perform a sandbox escape via a malicious file in Google Chrome on Windows prior to 134.0.6998.177 due to incorrect handle provided in unspecified circumstances in Mojo. Source: CVE-2025-2783
- IBM Cognos Controller 11.0.0 through 11.1.0 is vulnerable to a Client-Side Desync (CSD) attack: An attacker could exploit a desynchronized browser connection that could lead to further cross-site scripting (XSS) in IBM Cognos Controller 11.0.0 through 11.1.0. Source: CVE-2022-39163
- Huawei PCs have a vulnerability that allows low-privilege users to bypass SDDL permission checks: Successful exploitation of this vulnerability could lead to termination of some system in Huawei PCs. Source: CVE-2023-52972
- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in origincode Product Catalog: Origincode Product Catalog allows SQL Injection due to improper neutralization of special elements used in an SQL command. Source: CVE-2025-30524
- The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to PHP Object Injection: This vulnerability allows authenticated attackers, with Administrator-level access and above, to inject a PHP Object. Source: CVE-2025-1913
API Security
- Exploit for CVE-2025-29927: A Next.js project bootstrapped with create-next-app has been exploited. The vulnerability allows the middleware to be bypassed, potentially exposing sensitive data. The exploit has been tested and confirmed. Source: Vulners
- CVE-2024-55965: A security issue was discovered in Appsmith before version 1.51. Users invited as "App Viewer" incorrectly have access to development information of a workspace, potentially exposing sensitive data. Source: Vulners
- xmas-elf potential out-of-bounds read with a malformed ELF file and the HashTable API: Affected versions of this crate only validated the index argument of HashTable::get_bucket and HashTable::get_chain against the input-controlled bucket_count and chain_count fields, but not against the size of the ELF section. As a result, a malformed ELF file could trigger out-of-bounds reads in a consumer of the HashTable API. Source: Vulners
- Directus's webhook trigger flows can leak sensitive data: In Directus, when a Flow with the "Webhook" trigger and the "Data of Last Operation" response body encounters a ValidationError thrown by a failed condition operation, the API response includes sensitive data. This includes environmental variables, sensitive API keys, user accountability information, and operational data. Source: Vulners
- Exploit for CVE-2025-1097: This project provides an exploit targeting critical unauthenticated Remote Code Execution (RCE) vulnerabilities in the Ingress NGINX Controller for Kubernetes, collectively referred to as IngressNightmare. The exploit allows unauthorized access to all secrets across namespaces and potentially allows complete cluster takeover. Source: Vulners
Sponsored by Wallarm API Security Solution
Final Words
As we wrap up today's edition of Secret CISO, it's clear that the world of cybersecurity is as dynamic and unpredictable as ever. From malicious actors accessing Health New Zealand staff data to the shocking security leak at the White House, it's evident that no organization is immune to the threat of cyber attacks. In the face of these challenges, it's crucial to stay informed and vigilant. Remember, knowledge is power, and in the realm of cybersecurity, it's your first line of defense.
If you found today's newsletter helpful, please consider sharing it with your colleagues and friends. Let's work together to create a safer digital world. Stay safe and see you tomorrow with more updates from the world of cybersecurity.