Download our Hazard Intelligence Bulletin for the most recent discoveries in virtual research for the week of February 3rd.
TOP ATTACKS AND BREACHES
- The big sports products company Mizuno USA has confirmed that a cyber-attack that took place between August and October 2024 resulted in the theft of personal information from its network. The data breach included titles, Social Security numbers, economic account information, driver’s license facts, and card numbers. The attack was blamed on the BianLian ransom group.
This threat ( Ransomware ) is protected by Check Point Harmony Endpoint and Threat Emulation. Wins. BianLian. ta. *, Ransomware. Wins. BianLian, Backdoor. Wins. BianLian, HackTool. Wins. BianLian )
- El Cruce hospital in Buenos Aires, Argentina, suffered a ransomware attack by the Medusa malware group. The organization threatened to release 760GB of patient data, including patient information, unless it received$ 200K in Bitcoin after launching a major assault on the patient’s IT networks.
The risk is protected against the Check Point Harmony Endpoint and Threat Emulation.
- On January 26th, a ransom strike targeted New York Blood Center Enterprises, which affected their IT systems. The body center has taken its network offline and stated that plasma donations are delayed because there is no set date for system recovery.
- Tata Technologies, an American technology company, was the victim of a malware attack that caused momentary suspension of some IT services while primary client delivery systems remained intact. No risk professional has claimed responsibility for the assault, and it’s not known whether any information was stolen.
- Between November 28, 2024 and January 8, 2025, Asian product manufacturer Wacom experienced a cyber-attack that was likely to lead to customer payment cards theft from its online store. When Wacom’s site was being used to take repayment card data, the assault used malicious code.
- Community Health Center, a company of US healthcare providers, has the victim of a data breach that exposed the delicate personal and health data of over one million people. The violation, which occurred on January 2, 2025, involved illicit access to CHC’s techniques, compromising personal information, Social Security numbers, health information, and financial information.
- The Persian hacktivist group Handala abused the crisis systems of various Jewish kindergartens and educational facilities to play alarm sirens and numerous terrorism-supporting songs. The group claimed to have targeted Jewish technology company Maagar-Tec, which runs panic key methods in schools.
- Millers Group, a British company that deals in architecture, made a cyber-attack that involved unauthorized access to its systems. The business has never made any announcements about the attack’s location or whether any information was leaking. No danger actor has so far made a responsibility claim.
Threats AND Blobs
- More than a million lines of log torrents were discovered in a publicly accessible ClickHouse collection belonging to the novel Chinese AI website DeepSeek. The data included highly sensitive information, such as chat past, API mysteries, and server information. Due to the absence of verification or protection mechanisms, this exposure gave DeepSeek’s environment total control over database operations and probable privilege escalation. The issue was fixed following its reporting.
- A critical-severity vulnerability ( CVE-2024-55591 ) in Fortinet’s FortiOS was as actively exploited in the wild. A distant intruder can gain super-admin protections through crafted calls to Node by using an Authentication Bypass Using an Alternate Path or Channel risk. js http package.
Fortinet Multiple Products Authentication Bypass ( CVE-2024-55591 ): Protection against this threat ( Celution Point IPS, CVE-2024-55591 ) )
- Critical Node .js vulnerabilities js variants (v18. by, v20. by, v22. by, v23. by ) could result in data fraud, DoS, and system settlement. Significant vulnerabilities include CVE-2025-23087 through CVE-2025-23089, affecting different versions with issues such as employee authority bypasses, way routing, and memory leaks. These make it possible for rural attackers to execute random code, gain unauthorized entry, and compromise systems.
Risk Cleverness REPORTS
- Xloader malware, a successor to Formbook known for stealing information from web browsers, email clients, and FTP applications, employs increased subterfuge and encryption techniques like execution password encryption and NTDLL wire evasion. It establishes persistence by copying itself to certain sites, modifying Windows registry entries, and using approach shot.
This threat ( Trojan ) is protected by Harmony Endpoint and Check Point Threat Emulation. Win. Xloader, Trojan. Win. Xloader. court, Trojan. Wins. Xloader. tayc, Trojan. Wins. Xloader. ta. * )
- By encrypting data and changing registry keys for resilience, a recently discovered ransom called Windows Locker, first discovered on GitHub in December 2024, is targeted at victims. It uses AES crypto techniques to encrypted data and avoids conventional treatment techniques. Additionally, Windows Locker deletes dark copies, leaving users able to get manipulated documents.
- Arcus Media ransom is able to raise privileges using the ShellExecuteExW API without requiring managerial intervention, and it maintains registry-based persistence as a result of a professional analysis of the ransomware. It halts essential procedures like SQL servers and contact customers via the CreateToolhelp32Snapshot API, encrypts data with the ChaCha20 encryption adding” ]Encrypted]. Arcus” to filenames, and hinders healing by deleting dark files, disabling system treatment, and clearing function logs.