Hello there, In today's issue of Secret CISO, we delve into the world of data breaches and cybersecurity threats. From Australia's super funds being compromised to the defense getting protected data in the Geisinger data breach case, we cover it all. We also look at how threat actors are leveraging tax season to deploy tax-themed phishing campaigns and how a data breach at Georgia Urology exposed the personal and protected health information of over 12,000 individuals. In other news, a Texas city warns thousands of a utility payment site breach, and we investigate the data breach at Ciuni & Panichi, Inc. We also discuss the data breach lawsuits against Guardian Life Insurance and Kelly Benefits, and the investigation of Monro, Inc.'s data breach. Stay tuned for more updates on the cybersecurity front. Stay safe, stay informed. Secret CISO.

Data Breaches

1. Australian Super Funds Data Breach: Hackers have compromised several Australian super funds using stolen passwords. Although the majority of hacking attempts were thwarted, a number of companies were affected by the data breach. Source: The Guardian
2. Geisinger Data Breach Case: The defense for the California man charged in the 2023 Geisinger Health System data breach will receive private protected data. The data breach case is still ongoing. Source: PennLive
3. Tax-Themed Phishing Campaigns: Threat actors are leveraging the tax season to deploy tax-themed phishing campaigns. This strategy serves as a decoy to evade detection by security systems. Source: Microsoft
4. Georgia Urology Data Breach: A data breach at Georgia Urology exposed the personal and/or protected health information of 12,398 individuals. The breach is currently under investigation. Source: WGNO
5. Texas City Utility Payment Site Breach: A data breach impacting at least 2,700 people in Texas was reported this week. Sensitive data like Social Security numbers, passports, and credit card numbers were potentially exposed. Source: The Record

Security Research

1. Google Cloud Run vulnerability exposed by Tenable Research: Tenable's Senior Security Researcher, Liv Matan, has revealed a significant vulnerability in Google Cloud Run. The flaw, likened to a precarious block in a Jenga tower, could potentially destabilize the entire structure. Source: SecurityBrief Australia
2. Cyberagentur presents innovative security research at NAT'25 in Berlin: Cyberagentur has presented its latest research on human-machine interaction and cybersecurity at the NAT'25 - Neuroadaptive Technology Conference in Berlin. The research aims to advance the field of neuroadaptive technology. Source: idw-online.de
3. Microsoft's New Cloud PC Designed for Windows 365 Now Available: Security researchers at Ontinue's Cyber Defense Center have discovered a new Cloud PC designed for Windows 365. The research provides insights into the security features and potential vulnerabilities of the new system. Source: Redmondmag.com
4. Gay Chat App Exposed User Details and Messages: Cybernews researchers have discovered a major security flaw in a gay chat app, exposing user details and messages. The researchers have highlighted the importance of robust security measures in protecting user data. Source: SC Media UK
5. Cisco confirms cyberattacks on Smart Licensing Utility flaw: Security researcher Nicholas Starke has highlighted a flaw in Cisco's Smart Licensing Utility, which has been confirmed by the company. The vulnerability has already been exploited in cyberattacks. Source: Yahoo Finance

Top CVEs

1. CVE-2025-31334 - WinRAR Security Warning Bypass: WinRAR versions prior to 7.11 are vulnerable to an issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file. If a symbolic link specially crafted by an attacker is opened, arbitrary code may be executed. Source: CVE-2025-31334
2. CVE-2025-22457 - Ivanti Buffer Overflow: A stack-based buffer overflow in Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti ZTA Gateways allows a remote unauthenticated attacker to achieve remote code execution. Users are advised to update to the latest versions to mitigate this vulnerability. Source: CVE-2025-22457
3. CVE-2024-53868 - Apache Traffic Server Request Smuggling: Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects versions from 9.2.0 through 9.2.9, and from 10.0.0 through 10.0.4. Users are recommended to upgrade to version 9.2.10 or 10.0.5, which fixes the vulnerability. Source: CVE-2024-53868
4. CVE-2025-22002 - Linux Kernel Crash: In the Linux kernel, a vulnerability has been resolved that caused the kernel to crash if writing to the cache (NETFS_WRITE_TO_CACHE) fails for some reason on filesystems such as NFS and Ceph that do not implement the invalidate_cache method. Source: CVE-2025-22002
5. CVE-2025-32050 - Libsoup Integer Overflow: A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer overflow. Source: CVE-2025-32050

API Security

1. CVE-2025-3177 FastCMS JWT hard-coded key: A critical vulnerability was found in FastCMS 0.1.5, affecting the JWT Handler component. The issue arises from the use of a hard-coded cryptographic key, allowing for potential remote attacks. The complexity of the attack is high and exploitation seems difficult. Source: vulners.com
2. CVE-2025-31485 GraphQL grant on a property might be cached with different objects: API Platform Core, a system for creating hypermedia-driven REST and GraphQL APIs, has a vulnerability where a GraphQL grant on a property might be cached with different objects. This issue has been fixed in version 4.0.22. Source: vulners.com
3. CVE-2025-31481 GraphQL query operations security can be bypassed: Another vulnerability in API Platform Core allows for the bypassing of configured security on an operation using the Relay special node type. This issue has been fixed in the latest version. Source: vulners.com
4. CVE-2023-47639 API Platform Core can leak exceptions message that may contain sensitive information: API Platform Core versions 3.2.0 to 3.2.4 have a vulnerability where exception messages, that are not HTTP exceptions, are visible in the JSON error response. This issue has been fixed in the latest version. Source: vulners.com
5. CVE-2025-3167 Tenda AC23 API Interface VerAPIMant denial of service: A problematic vulnerability has been found in Tenda AC23 16.03.07.52. The issue affects the API Interface component and the manipulation of the argument getuid leads to denial of service. The attack may be initiated remotely. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of the Secret CISO newsletter, we've seen a flurry of data breaches affecting various sectors, from super funds to healthcare providers. The importance of robust security measures cannot be overstated, as threat actors continue to exploit vulnerabilities and launch sophisticated cyberattacks. Remember, cybersecurity is not a one-time event but a continuous process. Stay vigilant, stay informed, and most importantly, stay secure.

If you found this newsletter helpful, please consider sharing it with your colleagues and friends. Let's work together to create a safer digital world. Stay tuned for tomorrow's edition, where we'll bring you the latest cybersecurity news and insights. Until then, stay safe and secure!