As your dedicated cybersecurity services provider, CyberOne equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 05, 2026
Information security updates and events from the past week
1. Fortinet FortiCloud SSO authentication bypass (CVE‑2026‑24858)
A critical authentication‑bypass flaw in Fortinet’s FortiCloud Single Sign‑On exposed over 3.28 million internet‑connected Fortinet devices (FortiGate and related products) to remote compromise.
Fortinet observed active exploitation starting 22 January: attackers used two malicious FortiCloud accounts to log into vulnerable devices, download full configs, and create persistent local admin accounts with generic names such as “audit”, “backup”, and “secadmin”.
2. eScan antivirus supply‑chain attack
Investigations revealed that the update infrastructure of eScan antivirus had been compromised, allowing threat actors to push a malicious file as part of product updates.
The trojanized update led to malware infections on customer endpoints, illustrating how security products themselves can become a high‑trust supply‑chain vector when update channels are hijacked.
3. Crunchbase data breach – ShinyHunters
Business‑intelligence platform Crunchbase confirmed a data breach after the ShinyHunters group claimed responsibility and leaked a 400MB dataset.
Over 2 million user records were exposed, including personal and business information, underscoring that even “open‑data” style platforms can present privacy and profiling risks once data is aggregated and exfiltrated.
4. Ingram Micro ransomware – SafePay
Global IT distributor Ingram Micro disclosed a ransomware attack attributed to the SafePay group that resulted in theft of personal data for 42,521 employees and job applicants.
Stolen information included names, contact details, government ID numbers, and employment records, with initial access reportedly achieved through compromised credentials and password‑spraying against internal systems.
5. Luxshare ransomware – RansomHub and supply‑chain risk
RansomHub claimed an attack on Luxshare, a key electronics manufacturer and supply‑chain partner for major firms such as Apple, Nvidia and Tesla.
Attackers reportedly accessed engineering schematics and technical documentation, reinforcing how compromises at upstream hardware vendors can expose sensitive IP and create downstream risk for entire product ecosystems.
6. Energy sector attacks and nation‑state pressure
A January risk roundup highlighted multiple energy‑sector incidents: Romanian producer CET Oltenia and Chilean firm Copec both confirmed ransomware events affecting internal systems, while Taiwan reported a tenfold increase in cyberattacks against its energy sector during software‑update windows.
In parallel, Russia‑linked APT28 targeted global energy and nuclear‑research organizations and China‑linked Mustang Panda ran spear‑phishing campaigns against U.S. government entities, focusing on credential theft and long‑term access rather than immediate disruption.
The cybersecurity attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. CyberOne is here to help! Check out our services.
