Welcome to today's issue of Secret CISO, your daily dose of the most impactful cybersecurity news. Today, we're diving into a series of data breaches and security lapses that have left companies and institutions scrambling to secure their systems. First on our list is API testing firm APIsec, which recently exposed customer data during a security lapse. Much of the data was generated by APIsec as it monitors its customers' APIs for security weaknesses. This incident underscores the importance of robust security measures, even for companies that specialize in security. Next, we turn to the education sector, where the Cherokee County School District and PowerSchool have both confirmed data breaches. These incidents highlight the vulnerability of educational institutions and the need for improved data security measures.

In the healthcare sector, Oracle has warned its customers of a patient data breach. The company alerted some healthcare customers that hackers accessed company servers and copied patient data to an outside source. This incident serves as a reminder of the critical importance of securing sensitive health data. In legal news, Hi-School Pharmacy has agreed to pay a $600,000 settlement to resolve a class action over a November 2023 data breach. This case underscores the financial impact of data breaches and the importance of proactive security measures.

Finally, we delve into the world of cybersecurity research, where experts are working tirelessly to uncover and address security vulnerabilities. From analyzing open-source bootloaders to investigating data breaches, these researchers play a crucial role in enhancing our digital security. Stay tuned for more updates and remember, knowledge is the first line of defense. Stay safe out there!

Data Breaches

1. APIsec Customer Data Exposure: API testing firm APIsec inadvertently exposed customer data during a security lapse. Much of the data was generated by APIsec as it monitors its customers' APIs for security weaknesses. Source: TechCrunch
2. Cherokee County School District Data Breach: The Cherokee County School District confirmed a recent data breach during a meeting. The details of the breach are still under investigation. Source: YouTube and Fox Carolina
3. Hi-School Pharmacy Data Breach Settlement: Hi-School Pharmacy has agreed to pay a $600,000 settlement to resolve a class action over a November 2023 data breach. The breach affected an undisclosed number of customers. Source: ClassAction.org
4. SimonMed Imaging Data Breach: SimonMed Imaging, an outpatient medical imaging provider, confirmed a data breach in January. The company is currently investigating the extent of the breach. Source: AuntMinnie
5. Georgia Urology Data Breach: Georgia Urology posted a website notice informing patients of a recent data breach involving two compromised employee email accounts. The extent of the breach and the number of affected patients are currently unknown. Source: JDSupra

Security Research

1. Indiana security prof and wife vanish after FBI raid: A cybersecurity professor from Indiana and his wife have mysteriously disappeared following an FBI raid. The incident has sparked widespread criticism and led to a mass exodus of Chinese researchers from the US. Source: The Register
2. Hackers abuse WordPress MU-Plugins to hide malicious code: Security researchers at Sucuri have observed a rising trend of hackers abusing WordPress MU-Plugins to conceal malicious code. The technique was first noticed in February 2025. Source: Bleeping Computer
3. Oracle Cloud Users Urged to Take Action: Security researcher Kevin Beaumont has urged Oracle Cloud users to take action following a security incident involving Oracle Cloud Classic. Oracle has been criticized for attempting to evade responsibility for the breach. Source: Dark Reading
4. A Peek Into How AI 'Thinks' - and Why It Hallucinates: Researchers are delving into the workings of AI, hoping to identify potential safety measures. The study aims to understand why AI hallucinates and how to prevent it. Source: BankInfoSecurity
5. OpenAI Increases Bug Bounty Payout to $100000 Max to Reward 'High-Impact Security Research': OpenAI has increased its bug bounty payout to a maximum of $100,000 to reward high-impact security research. The company is also expanding its Cybersecurity Grant Program, which funds research into AI security. Source: eWeek

Top CVEs

1. CVE-2025-31123 - Zitadel Identity Infrastructure Software Vulnerability: A vulnerability in Zitadel, an open-source identity infrastructure software, allowed expired keys to retrieve tokens due to improper checking of JWT key expiration dates. This could potentially allow an attacker with an expired key to obtain valid access tokens. The vulnerability has been fixed in versions 2.71.6, 2.70.8, 2.69.9, 2.68.9, 2.67.13, 2.66.16, 2.65.7, 2.64.6. Source: CVE-2025-31123
2. CVE-2025-30427 - Use-After-Free Issue in VisionOS: A use-after-free issue was addressed with improved memory management in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash. Source: CVE-2025-30427
3. CVE-2023-0881 - Kernel Crash Triggered by DDoS on TCP Port 22: Running a DDoS attack on TCP port 22 can trigger a kernel crash. This issue is introduced by the backport of a commit regarding nft_lookup without the subsequent fixes that were introduced after this commit. Source: CVE-2023-0881
4. CVE-2025-30223 - XSS Vulnerability in Beego Web Framework: A Cross-Site Scripting (XSS) vulnerability exists in Beego's RenderForm() function due to improper HTML escaping of user-controlled data. This vulnerability allows attackers to inject malicious JavaScript code that executes in victims' browsers, potentially leading to session hijacking, credential theft, or account takeover. The vulnerability is fixed in version 2.3.6. Source: CVE-2025-30223
5. CVE-2025-27095 - Unauthorized Access Vulnerability in JumpServer: In JumpServer versions prior to 4.8.0 and 3.10.18, an attacker with a low-privileged account can access the Kubernetes session feature and manipulate the kubeconfig file to redirect API requests to an external server controlled by the attacker. This allows the attacker to intercept and capture the Kubernetes cluster token, potentially allowing unauthorized access to the cluster and compromising its security. This vulnerability is fixed in versions 4.8.0. Source: CVE-2025-27095

API Security

1. CVE-2025-30798 WordPress Better WishList API plugin <= 1.1.4 - Cross Site Scripting (XSS) Vulnerability: A vulnerability in the Better WishList API plugin for WordPress allows for Reflected XSS due to improper neutralization of input during web page generation. Source: Vulners
2. AWS CDK Cognito UserPoolClient Construct - Insertion of Sensitive Information into Log File: The AWS Cloud Development Kit (CDK) Cognito UserPool construct has a vulnerability where sensitive information is inserted into log files when using the UserPoolClient construct. This issue arises when the custom resource performs an SDK API call to 'DescribeCognitoUserPoolClient' to retrieve the generated secret. Source: Vulners
3. CVE-2025-31123 Zitadel - Expired Keys Retrieving Tokens: Zitadel, an open-source identity infrastructure software, has a vulnerability where expired keys can be used to retrieve tokens. This issue arises from ZITADEL's failure to properly check the expiration date of the JWT key when used for Authorization Grants. Source: Vulners
4. CVE-2025-30369 Zulip - Unauthorized Deletion of Custom Profile Fields: Zulip, an open-source team collaboration tool, has a vulnerability in its API for deleting an organization custom profile field. The API handler failed to check that the field belongs to the same organization as the user, allowing an administrator of any organization to delete custom profile fields belonging to a different organization. Source: Vulners
5. CVE-2025-30368 Zulip - Unauthorized Deletion of Organization Export: Zulip has another vulnerability in its API for deleting an organization export. Similar to the previous issue, the API handler failed to check that the field belongs to the same organization as the user, allowing an administrator of any organization to delete an export of a different organization. Source: Vulners

Sponsored by Wallarm API Security Solution

Final Words

That's it for today's edition of the Secret CISO newsletter. We've covered a lot of ground, from the API testing firm APIsec exposing customer data, to the Cherokee County School district confirming a data breach, and Oracle warning health customers of a patient data breach. Remember, in the world of cybersecurity, knowledge is power. The more we know, the better we can protect our systems and data. So, don't keep this information to yourself. Share this newsletter with your friends and colleagues to help them stay informed and safe. Stay vigilant, stay informed, and stay secure. See you in the next edition of Secret CISO!