Download our Hazard Intelligence Bulletin for the most recent discoveries in virtual research for the week of February 3rd.
TOP ATTACKS AND BREACHES
- The giant sports products company Mizuno USA has confirmed that a cyber-attack that took place between August and October 2024 resulted in the theft of personal information from its network. The data breach included titles, Social Security numbers, economic account information, driver’s license facts, and card numbers. The BianLian malware group claimed responsibility for the assault.
This threat ( Ransomware ) is protected by Check Point Harmony Endpoint and Threat Emulation. Wins. BianLian. ta. *, Ransomware. Wins. BianLian, Backdoor. Wins. BianLian, HackTool. Wins. BianLian )
- El Cruce hospital in Buenos Aires, Argentina, suffered a ransomware attack by the Medusa malware party. The organization launched a major strike on the patient’s IT systems and has threatened to release 760GB of data, including patient information, without paying$ 200K in Bitcoin.
The danger is protected against the Check Point Harmony Endpoint and Threat Emulation.
- On January 26th, a ransomware attack targeted New York Blood Center Enterprises ‘ IT systems. The body facility has taken its network offline, claiming that blood donations are delayed and that there is no set date for system restoration.
- Tata Technologies, an American technology company, was the victim of a malware attack that caused momentary suspension of some IT services while primary client delivery systems remained intact. No risk actor has claimed responsibility for the assault, and it’s not known whether any information was stolen.
- Between November 28, 2024 and January 8, 2025, Asian product manufacturer Wacom experienced a cyber-attack that was likely to lead to customer payment cards theft from its online store. When making purchases on Wacom’s site, the attackers used malicious code to spoof pay card data.
- Community Health Center, a company of US healthcare services, has the victim of a data breach that exposed the delicate personal and health data of over one million people. The violation, which occurred on January 2, 2025, involved illicit access to CHC’s methods, compromising personal information, Social Security numbers, health information, and financial information.
- The Persian hacktivist group Handala abused the crisis systems of various Jewish kindergartens and educational facilities to play alarm sirens and various terrorism-supporting songs. The group claimed to have targeted Jewish technology company Maagar-Tec, which runs panic button systems in schools.
- Smiths Group, a British company focused on architecture, revealed a cyber-attack that involved unauthorized access to its systems. The business has never made any announcements about the attack’s location or whether any information was leaking. No risk actor has so far made a responsibility claim.
Risks AND Areas
- More than a million lines of log torrents were discovered in a publicly accessible ClickHouse collection belonging to the novel Chinese AI website DeepSeek. The data included highly sensitive information, such as chat past, API mysteries, and server information. Due to the absence of identification or protection mechanisms, this exposure gave DeepSeek’s environment complete control over database operations and possible privilege escalation. The issue was fixed following its reporting.
- A critical-severity vulnerability ( CVE-2024-55591 ) in Fortinet’s FortiOS was as actively exploited in the wild. A distant intruder can gain super-admin protections through crafted calls to Node by using an Authentication Bypass Using an Alternate Path or Channel risk. js http unit.
Fortinet Multiple Products Authentication Bypass ( CVE-2024-55591 ): Protection against this threat ( Celution Point IPS, CVE-2024-55591 ) )
- Critical Node .js vulnerabilities js variations (v18. by, v20. by, v22. by, v23. by ) could result in data fraud, DoS, and system settlement. Significant vulnerabilities include CVE-2025-23087 through CVE-2025-23089, affecting different versions with issues such as employee authority bypasses, way routing, and memory leaks. These make it possible for remote attackers to execute random code, compromise systems, and possibly gain unauthorised access.
Risk INTELLIGENCE REPORTS
- Xloader malware, a successor to Formbook known for stealing information from web browsers, email clients, and FTP applications, employs increased subterfuge and encryption techniques like execution password encryption and NTDLL wire evasion. It establishes persistence by copying itself to certain sites, modifying Windows registry entries, and using approach shot.
This threat ( Trojan ) is protected by Harmony Endpoint and Check Point Threat Emulation. Win. Xloader, Trojan. Win. Xloader. jo, Trojan. Wins. Xloader. tayc, Trojan. Wins. Xloader. ta. * )
- A recently discovered malware called Windows Locker, first discovered on GitHub in December 2024, targets patients by encrypting data and changing registry keys for resilience. It uses AES encryption methods to encrypted data and avoids conventional recovery techniques. Additionally, Windows Locker deletes dark copies, leaving users able to get manipulated documents.
- Arcus Media malware maintains registry-based boldness and uses the ShellExecuteExW API without granting administrative access to the ransomware’s technical analysis. It halts important procedures like SQL servers and contact customers via the CreateToolhelp32Snapshot API, encrypts data with the ChaCha20 encryption adding” ]Encrypted]. Arcus” to filenames, and hinders healing by deleting dark files, disabling system treatment, and clearing function logs.