DOGE puts critical SS data at risk? CISA warns of new exploited flaw, K-Pop stock heist attacker extradited to South Korea - Cybersecurity Headlines

Summary4 min read

Podcast Summary

Podcast: Cyber Security Headlines
Host: Sarah Lane (CISO Series)
Episode: DOGE puts critical SS data at risk? CISA warns of new exploited flaw, K-Pop stock heist attacker extradited to South Korea
Date: August 27, 2025

Episode Overview

This episode delivers a fast-paced roundup of major cybersecurity incidents and warnings making the news, including a whistleblower alert over critical Social Security data risks, an exploited Git vulnerability flagged by CISA, the extradition of a notorious K-pop stock heist hacker, and several significant data breaches. The tone is concise and urgent, reflecting the ever-evolving threat landscape.

Key Discussion Points & Insights

1. DOGE Uploads Social Security Data to Vulnerable Cloud (00:21)

Incident: SSA’s Numident database (names, SSNs, addresses, birth dates of nearly every American) was allegedly uploaded by the Department of Government Efficiency to a cloud service with inadequate security.
Whistleblower: Charles Borges, Chief Data Officer at Social Security Administration, filed a complaint, citing federal security rule violations.
Risk: High potential for identity theft and “widespread harm if exposed.”
Status: No actual breach confirmed yet, but concerns are serious.

“This violates federal security rules and creates a high risk of identity theft and widespread harm if exposed.”
— Sarah Lane, 00:33

2. CISA Warns of Actively Exploited Git Code Execution Flaw (01:01)

Vulnerability: Arbitrary code execution due to mishandled carriage return characters in Git configuration files.
Threat: Attackers craft malicious repositories with submodules that execute code on user machines.
Mitigation: Patches released (Git 2.43.7–2.50.1); Federal agencies must apply fixes by September 15 or take alternate mitigation steps (avoid untrusted submodules, disable hooks).
Other Vulnerabilities: Citrix session recording flaws also added to CISA’s Known Exploited Vulnerabilities catalog.

3. K-Pop Stock Heist Mastermind Extradited (01:52)

Suspect: 34-year-old Chinese national, extradited from Thailand for cyber heist targeting K-Pop celebrities.
Method: Used stolen data from telecoms to access victims’ financial accounts, embezzling over $27M USD.
Victims: Notably, BTS singer Jungkook among targeted.
Status: Suspect admitted to some charges, denied others. Interpol/Thai authorities involved.

4. Massive Salesforce Customer Data Theft (02:34)

Incident: Hundreds of customers compromised after attackers stole OAuth tokens from SalesLoft Drift, a third-party AI sales agent used with Salesforce.
Culprit: Attributed by Google’s Threat Intelligence Group to group UNC 6395.
Target: Credentials for AWS, Snowflake, VPNs.
Response: Tokens revoked August 20. Affected customers warned to rotate credentials and treat data as compromised.

“Google warns affected customers to treat their data as compromised and rotate credentials.”
— Sarah Lane, 03:10

5. Shadow Captcha Campaign Targets WordPress (03:35)

Attack: Over 100 compromised WordPress sites redirect visitors to malicious “fake Captcha” pages.
Payloads: Ransomware, info stealers, crypto miners.
Techniques: Uses social engineering (“click fix” lures), Windows tools.
Defense Recommendations: Patch plugins, enable multi-factor authentication, user awareness training.

6. Nissan Design Studio Data Breach (04:06)

Victim: Nissan’s Tokyo-based Code Creative Box Inc.
Threat: Qilin Ransomware group stole 4 TB of 3D vehicle models, financial docs, VR workflows.
Exposure: Sample data posted online as a threat; Nissan claims the situation is now contained.

7. Auchan Data Breach (04:37)

Incident: French retailer Auchan’s breach exposed personal details (names, addresses, loyalty card numbers) of hundreds of thousands.
Impact: Loyalty cards deactivated, must be reissued in-store. No financial info, passwords, or PINs leaked.
History: Second breach in less than a year.

8. Nevada State Cyber Attack Disrupts Services (05:08)

Impact: Websites and phone lines for the state went offline, forcing office closures.
Response: Emergency services still available, workaround in place, investigation ongoing.
Status: No group has claimed responsibility.

Notable Quotes & Memorable Moments

“This violates federal security rules and creates a high risk of identity theft and widespread harm if exposed.”
— Sarah Lane on the DOGE whistleblower complaint (00:33)
“Google warns affected customers to treat their data as compromised and rotate credentials.”
— Sarah Lane on the Salesforce OAuth token compromise (03:10)

Timestamps for Important Segments

00:21 — DOGE and Social Security data risk whistleblower
01:01 — CISA warns on Git vulnerability
01:52 — K-Pop celebrity stock heist hacker extradited
02:34 — Salesforce customer data theft via AI agent exploitation
03:35 — Shadow Captcha campaign targets WordPress
04:06 — Nissan design studio breach
04:37 — Auchan discloses major data breach
05:08 — Nevada state websites/phones knocked offline

Tone & Style

The reporting is concise, fast-paced, and focused on actionable information, matching the expectations for daily info-security news briefings.

Summary

This episode underscores an uptick in critical vulnerabilities, high-profile cybercrime, and the vast impact of third-party and supply chain attacks. From alleged federal mishandling of sensitive data to ransomware disrupting multinational companies and public services, the episode emphasizes the growing need for proactive risk management, patching, and vigilance across both public and private sectors.

Loading summary

Transcript3 lines

[00:00]
A
From the CISO series, it's Cybersecurity Headlines.
[00:07]
B
These are the cybersecurity headlines for Wednesday, August 27, 2025. I'm Sarah Lane. Whistleblower says DOGE put Critical Social Security data at risk Charles Borges, chief data officer at the Social Security Administration, filed a whistleblower complaint alleging that the Department of Government efficiency improperly uploaded SSA's Numident Datab containing names, SSNs, addresses and birth dates of nearly every American to a vulnerable cloud system. Borges warned this violates federal security rules and creates a high risk of identity theft and widespread harm if exposed. Although no breach has been confirmed, CISA warns of actively exploited Git code execution Flawless CISA says an arbitrary code execution vulnerability in Git is actively being exploited due to mishandling carriage return characters in configuration files, letting attackers craft repositories with malicious sub modules that execute code on users machines. Git patch the issue in versions 2.43.7 through 2.50.1. Federal agencies have to apply the fix by September 15 or or follow mitigation steps including avoiding untrusted recursive sub modules or disabling hooks. SISA also added to Citrix session recording flaws to its known exploited vulnerabilities catalog Alleged mastermind behind K Pop celebrity stock heist extradited to South Korea South Korean Authorities extradited a 34 year old Chinese man from Thailand suspected of a cyber heist targeting K Pop celebrities including BTS singer Jungkook, between August of 2023 and January of 2024. The attacker allegedly stole personal data from telecom firms to access victims financial accounts, embezzling more than 36 billion won. That's around US$27 million. The suspect admitted to some charges but denied others with with Interpol and Thai authorities involved in the investigation. Hundreds of Salesforce customers impacted by a tax spree linked to third party AI agent A data theft campaign compromised hundreds of Salesforce customers earlier this month after attackers exploited OAuth tokens stolen from SalesLoft Drift, a third party AI sales agent. Google's Threat Intelligence Group linked the spree to threat group UNC 6395, which automated theft data between August 8th and the 18th, targeting credentials for AWS, Snowflake and VPNs. SalesLoft and Salesforce revoked tokens on August 20th, but Google warns affected customers to treat their data as compromised and rotate credentials. Huge thanks to our sponsor Profit Security. Your security analyst didn't sign up to chase false alarms all day, right? With Profit Security's AI SoC platform. They don't have to. It works like a tireless teammate triaging and investigating alerts around the clock. Less burnout, better coverage and more time for meaningful work. Learn more@profitsecurity.com Shadow Captcha exploits WordPress sites to spread ransomware, info stealers and crypto miners A new campaign dubbed Shadow Captcha is exploiting over 100 compromised WordPress sites, sending visitors to fake Captcha pages that then trick them into running malicious commands. The attacks deliver information stealers with ransomware and crypto miners using Click Fix, social engineering and Windows tools. Researchers say side admins need to patch WordPress plugins, enable MFA and train users against click Fix lures. Nissan confirms design studio data breach claimed by Qilin Ransomware Nissan confirmed its Tokyo based design subsidiary Code Creative Box Inc. Suffered a data breach after the Qilin ransomware group claimed to have stolen four terabytes of sensitive files, including 3D vehicle models, financial documents and VR design workflows. The attackers posted sample images online and threatened to leak all the stolen data. Nissan says it contained the incident and has notified authorities. AACHAN discloses data breach data of hundreds of thousands of customers exposed French retailer Auchan disclosed a data breach affecting hundreds of thousands of its customers with personal details tied to loyalty cards, including names, addresses, phone numbers, emails and card numbers. Banking data, passwords and PINs have not been exposed, but loyalty cards were deactivated and now have to be reissued within stores. This is Ajan's second breach in less than a year. Nevada State Websites phone lines knocked offline by cyber attack A cyber attack disrupted Nevada state government systems, websites and phone lines on Sunday, forcing offices to close Monday and leaving the state website offline. Governor Joe Lombardo said emergency services are still available and and officials are using workarounds while working with federal, local and tribal partners to restore services. No group has claimed responsibility. Have you checked out the latest episode of the CISO Series podcast this week? One of the show segments digs into why the current security vendor playbook is so vexing, leading to every CISO with an inbox full of cold calls and very few actual solutions to their problems, look for the episode. New study finds no email has ever found you. Well, wherever you get your podcasts and if you have thoughts on the news from today or about the show in general, do be sure to reach out to us@feedbackisoies.com we would love to hear from you. I'm Sarah Lane reporting for the CISO series. Thank you for listening and we'll talk to you next time.
[06:55]
A
Cybersecurity headlines are available every weekday. Head head to cisoseries.com for the full stories behind the headlines.