Welcome to Cyber Security Weekly Threat Mitigation & Vulnerability Round-Up. As technology continues to rapidly evolve, understanding and remaining updated with the ever-growing threats and vulnerabilities in the cybersecurity world has become more important now than ever. This week we highlight new top cyberattacks, data breaches, and security threats that organizations and individuals need to deal with.
Significant Cybersecurity Events
Healthcare Data Breach: More Than 1 Million Patients Impacted
Community Health Center, Inc. (CHC) announced a massive data breach within its system that affected 1,060,936 of its patients, plus those who previously received COVID-19 tests and vaccine shots. Data compromised may include:
- Social Security Number (SSN)
- Health conditions, test results, treatment notes
- Insurance information
In response, CHC offered 24 months of free identity theft protection through IDX. Although CHC’s operations were not disrupted, the attack underscores the persistent threat to healthcare organizations, which continue to be targets of choice for cybercriminals.
850,000+ Records Stolen In Globe Life Cyber attack
Another data exfiltration attack hit one of Globe Life’s subsidiaries, American Income Life Insurance Company (AILIC), exposing sensitive data such as the following:
- Names, social security numbers, and home addresses
- Policy-related health data
Hackers used double extortion methods, threatening to use the stolen data against the company. The data was also leaked to short sellers in what may have been an effort to manipulate the price of Globe Life in the stock market.
Although no financial information was compromised, the attack highlights fears that cybercriminals could exploit corporate breaches for financial purposes.
AWS S3 Bucket Hijacking Poses Global Supply Chain Risks
Security researchers found more than 150 abandoned AWS S3 buckets once used by some of the world’s biggest companies, including Fortune 500 companies and US government agencies like NASA and the US military. Attackers can take these abandoned buckets over to
- Send out infected software updates
- Launch supply chain attacks like the SolarWinds hacking
- Intercept requests for sensitive data
They detected over 8 million requests made to those buckets, thus it is important to note that insecure configurations of cloud storage is still risky risk. Organizations are encouraged to review their cloud assets and audit unused resources.
Grubhub Data Breach Through Third-Party Vendor
Access to Grubhub customer data, including:was obtained when a third-party contractor account was compromised.
- Name, email, and phone number
- Partial payment card information (last 4 digits)
Grubhub proactively reset credentials for compromised users since not all payment information had been compromised. The breach highlights the risks of third-party vendor access, a leading cybersecurity threat that cuts across sectors.
Hacker Responsible for Over 40 Cyberattacks Arrested by Spanish Authorities
Spanish law enforcement arrested a hacker involved in over 40 cyberattacks, which would also include breaks of:
- NATO systems
- The U.S. Army
- Spanish government agencies
The attacker allegedly sold stolen data on dark web forums and washed profits through more than 50 cryptocurrency accounts, according to the country’s cyber directors.
This case is emblematic of the increasingly serious measures being taken to crack down on cybercriminals who engage in nation-state and high-profile attacks.
New Cyber Threats
Vulnerability in Microsoft Outlook Actively Exploited
Microsoft Outlook is affected by a critical vulnerability, called CVE-2024-21413, discovered by security researchers. This flaw allows:
- Protected View bypass anti-virus
- Execution of Arbitrary Code from Remote
- Theft of NTLM credentials
Accordingly, the Cybersecurity and Infrastructure Security Agency (CISA) mandated that all federal agencies must patch by February 27, 2025. Organizations with Outlook installed are being advised to update immediately to avoid potentially being exploited.
New active directory attack uses ghost servers
Cybercriminals are taking advantage of Kerberos Delegation vulnerabilities found in Active Directory realms to forge “Ghost Servers” impersonating genuine users. This technique enables:
- Network privilege escalation
- Sensitive enterprise data access
- Moving laterally undetected
Mitigation strategies are transitioning to Constrained Delegation, and monitoring Service Principal Name (SPN) configurations.
HPE Confirms Russian APT Group Breach
Hewlett Packard Enterprise (HPE) announced this week that APT29 (Midnight Blizzard), the Russian-sponsored breach, had compromised its Office 365 email accounts. The breach resulted in:
Employee SSNs, driver’s licenses, and credit card data theft
Extended illegitimate access from May 2023 until December 2023
The attack is one of a series of Russian cyber espionage operations aimed at Western corporations.
Latest Cyber Attacks and Exploits
Exploitation of AWS & Azure Cloud Platforms for Large-Scale Cyberattacks
Threat actors are using hijacked 1,200+ AWS IPs, stolen cloud API keys to execute mass phishing, ransomware and supply chain attacks. The campaign has affected more than 200,000 domains across the globe and is believed to be associated with the FUNNULL hacking group.
Crypto phishing Using Hijacked X (Twitter)
Tor Project, Nasdaq, and Microsoft India are among verified X accounts that hackers took control of to promote fake cryptocurrency schemes. Attackers:
- Phishing by means of Google AMP Cache domains
- Used Evilginx to harvest authentication tokens
Abuse of ScreenConnect RMM Tool to Drop Malware
The attacker exploited CVE-2024-1709 in ScreenConnect remote monitoring tools to install malware. Phony agents, posing as “eStatementsForum_Viewr. exe”, were sent through bulletproof hosting providers.
ASP. Exploited IIS Server from NET Key Exposure
Over 3,000 exposed ASP. NET encryption keys can allow attackers to execute code on affected Internet Information Services (IIS servers). The attack employs malicious ViewState payloads for persistent backdoors.
Vulnerabilities & Exploits of Substance
Pandora in Windows 11 Kernel Race Condition (CVE-2025-XXXX)
A recently discovered Kernel Sync Leaks vulnerability permits:
- Privilege escalation
- Arbitrary code execution
- Possible denial-of-service (DoS) attacks
7-Zip Zero-Day Used in Malware Delivery
The exploitation of CVE-2025-0411 by Russian hackers is used to bypass Mark-of-the-Web (MoTW) protections. This weakness enables pervasive malware delivery through nested archives, and is currently under exploit to disseminate Smoke loader malware.
Security Updates In October 2023, Cisco released Cisco ISE Command Execution Vulnerabilities
Two recently uncovered vulnerabilities, CVE-2025-20124 (Java deserialization) and CVE-2025-20125 (authentication bypass), enable attackers to obtain root privileges on Cisco Identity Services Engine (ISE) systems. Organizations must update to version 3.1P10/3.2P7/3.3P4 immediately.
Other Cybersecurity News
Microsoft Introduces AI Avatars for Teams
Microsoft Teams to launch AI-powered avatars, enabling users to join virtual meetings without a live feed These avatars:
- 3D immersive spaces support via Microsoft Mesh
- From built-in text-to-speech accessibility features
Final thoughts
From critical infrastructure, cloud platforms and enterprise networks, the world of cybersecurity is constantly evolving with new threats.
Companies need to take steps to prevent such attacks through proactive security measures that can include,Frequent patching of known vulnerabilities zero Trust architectures to minimize unauthorized access ,Improved cloud security protocols to avoid data siphoning
This continual emergence of new threats necessitates the need to be proactive in the way you approach your cybersecurity.stay safe with threats
