{"id":10425,"date":"2026-02-03T08:34:57","date_gmt":"2026-02-03T05:34:57","guid":{"rendered":"https:\/\/cyberone.bg\/?p=10425"},"modified":"2026-02-02T16:51:31","modified_gmt":"2026-02-02T13:51:31","slug":"weekly-cybersecurity-report-week-05-2026","status":"publish","type":"post","link":"https:\/\/cyberone.bg\/en\/weekly-cybersecurity-report-week-05-2026","title":{"rendered":"Weekly Cybersecurity Report | Week 05, 2026"},"content":{"rendered":"<p>As your dedicated cybersecurity services provider,<strong>\u00a0<a href=\"https:\/\/cyberone.bg\/\">CyberOne<\/a><\/strong>\u00a0equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.<\/p>\n<h2>Weekly Cybersecurity Report | Week 05, 2026<\/h2>\n<p><strong><u>Information security updates and events from the past we<\/u><\/strong><strong><u>ek<\/u><\/strong><\/p>\n<h3 id=\"1\"><a href=\"#1\"><strong>1. Fortinet FortiCloud SSO authentication bypass (CVE\u20112026\u201124858)<\/strong><\/a><\/h3>\n<p>A critical authentication\u2011bypass flaw in Fortinet\u2019s FortiCloud Single Sign\u2011On exposed over 3.28 million internet\u2011connected Fortinet devices (FortiGate and related products) to remote compromise.\u200b<br \/>\nFortinet observed active exploitation starting 22 January: attackers used two malicious FortiCloud accounts to log into vulnerable devices, download full configs, and create persistent local admin accounts with generic names such as \u201caudit\u201d, \u201cbackup\u201d, and \u201csecadmin\u201d.\u200b<\/p>\n<h3 id=\"2\"><a href=\"#2\"><strong>2. eScan antivirus supply\u2011chain attack<\/strong><\/a><\/h3>\n<p>Investigations revealed that the update infrastructure of eScan antivirus had been compromised, allowing threat actors to push a malicious file as part of product updates.\u200b<br \/>\nThe trojanized update led to malware infections on customer endpoints, illustrating how security products themselves can become a high\u2011trust supply\u2011chain vector when update channels are hijacked.\u200b<\/p>\n<h3 id=\"3\"><a href=\"#3\"><strong>3. Crunchbase data breach \u2013 ShinyHunters<\/strong><\/a><\/h3>\n<p>Business\u2011intelligence platform Crunchbase confirmed a data breach after the ShinyHunters group claimed responsibility and leaked a 400MB dataset.\u200b<br \/>\nOver 2 million user records were exposed, including personal and business information, underscoring that even \u201copen\u2011data\u201d style platforms can present privacy and profiling risks once data is aggregated and exfiltrated.\u200b<\/p>\n<h3 id=\"4\"><a href=\"#4\"><strong>4. Ingram Micro ransomware \u2013 SafePay<\/strong><\/a><\/h3>\n<p>Global IT distributor Ingram Micro disclosed a ransomware attack attributed to the SafePay group that resulted in theft of personal data for 42,521 employees and job applicants.\u200b<br \/>\nStolen information included names, contact details, government ID numbers, and employment records, with initial access reportedly achieved through compromised credentials and password\u2011spraying against internal systems.<\/p>\n<h3 id=\"5\"><a href=\"#5\">5. <strong>Luxshare ransomware \u2013 RansomHub and supply\u2011chain risk<\/strong><\/a><\/h3>\n<p>RansomHub claimed an attack on Luxshare, a key electronics manufacturer and supply\u2011chain partner for major firms such as Apple, Nvidia and Tesla.\u200b<br \/>\nAttackers reportedly accessed engineering schematics and technical documentation, reinforcing how compromises at upstream hardware vendors can expose sensitive IP and create downstream risk for entire product ecosystems.\u200b<\/p>\n<h3 id=\"6\"><a href=\"#6\">6. <strong>Energy sector attacks and nation\u2011state pressure<\/strong><\/a><\/h3>\n<p>A January risk roundup highlighted multiple energy\u2011sector incidents: Romanian producer CET Oltenia and Chilean firm Copec both confirmed ransomware events affecting internal systems, while Taiwan reported a tenfold increase in cyberattacks against its energy sector during software\u2011update windows.\u200b<br \/>\nIn parallel, Russia\u2011linked APT28 targeted global energy and nuclear\u2011research organizations and China\u2011linked Mustang Panda ran spear\u2011phishing campaigns against U.S. government entities, focusing on credential theft and long\u2011term access rather than immediate disruption.\u200b<\/p>\n<p><strong><em>The cybersecurity attacks highlighted in this report aren&#8217;t just incidents, they&#8217;re blueprints of the adversary&#8217;s arsenal. To protect your business you need the right partner. CyberOne is here to help! Check out our <a href=\"https:\/\/cyberone.bg\/en\/services\">services<\/a>.<\/em><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>As your dedicated cybersecurity services provider,\u00a0CyberOne\u00a0equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape. Weekly Cybersecurity Report | Week 05, 2026 Information security updates and events from the past week 1. Fortinet FortiCloud SSO authentication bypass (CVE\u20112026\u201124858) [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":8609,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[65],"class_list":["post-10425","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-weekly-cyber-updates","tag-weekly-cybersecurity-report"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts\/10425","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/comments?post=10425"}],"version-history":[{"count":1,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts\/10425\/revisions"}],"predecessor-version":[{"id":10426,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts\/10425\/revisions\/10426"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/media\/8609"}],"wp:attachment":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/media?parent=10425"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/categories?post=10425"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/tags?post=10425"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}