Top 9 Cyber Attacks and Data Breaches in February 2025
In February 2025, the cybersecurity landscape was marked by several significant incidents, underscoring the persistent and evolving nature of cyber threats. From sophisticated spyware attacks to extensive data breaches, these events highlight the critical need for robust security measures across all sectors. Below is a summary of notable incidents from the month:
1. Meta Confirms WhatsApp Spyware Hack
Meta, the parent company of WhatsApp, announced a sophisticated spyware attack targeting users of its secure messaging platform. The attack affected several individuals, including journalists and members of civil society. Meta emphasized the necessity for accountability among spyware developers and reaffirmed its commitment to protecting users’ private communications.
2. DOD and Defense Contractors’ Credentials Stolen
Reports emerged that hundreds of compromised credentials belonging to U.S. Department of Defense agencies and contractors were available for purchase on illicit platforms. Alarmingly, some of these logs contained active session cookies, potentially enabling attackers to bypass multi-factor authentication and gain unauthorized access to sensitive systems.
3. IoT Data Breach Exposes 2.7 Billion Records
A significant data breach involving an Internet of Things (IoT) company led to the exposure of 2.7 billion records. The compromised data included sensitive information such as passwords, IP addresses, and device identifiers. The breach was attributed to an unsecured, non-password-protected database, underscoring the vulnerabilities associated with IoT devices and the importance of stringent security protocols.
4. HCRG Care Group Suffers Ransomware Attack
HCRG Care Group, a provider of health and social services, suffered a ransomware attack orchestrated by the cybercriminal group Medusa. The attackers claimed to have exfiltrated 2.275 terabytes of data, threatening to sell or publicly release the information if their demands were not met. This incident highlights the healthcare sector’s susceptibility to cyberattacks due to the high value of patient data.
5. Trimble Cityworks Vulnerability Actively Exploited
The Cybersecurity and Infrastructure Security Agency (CISA) issued a warning regarding active exploitation of a vulnerability in Trimble Cityworks, an asset management tool widely used by local governments and infrastructure organizations. The flaw, identified as CVE-2025-0994 with a severity rating of 8.6, was patched in late January. Federal agencies were mandated to apply the patch promptly to mitigate potential risks.
6. DISA Global Data Breach Impacts Over 3 Million People
DISA Global Solutions, a company specializing in employee screening services, reported a data breach impacting over 3.3 million individuals. The compromised information included sensitive personal data collected during background checks and drug testing processes. The breach has raised concerns about the security measures employed by organizations handling extensive personal information.
7. Palo Alto Confirms Exploitation of Firewalls
Palo Alto Networks confirmed active exploitation of a recently patched firewall vulnerability, designated as CVE-2025-0108. This authentication bypass flaw allowed unauthorized attackers to access the management interface of affected devices and execute arbitrary scripts. Organizations using Palo Alto firewalls were urged to apply the necessary patches to prevent potential breaches.
8. Grubhub Discloses Third-Party Data Breach
Food delivery service Grubhub announced a data breach resulting from unauthorized access to an account belonging to a third-party service provider. The breach exposed personal information of customers, merchants, and drivers, including names, email addresses, phone numbers, and partial payment card details. Grubhub has since terminated the vendor’s access and is conducting a thorough investigation.
9. Lazarus Group Uses LinkedIn to Steal Credentials and Deploy Malware
Cybersecurity researchers uncovered an active campaign by the North Korea-linked Lazarus Group, which utilized fake LinkedIn job offers to steal credentials and deploy malware. The attackers lured victims with enticing job opportunities, leading them to download malicious code disguised as legitimate software. This operation underscores the increasing sophistication of social engineering attacks and the importance of vigilance among professionals.
These incidents from February 2025 serve as a stark reminder of the diverse and persistent nature of cyber threats. Organizations are encouraged to implement comprehensive security measures, conduct regular vulnerability assessments, and foster a culture of cybersecurity awareness to mitigate potential risks.