Welcome to today's issue of Secret CISO, your daily dose of the latest in cybersecurity. Today, we're diving into the recent data breach that has affected the city of Chattanooga, a situation that's raising eyebrows and questions about data security in our cities.

We'll also be looking into the investigation of Numotion's data breach, which has left employee email accounts exposed. In other news, Oracle's cloud breach reports continue to pile up, and Congress is demanding answers after the abrupt firing of the head of the National Security Agency. We'll also be discussing the case of a cyber forensic expert facing an FBI probe after featuring in over 2000 cases. On a broader scale, we're also covering the impact of a nationwide data breach on local schools and the investigation into the SimonMed Imaging data breach. Plus, we'll be discussing the $3.15 million settlement reached in the Azura Vascular Care data breach lawsuit. In the world of research, we're looking at the emerging cybersecurity risks in connected vehicles and the role of the International Livestock Research in boosting food security in Sierra Leone.

Finally, we'll be rounding up with a series of technical security updates, including a critical Ivanti flaw actively exploited to deploy malware, and a series of data breach alerts. Stay tuned for all this and more in today's issue of Secret CISO. Stay safe, stay informed.

Data Breaches

1. City of Chattanooga Data Breach: The city of Chattanooga has confirmed that it was affected by a data breach that was recently disclosed by Hamilton County officials. The breach was linked to the Nationwide Recovery Services breach, which has impacted several other entities. Source: Times Free Press
2. Numotion Data Breach: Mobility equipment provider Numotion has experienced a security incident involving unauthorized access to certain employee email accounts. The company became aware of the breach on January 22, 2025, and has since launched an investigation. Source: WLNS
3. Oracle Cloud Data Breach: Reports of data breaches in Oracle's cloud services continue to surface. The exposed customer data includes sensitive information, although the extent of the breach is still under investigation. Source: SC Magazine
4. Seat-Tac Airport Cyberattack: A cyberattack on Seat-Tac Airport in August 2024 resulted in the compromise of data belonging to approximately 90,000 people. Around 71,000 of those impacted live in Washington state. Source: YouTube
5. SimonMed Imaging Data Breach: Medical imaging service provider SimonMed is under investigation following a data breach that has raised concerns over the security of sensitive personal and protected health information. Source: WBOY

Security Research

1. Cellphone Surveillance Explained - Stingray/IMSI Catchers: This research provides a comprehensive explanation of how Stingray/IMSI Catchers work, their potential misuse, and the privacy implications for cellphone users. Source: YouTube
2. Emerging Cybersecurity Risks in Connected Vehicles: This study identifies potential security threats in connected vehicles, including malware attacks, and suggests future research directions in adaptive mechanisms and cross-domain security. Source: Semiconductor Engineering
3. ILRI supports Sierra Leone's livestock sector with high-yield forage seeds, boosting food security: The International Livestock Research Institute (ILRI) has made a significant step towards improving livestock feed availability and enhancing food security in Sierra Leone. Source: CGIAR
4. Axon Global CEO Israel Martinez Named Security Expert of the Year at HMG Strategy Summit: Israel Martinez, CEO and Global CTO of Axon Global, was recognized for his contributions to the field of cybersecurity, demonstrating the impact of industry leaders on security practices. Source: PRWeb
5. A Discussion on Global Counterspace Trends: This panel discussion, hosted by CSIS, focused on the safety and security implications of global counterspace trends, highlighting the need for further research and legal considerations in this field. Source: CSIS

Top CVEs

1. CVE-2024-11235 - Reference counting in php_request_shutdown causes Use-After-Free: In PHP versions 8.3. before 8.3.19 and 8.4. before 8.4.5, a code sequence involving __set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the script, it could lead to remote code execution. Source: CVE-2024-11235
2. CVE-2025-22285 - WordPress Pallet Packaging for WooCommerce Plugin <= 1.1.15 - Broken Access Control vulnerability: Missing Authorization vulnerability in Eniture Technology Pallet Packaging for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pallet Packaging for WooCommerce: from n/a through. Source: CVE-2025-22285
3. CVE-2025-3087 - Stored XSS in M-Files Web: Stored XSS in M-Files Web versions from 25.1.14445.5 to 25.2.14524.4 allows an authenticated user to run. Source: CVE-2025-3087
4. CVE-2025-2780 - Woffice Core plugin for WordPress: The Woffice Core plugin for WordPress, used by the Woffice Theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'saveFeaturedImage' function in all versions up to, and including, 5.4.21. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution. Source: CVE-2025-2780
5. CVE-2025-3266 - qinguoyi TinyWebServer http_conn.cpp stack-based overflow: A vulnerability, which was classified as critical, has been found in qinguoyi TinyWebServer up to 1.0. Affected by this issue is some unknown functionality of the file /http/http_conn.cpp. The manipulation of the argument name/password leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be. Source: CVE-2025-3266

API Security

1. elunez eladmin Maintenance Management Module testConnect deserialization (CVE-2025-3250): A vulnerability in elunez eladmin 2.7 has been identified, affecting an unknown functionality of the file /api/database/testConnect in the Maintenance Management Module. The issue leads to deserialization and can be remotely exploited. The exploit is now public knowledge. Source: Vulners.
2. GraphQL grant on a property might be cached with different objects (GHSA-428Q-Q3VV-3FQ3): A security issue has been found with grants on properties in the GraphQL ItemNormalizer. If the security grant gets cached and is only evaluated once, even if the object in question is a different one, it can grant access to properties that it should not. A workaround is to override the ItemNormalizer. Source: Vulners.
3. GraphQL query operations security can be bypassed (GHSA-CG3C-245W-728M): Using the Relay special node type, you can bypass the configured security on a GraphQL operation. This can be exploited to access any entity without restrictions by anyone who has access to the API. This issue impacts everyone using GraphQL with the security attribute. Source: Vulners.

Sponsored by Wallarm API Security Solution

Final Words

That's it for today's edition of Secret CISO. We've covered a lot of ground, from the data breach in Chattanooga to the abrupt firing of the head of the National Security Agency. It's clear that cybersecurity is a rapidly evolving field, and staying informed is crucial. Remember, knowledge is power. The more we know about these threats, the better we can protect ourselves and our organizations.

So, don't keep this information to yourself. Share this newsletter with your colleagues and friends, and let's work together to create a safer digital world. Stay safe, stay informed, and see you in the next edition of Secret CISO.