Attacks Cloud Data Executive Decisions IoT Malware Mobile Network Security Strategy Threat Defense
Attacks Cloud Data Executive Decisions IoT Malware Mobile Network Security Strategy Threat Defense

9 major cyber attacks & data breaches in February 2025

Cyber attacks and data breaches continue to wreak havoc on organizations across the globe

Add bookmark
Michael Hill
Michael Hill
02/27/2025
cyber attack concept

Cyber attacks and data breaches continue to wreak havoc on organizations across sectors and geolocations.

From ransomware and distributed denial-of-service (DDoS) attacks to accidental and third party data exposures, businesses face ongoing, complex cyber security risks.

Here are nine significant cyber attacks and data breaches from February 2025.

Contents:

Meta confirms WhatsApp spyware hack

Facebook owner Meta confirmed that a hacking attack impacted users of the WhatsApp secure messaging platform. As first reported by The Guardian, WhatsApp users were targeted by a sophisticated spyware attack, affecting a number of users including journalists and members of civil society.

“This is the latest example of why spyware companies must be held accountable for their unlawful actions,” commented a Meta spokesperson. “WhatsApp will continue to protect people’s ability to communicate privately.”

DOD and defense contractors’ credentials stolen

Hundreds of compromised credentials belonging to US Department of Defense (DOD) agencies and contractors were put up for sale as part of an infostealer malware campaign. Some stolen logs included active session cookies, potentially allowing attackers to bypass multi-factor authentication (MFA).

IoT data breach exposes 2.7 billion records

A massive internet of things (IoT) data breach exposed 2.7 billion records, compromising sensitive information such as passwords, IP addresses and device IDs. The breach, discovered by cyber security researcher Jeremiah Fowler, occurred through a non-password-protected database belonging to Chinese IoT company Mars Hydro.

HCRG Care Group suffers ransomware attack

Private health and social services provider HCRG Care Group fell victim to a ransomware attack by cyber crime group Medusa. In a post on its dark-web site, the Medusa crew claimed it had stolen 2.275 TB of data from HCRG, threatening to either sell the information to a buyer or leak it all online.

“The ransomware attack on HCRG Care Group is a sobering reminder that healthcare organizations will always be in the crosshairs of criminal enterprises because of the availability of sensitive and personal patient data,” said Jeff Wichman, director of incident response at Semperis.

Trimble Cityworks vulnerability actively exploited

The US Cybersecurity and Infrastructure Security Agency (CISA) warned that Trimble Cityworks, an asset management tool widely used by local governments and infrastructure organizations, was being actively exploited. The vulnerability (CVE-2025-0994) is rated 8.6 in severity and received a patch in late January, which Federal civilian agencies must apply by the end of this month.

DISA Global data breach impacts over 3 million people

DISA Global Solutions, a provider of employee screening services, suffered a data breach affecting more than 3.3 million people. DISA, which provides services like drug and alcohol testing and background checks to more than 55,000 enterprises and a third of Fortune 500 companies, confirmed the data breach in a filing with Maine’s attorney general.

“Background check companies are prime targets for cyber criminals because they store vast amounts of highly sensitive personal data, including Social Security numbers, financial details, government IDs and employment histories,” commented Cory Michal, chief security officer (CSO) at AppOmni. Unlike financial institutions, which must adhere to strict cybersecurity regulations, these companies often operate with less security budget and weaker security controls, making them more vulnerable to attacks, he added.

Palo Alto confirms exploitation of firewalls

Cyber security giant Palo Alto Networks confirmed active exploitation of a recently patched firewall vulnerability (CVE-2025-0108). The PAN-OS authentication bypass flaw allows an unauthenticated attacker to gain access to the targeted device’s management interface and execute certain scripts. Palo Alto Networks also confirmed that CVE-2025-0108 can be chained with other vulnerabilities, such as CVE-2024-9474, allowing unauthorized access to unpatched and unsecured firewalls.

“This could be used as a major attack vector in one of the world’s most widely used firewalls, so organizations are advised to apply the patch to each vulnerability as soon as possible,” commented Kevin Robertson, chief technology officer (CTO) at Acumen Cyber. “Threat actors could potentially chain these vulnerabilities to escalate privileges and gain root access to Palo Alto firewalls. This level of access would allow attackers to modify configurations, bypass security controls and move laterally within an organization’s network.”

GrubHub discloses third party data breach

Food delivery company GrubHub disclosed a data breach impacting the personal information of an undisclosed number of customers, merchants and drivers after attackers breached its systems. “Our investigation found that the intrusion originated with an account belonging to a third-party service provider that provided support services to Grubhub,” the firm said. 

The unauthorized individual accessed contact information of campus diners, as well as diners, merchants and drivers who interacted with our customer care service. The following data was accessed, varying by individual:

  • Names, email addresses and phone numbers.
  • Partial payment card information for a subset of campus diners.

The unauthorized party also accessed hashed passwords for certain legacy systems, with GrubHub proactively rotating any passwords that it believed might have been at risk.

Lazarus Group uses LinkedIn to steal credentials and deploy malware

Bitdefender Labs uncovered an active campaign by the North Korea-linked Lazarus Group, targeting organizations by capturing credentials and delivering malware through fake LinkedIn job offers. The scam starts with a message offering a remote, part-time job opportunity, with targets enticed to share personal data.

Attackers send a repository containing a “minimum viable product” (MVP) alongside a document with questions that can only be answered by running the demo. Although the code appears harmless, it contains heavily obfuscated scripts that dynamically load malicious code from a third-party source. The payload is a cross-platform info-stealer targeting Windows, macOS and Linux. It searches for crypto-related browser extensions and collects login data and files, exfiltrating them to a malicious server, before downloading and executing a Python script that facilities further malicious actions.

Tags: cyber attack ransomware data breach

RECOMMENDED

FIND CONTENT BY TYPE

Cyber Security Hub COMMUNITY

ADVERTISE WITH US

Advertise Now

JOIN THE Cyber Security Hub COMMUNITY

Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.

Learn more
iqpc logo

Cyber Security Hub, a division of IQPC

© 2025 All rights reserved. Use of this site constitutes acceptance of our User Agreement, Privacy Policy and Cookies Settings.

Careers With IQPC| Contact Us | About Us | Cookie Policy