Secret CISO 4/2: Lucid PhaaS Targets 88 Countries, Data Breaches at AOD Federal Credit Union and Lee University, Oracle Denies Massive Breach, Twitter Faces Historic Data Leak, Researchers Warn of North Korea's Cyber Tactics

Hello there, In today's issue of Secret CISO, we're diving into the world of data breaches and cyber security incidents that have been making headlines. First off, we're looking at the Lucid PhaaS that has hit 169 targets in 88 countries using iMessage and RCS Smishing. The phone numbers targeted were acquired through various methods such as data breaches and cybercrime forums. Next, we're investigating the data breaches at AOD Federal Credit Union and Lee University. Both institutions have initiated investigations with the help of external cybersecurity experts and reported the breaches to the FBI. We're also discussing the cyber breach lawsuit slapped on Monro, the new CEO, for failing to monitor third-party data security systems.
In other news, a data breach at Nationwide Recovery Services may have impacted the records of Hamilton County residents, and a data breach involving Han Van Duong M.D. Inc. has led to the installation of new security measures at the clinic. Lastly, we're looking at the alleged data breach at Oracle, which the company continues to deny despite evidence suggesting that six million customer records were leaked. Stay tuned for more updates and insights in the world of cybersecurity.
Data Breaches
- Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing: Lucid PhaaS, a phishing-as-a-service platform, has targeted 169 entities across 88 countries using iMessage and RCS smishing. The targets' phone numbers were acquired through data breaches and cybercrime forums. Source: The Hacker News
- Federman & Sherwood Investigates AOD Federal Credit Union for Data Breach: AOD Federal Credit Union is under investigation by Federman & Sherwood for a data breach. The company has initiated an investigation with external cybersecurity experts and reported the breach to the FBI. Source: Morningstar
- Federman & Sherwood Investigates Lee University for Data Breach: Lee University experienced a data breach in March 2024 due to a third-party software vulnerability. The breach is currently under investigation by Federman & Sherwood. Source: GlobeNewswire
- Monro faces cyber breach lawsuit: Monro, an auto service and tire company, is facing a lawsuit over a cyber breach. The company is accused of failing to monitor third-party data security systems for intrusions, brute-force attempts, and clearing of event logs. Source: Rochester Business Journal
- Data breach at Nationwide Recovery Services impacts Hamilton County residents: A data breach within Nationwide Recovery Services may have affected records of Hamilton County residents. The company sent a letter in February to Hamilton County EMS about the breach. Source: News Channel 9
Security Research
- 'We can't defeat an enemy that we don't know': Researcher warns of North Korea's changing crypto tactics: Paradigm security researcher Samczsun has raised concerns about the expanding cyber operations of North Korea, which he believes extend beyond the notorious Lazarus Group. Source: crypto.news
- Why You Should Change Your Voicemail Because of Scams: Truman Kain, a security researcher at Huntress, has advised people to change their voicemail due to the increasing number of scams. He states that while most accounts are not accessed by voice verification directly, it is still a potential vulnerability. Source: Newsweek
- Dutton says Chinese research ship is collecting intelligence, mapping undersea cables: Opposition Leader Peter Dutton has accused a Chinese research ship of collecting intelligence and mapping undersea cables, calling the prime minister's response to the situation "weak". Source: abc.net.au
- DOJ unseals charges against 'Anonymous' co-founder for 2021 Texas GOP data theft: The Department of Justice has unsealed charges against a security researcher and co-founder of the hacking group Anonymous for a data theft incident involving the Texas GOP in 2021. Source: statesman.com
- How European Critical Material Security Will Rely on Recycling: A research article by IDTechEx highlights the importance of recycling in securing critical materials for emerging technologies such as electric vehicles, wind turbines, and AI chips. Source: idtechex.com
Top CVEs
- CVE-2024-56325 - Authentication Bypass Issue: A vulnerability has been identified in an unnamed software, where if the path does not contain / and contain., authentication is not required. This allows a new user to be added bypassing authentication, enabling the user to control the system. Source: CVE-2024-56325
- CVE-2025-30065 - Apache Parquet Schema Parsing Vulnerability: Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.15.1, which fixes the vulnerability. Source: CVE-2025-30065
- CVE-2025-25041 - HPE Aruba Networking Virtual Intranet Access (VIA) Client Vulnerability: A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM (root). A successful exploit could allow the creation of a Denial-of-Service (DoS) condition affecting the Microsoft Windows Operating System. Source: CVE-2025-25041
- CVE-2025-27130 - Welcart e-Commerce Untrusted Data Deserialization Vulnerability: Welcart e-Commerce 2.11.6 and earlier versions contain an untrusted data deserialization vulnerability. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker who can access websites created using the software. Source: CVE-2025-27130
- CVE-2025-3034 - Firefox and Thunderbird Memory Safety Bugs: Memory safety bugs present in Firefox 136 and Thunderbird 136. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Source: CVE-2025-3034
API Security
- CVE-2025-21934 - Linux Kernel API Misuse: A vulnerability has been resolved in the Linux kernel, specifically in the rapidio function. The issue was that rio_add_net() would fail when device_register() failed, leading to a use-after-free scenario. The solution involved using put_device() instead of kfree(). Source: CVE-2025-21934
- GitHub's 39M Secret Leaks in 2024: GitHub reported that over 39 million secrets were leaked across its platform in 2024. To combat this, GitHub is launching the next evolution of GitHub Advanced Security, which includes Secret Protection and Code Security. These tools aim to prevent breaches caused by leaked tokens, credentials, and other secrets. Source: GitHub
- CVE-2025-31890 - Mashi Simple Map No API XSS Vulnerability: An improper neutralization of input during web page generation, also known as 'Cross-site Scripting' or XSS, vulnerability has been found in Mashi Simple Map No API. This allows for stored XSS. Source: CVE-2025-31890
- CVE-2025-31855 - Softnwords SMM API XSS Vulnerability: An XSS vulnerability has been identified in the Softnwords SMM API due to improper neutralization of input during web page generation. This allows for stored XSS. Source: CVE-2025-31855
- CVE-2025-31132 - Raven Messaging Platform API Vulnerability: An open-source messaging platform, Raven, had a vulnerability that allowed any logged-in user to execute code via an API endpoint. This vulnerability has been fixed. Source: CVE-2025-31132
Sponsored by Wallarm API Security Solution
Final Words
That's it for today's edition of Secret CISO. We've covered a lot of ground, from the Lucid PhaaS targeting 169 targets in 88 countries to the ongoing investigations into data breaches at AOD Federal Credit Union and Lee University. We've also touched on the cyber breach lawsuit against Monro and the potential impact of data breaches on Hamilton County residents and Han Van Duong M.D. Inc. patients. Oracle's alleged data breach and the massive data leak on Twitter were also discussed. Remember, in the world of cybersecurity, knowledge is power. Stay informed, stay vigilant, and most importantly, stay secure.
If you found this newsletter helpful, please consider sharing it with your colleagues and friends. Let's work together to create a safer digital world.
Stay tuned for more updates tomorrow. Until then, keep those systems secure!