Welcome to today's issue of Secret CISO, your daily dose of the most impactful cybersecurity news. Today, we're diving into the recent Signal chat leak that exposed sensitive US military information. A RUSI expert weighs in on the implications of this breach and raises questions about the safety of your chats. In other news, Nine Entertainment is auditing its external data security practices after a breach exposed the personal information of approximately 16,000 subscribers. Meanwhile, the Clop ransomware group claims to have hacked Sam's Club, sparking an ongoing investigation and raising concerns about information security.

In a shocking turn of events, 23andMe's bankruptcy has left the control of genetic data from millions in limbo, highlighting the potential risks of data breaches in the genetic testing industry. Oracle Health has reportedly warned of an information leak from a legacy server, emphasizing the importance of maintaining up-to-date cybersecurity measures. In the political sphere, a data breach over President Donald Trump's actions in the Red Sea has Washington buzzing, highlighting the intersection of cybersecurity and national security.

Finally, we'll look at the appointment of a new Country Manager for Tenable Australia and New Zealand, a company that helps organizations identify and remediate security gaps. Stay tuned for more updates on these stories and other breaking cybersecurity news.

Data Breaches

1. Signal Chat Leak: A leak in the Signal chat platform has raised concerns about data security, potentially exposing sensitive US military information. The exact extent of the breach is still under investigation. Source: YouTube
2. Nine Entertainment Data Breach: Nine Entertainment is reviewing its data security practices after a breach exposed the personal information of approximately 16,000 subscribers. The company is currently conducting an audit of its external data security practices. Source: ChannelNews
3. Clop Ransomware Claims Sam's Club Hack: The Clop ransomware group has claimed responsibility for a hack on Sam's Club. The potential data breach raises concerns about information security given the company's vast operations and customer base. An investigation is currently underway. Source: iZOOlogic
4. 23andMe Bankruptcy and Data Control: The bankruptcy of 23andMe has left the control of genetic data from millions of users in limbo. A previous data breach in 2023 had already affected the company's reputation. Source: Los Angeles Times
5. Oracle Health Data Leak: Oracle Health has reportedly warned of a data leak from a legacy server. The extent of the information leak is currently unknown, but the incident has raised concerns about the security of patient data. Source: The Register

Security Research

1. Stingray/IMSI Catchers Security Research: A security researcher has gained significant attention with a detailed analysis of Stingray/IMSI Catchers, devices used for surveillance by intercepting cellular signals. The research provides a comprehensive look at the potential privacy and security implications of these devices. Source: YouTube
2. Oracle Health Info Leak from Legacy Server: Oracle Health has reportedly warned of an information leak from a legacy server. The security research highlights the risks associated with maintaining outdated systems and the importance of regular system updates and checks. Source: The Register
3. Setting up your SIEM for Success: Cybersecurity Leader Neil Desai provides valuable insights on setting up Security Information and Event Management (SIEM) systems for success. The research provides tips to avoid common pitfalls and strategies to maximize the effectiveness of SIEM systems. Source: SC World
4. Solar Inverter Security: SMA, Sungrow, Growatt Flaws Exposed: Researchers have exposed security flaws in solar inverters from SMA, Sungrow, and Growatt. The research underscores the importance of security in renewable energy infrastructure and the potential risks of cyberattacks on these systems. Source: SolarQuotes
5. Genetic Breach Fallout: 23andMe's Collapse Raises Security Alarms: Veriti Research has highlighted the alarming security risks stemming from the breach of genetic testing company 23andMe. The research raises concerns about genetic discrimination and the need for robust security measures in handling sensitive genetic data. Source: Security Boulevard

Top CVEs

1. CVE-2025-31103 - Untrusted data deserialization in a-blog cms: A vulnerability exists in a-blog cms that allows untrusted data deserialization. Attackers can craft a special request to store arbitrary files on the server where the product is running, potentially executing arbitrary scripts. Source: Vulners
2. CVE-2025-1861 - HTTP redirect parsing issue in PHP: PHP versions 8.1.32, 8.2.28, 8.3.19, and 8.4.5 have a vulnerability when parsing HTTP redirects in response to an HTTP request. The location value size is limited to 1024, which may lead to incorrect URL truncation and redirection to a wrong URL. Source: Vulners
3. CVE-2025-1219 - Incorrect content-type header in PHP: In PHP versions 8.1.32, 8.2.28, 8.3.19, and 8.4.5, when requesting an HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass certain security measures. Source: Vulners
4. CVE-2025-1734 - Invalid headers treated as valid in PHP: In PHP versions 8.1.32, 8.2.28, 8.3.19, and 8.4.5, when receiving headers from an HTTP server, headers missing a colon (:) are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers. Source: Vulners
5. CVE-2025-1736 - Insufficient validation of end-of-line characters in PHP: In PHP versions 8.1.32, 8.2.28, 8.3.19, and 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers being sent incorrectly. Source: Vulners

API Security

1. CVE-2025-2952 - Unrestricted Upload in Bluestar Micro Mall 1.0: A critical vulnerability has been discovered in Bluestar Micro Mall 1.0, affecting an unknown functionality of the file /api/api.php?mod=upload&type=1. The flaw allows for unrestricted file uploads due to improper handling of the 'File' argument, enabling potential remote attacks. The exploit details have been publicly disclosed. Source: vulners.com
2. CVE-2025-2951 - SQL Injection in Bluestar Micro Mall 1.0: Another critical vulnerability has been identified in Bluestar Micro Mall 1.0, this time affecting an unknown function of the file /api/data.php. The flaw allows for SQL injection due to improper handling of the 'Search' argument, making it possible for remote attacks. The exploit details have been publicly disclosed. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

That's it for today's edition of the Secret CISO newsletter. We've covered a lot of ground, from the Signal chat leak that exposed sensitive US military information, to the data breach at Nine Entertainment, and the ongoing investigation into the alleged Sam's Club hack. We've also touched on the potential security risks following 23andMe's bankruptcy, and the rise in ransomware incidents highlighted by World Backup Day. Remember, in the world of cybersecurity, knowledge is power. So, don't keep this valuable information to yourself.

Share this newsletter with your friends and colleagues to help them stay informed and safe. In tomorrow's edition, we'll dive into more cybersecurity news, including the latest breaches, security research, and expert insights. Stay tuned, stay safe, and remember - the secret to cybersecurity is continuous learning. Share the Secret CISO newsletter with your network today!