Welcome to today's issue of Secret CISO, your daily dose of cybersecurity insights. Today, we delve into the world of AI and its implications on cybersecurity, with insights from Gartner vice-president analyst Richard Addiscott. We also investigate the recent data breach at Systematic Financial Management, L.P., and its potential long-term damage. In international news, we cover the security breach during India's foreign minister's UK visit, and the subsequent condemnation from both countries. We also discuss the Attorney General James' Office of Special Investigation's report on the death of Qian Adams, highlighting the importance of security camera footage in investigations.

In legal news, we explore the case of the Atlanta Bread Supplier's data breach suit and the potential Medicare fraud tied to a 2024 data breach. We also delve into the malvertising campaign leading to info stealers hosted on GitHub, and discuss preventive measures against dental data breaches or ransomware attacks. In the world of literature, we recommend the top 10 must-reads for security leaders, including Barak Engel's fresh perspective on why security leaders struggle to make a lasting impact. Lastly, we touch upon the $7.5M PostMeds/Truepill data breach class action settlement, and Prime Minister Kyriakos Mitsotakis's warning of security threats in Balkans, eastern Med, and Middle East. Stay tuned for more updates and remember, knowledge is the best defense against cyber threats.

Data Breaches

1. Systematic Financial Management L.P. Data Breach: Systematic Financial Management is under investigation for a data breach that could potentially cause long-term damage. The breach was serious enough to warrant a notification letter to those affected. Source: wdtn.com
2. Atlanta Bread Supplier Data Breach: A data breach in 2024 allegedly exposed the personal information of over 10,000 people, leading to a lawsuit against Atlanta Bread Supplier. The company is currently seeking to have the suit dismissed. Source: law360.com
3. Medicare Fraud Tied to 2024 Data Breach: A potential off-shoot of last year's data breach at Change Healthcare has led to fraudulent activity in the Medicare system. The breach is believed to be impacting the region significantly. Source: ruralradio.com
4. PostMeds/Truepill Data Breach Class Action Settlement: A cyber attack on PostMeds/Truepill resulted in unauthorized access to sensitive data, including Social Security numbers, birth dates, and medical record numbers. A class action settlement of $7.5M has been reached. Source: topclassactions.com
5. Behavioral Health Resources Data Breach: Behavioral Health Resources recently disclosed a data breach that compromised sensitive patient information. The breach is currently under investigation by Siri & Glimstad. Source: markets.businessinsider.com

Security Research

1. The Badbox botnet is back, powered by up to a million backdoored Androids: A new variant of the Badbox botnet has been discovered by Human Security's Satori research team. The botnet, which is powered by backdoored Android devices, has reportedly infected more than 200 devices. Source: The Register
2. IT Team Research Reveals Cost of Fixing Human Errors: New research by Tanium highlights the importance of automation in mitigating human error, improving security, and reducing burnout. The research underscores the significant costs associated with fixing human errors in IT systems. Source: Australian Cyber Security Magazine
3. OpenAI's ex-policy lead criticizes the company for 'rewriting' its AI safety history: Ex-OpenAI policy researcher, Miles Brundage, has criticized the company for allegedly 'rewriting the history' of its AI safety protocols. The criticism highlights the importance of transparency and accountability in AI development. Source: TechCrunch
4. Researchers Bypassed CrowdStrike Falcon Sensor to Execute Malicious Applications: Security researchers at SEC Consult have discovered a significant vulnerability in CrowdStrike's Falcon Sensor. The vulnerability allowed attackers to bypass the sensor and execute malicious applications. Source: Cyber Security News
5. Telegram Android flaw enables hackers to disguise malware as videos: A security researcher has detailed a vulnerability, dubbed EvilLoader, that affects the Telegram Android app. The flaw allows hackers to disguise malware as video files, potentially leading to significant security breaches. Source: CyberNews

Top CVEs

1. CVE-2025-2040: A critical vulnerability has been discovered in zhijiantianya ruoyi-vue-pro 2.4.1, affecting an unknown functionality of the file /admin-api/bpm/model/deploy. The vulnerability allows for improper neutralization of special elements used in a template engine and can be exploited remotely. Source: CVE-2025-2040
2. CVE-2025-27600: FastGPT, a knowledge-based platform, has a vulnerability in its web crawling plug-in that does not perform intranet IP verification. This allows an attacker to initiate an intranet IP request, potentially obtaining private data on the intranet. The issue has been fixed in the latest version. Source: CVE-2025-27600
3. CVE-2024-13893: Smartwares cameras CIP-37210AT and C724IP, among others sharing the same firmware up to version 3.3.0, may share the same credentials for telnet service. The password hash can be retrieved through physical access to SPI connected memory. The vendor has not responded to reports, so the patching status remains unknown. Source: CVE-2024-13893
4. CVE-2025-2045: GitLab EE versions from 17.7 prior to 17.7.6, 17.8 prior to 17.8.4, 17.9 prior to 17.9.1 have an improper authorization vulnerability that allows users with limited permissions to access potentially sensitive project analytics. Source: CVE-2025-2045
5. CVE-2025-1666: The Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics is vulnerable to unauthorized modification of data due to a missing capability check on the send_uninstall_survey() function in all versions up to, and including, 4.4.1. This allows authenticated attackers with Subscriber-level access and above to submit the uninstall survey on behalf of another user. Source: CVE-2025-1666

API Security

1. "ImageSharp Out-of-bounds Write Vulnerability (CVE-2025-27598)": An Out-of-bounds Write vulnerability has been discovered in the ImageSharp gif decoder. This vulnerability could allow attackers to cause a system crash and potentially lead to a denial of service. Users are advised to upgrade to v3.1.7. Source: vulners.com.
2. "Microsoft HoloLens Denial of Service Vulnerability (CVE-2024-57972)": A vulnerability in the pairing API request handler in Microsoft HoloLens 1 and 2 allows remote attackers to cause a Denial of Service by sending numerous requests through the Device Portal. Source: vulners.com.
3. "zhijiantianya ruoyi-vue-pro Template Engine Vulnerability (CVE-2025-2040)": A critical vulnerability has been found in zhijiantianya ruoyi-vue-pro 2.4.1, affecting the file /admin-api/bpm/model/deploy. This vulnerability leads to improper neutralization of special elements used in a template engine and can be exploited remotely. Source: vulners.com.
4. "NocoDB Reflected Cross-Site-Scripting Vulnerability (CVE-2025-27506)": The API endpoint related to the password reset function in NocoDB is vulnerable to Reflected Cross-Site-Scripting. This flaw occurs due to the implementation of the client-side template engine ejs. Source: vulners.com.
5. "ChestnutCMS Unrestricted Upload Vulnerability (CVE-2025-2031)": A critical vulnerability has been found in ChestnutCMS up to 1.5.2, affecting the function uploadFile of the file /dev-api/cms/file/upload. This vulnerability allows for unrestricted file upload and can be exploited remotely. Source: vulners.com.

Sponsored by Wallarm API Security Solution

Final Words

That's a wrap for today's edition of the Secret CISO newsletter. We've covered a wide range of topics, from managing security in the AI age to the latest data breaches and security research. Remember, staying informed is the first step in protecting your organization.

If you found this newsletter helpful, please consider sharing it with your colleagues and friends. They might find it just as useful as you do.

Let's work together to create a safer digital world. Stay safe and see you in the next edition!