Cyber attacks and data violations are wreaking havoc on areas in areas and geoloctions.
From ransomware and the Daniel-of-Services (DDOS) attacks were distributed in casual and third-party data exposure, business running, complex cyber security risks.
There are nine important cyber attacks and data violations from February 2025 here.
Material:
Meta WhatsApp spyware confirms hack
Facebook owner Meta confirmed that a hacking attack impressed users of the WhatsApp Secure Messaging platform. As the first reported by The Guardian, WhatsApp users were targeted by a sophisticated spyware attack, affecting many users, affecting several users, including journalists and members of civil society.
Meta spokesperson remarked, “This is the latest example why spyware companies should be kept accountable for their illegal tasks.” “WhatsApp will continue to protect people’s ability to communicate privately.”
Credit of DOD and defense contractors stolen
Hundreds of compromised credentials related to the US Department of Defense (DOD) agencies and contractors were kept for sale as part of an infostealer malware campaign. Some stolen logs consisted of active sessions cookies, potentially allowing the attackers to bypass multi-factor authentication (MFA).
IOT Data Breach exposes 2.7 billion records
A huge Internet of Things (IOT) Data Breach exposed the 2.7 billion records, compromising sensitive information such as passwords, IP addresses and devices IDs. Violations discovered by Cyber Safety Researcher Jeremia Fauler, occurred through a non-paste-protected database related to Chinese IOS Hydro.
HCRG Care Group suffers from ransomware attack
Private Health and Social Services Provider HCRG Care Group Cyber Crime Group Medusa fell victim to a ransomware attack. In a post on his dark-Web site, the Medusa crew claimed that he had stolen 2.275 TB data from HCRG, either threatened to sell information to a buyer or leaked it all online.
“The ransomware attack on HCRG Care Group is a great reminiscent that the healthcare organization will always be in the crosshair of criminal enterprises due to the availability of sensitive and individual patient data,” Jeff Witchman said, the director of the event’s response to the semeris.
Trimbal Cityworks vulnerability actively exploited
The American Cyber Security and Infrastructure Security Agency (CISA) warned that the asset management equipment trimbal citiesworks widely used by local governments and infrastructure organizations were being actively exploited. The vulnerability (CVE-2025-0994) has been rated at 8.6 in seriously and has received a patch in late January, which federal civilian agencies will have to apply by the end of this month.
DISA Global Data Breach affects over 3 million people
DISA Global Solutions, a provider of staff screening services, faced data violations affecting more than 3.3 million people. DISA, which provides services such as drugs and alcohol testing and background checks from one -third of more than 55,000 enterprises and Fortune 500 companies, confirmed data violations in filing with Main’s Attorney General.
Depomani Chief Security Officer (CSO) Cory Michal commented, “Background check companies are the main goals for cyber criminals as they store vast amounts of highly sensitive personal data including social security numbers, financial statements, government IDs and employment history.” He said that unlike financial institutions, which should follow strict cyber security rules, these companies often work with low security budgets and weak security controls, making them more weak for attacks.
Palo Alto confirms exploitation of firewall
Cyber security giant Palo Alto Network confirmed the active exploitation of the recently packed firewall vulnerability (CVE-2015-0108). The PAN-OS certification bypass defect allows an informal attacker to achieve access to the management interface of the targeted device and execute some scripts. The Palo Alto Netws also confirmed that the CVE-2025-0108 could be chased with other weaknesses, such as the CVE-2024-9474, which allows unauthorized access to unauthorized and unauthorized firewalls.
Kevin Robertson, Chief Technology Officer (CTO) at Acumen Cyber, commented, “It can be used as a major attack vector in one of the world’s most widely used firewalls, so organizations are advised to apply patch to each vulnerability as soon as possible. “The danger actors can potentially choose these weaknesses to enhance privileges and get root access for Palo Alto Firewall. This level of access will allow the attackers to modify the configuration, bypass safety controls and later move within an organization’s network. ,
Grubhub reveals third -party data breech
Food delivery company Grubhab revealed a data breech, in which the attackers affected the individual information of an unknown number of customers, traders and drivers after dissolving their system. “Our investigation found that the intrusion arose with an account related to an third-party service provider, providing assistance services to Grub,” the firm said.
The unauthorized person accessed the contact information of the campus dinner as well as dinner, traders and drivers who interacted with our customer care service. The following data was accessed, which was different:
- Name, email address and phone number.
- Information of partial payment card for the most of the campus dinner.
The unauthorized party also accessed the hashed password for some heritage systems, in which Grub rotated any password, saying it is believed to be at risk.
Lazarum Group uses LinkedIn to steal credentials and deploy malware
Bitdefender Labs exposed an active campaign by the Lazarus Group associated with North Korea, taking possession of credibility and distributing malware through fake LinkedIn job offers. The scam begins with a distance, part -time job opportunity offering message, which involves attractive targets to share personal data.
The attackers send a repository with a document containing a “minimal viable product” (MVP), which can only be responded by running a demo. Although the code appears harmless, it contains heavy unaffected scripts that dynamically load malicious codes from a third-party source. Peelod is a cross-platform information-styller targeting Windows, MacoS and Linux. It discovers for crypto-related browser extensions and collects login data and files, exflants them on a malicious server, facilitates further malicious tasks that further that before downloading and executing a python script.
