Massive Cyber Heist: Hackers Steal $85 Million from Phemex
Phemex, a major cryptocurrency exchange, fell victim to a massive security breach, resulting in the theft of approximately $85 million in digital assets. The attack, which occurred on January 23, 2025, compromised the platform’s hot wallets, though cold wallets remained secure. In response, Phemex swiftly suspended deposits and withdrawals, activated emergency security measures, and collaborated with cybersecurity experts and law enforcement to assess the damage. Initially estimated at $29 million, the stolen funds were later revised to $69 million before reaching the final estimate of $85 million. The exchange has since reinforced its security infrastructure and gradually restored withdrawals for key cryptocurrencies, including ETH, USDT, and SOL. Users are advised to avoid using old deposit addresses to prevent delays. While no group has claimed responsibility, the scale and sophistication of the attack suggest possible involvement from advanced cybercriminal organizations, such as North Korean hacker groups.
DeepSeek Halts Registrations Following Major Cyberattack
Chinese AI platform DeepSeek has temporarily disabled new user registrations after suffering a large-scale cyberattack. The surge in popularity of its DeepSeek-V3 model, which has been touted as a cost-effective rival to leading US AI systems, has drawn significant attention from both the tech industry and, seemingly, cybercriminals. The attack coincided with DeepSeek’s AI Assistant app surpassing ChatGPT as the most downloaded app on the Apple App Store. In response, the company restricted new signups to maintain service stability while ensuring existing users can still log in. Though details remain scarce, the attack is suspected to be a distributed denial-of-service (DDoS) assault targeting DeepSeek’s API and chat services. Meanwhile, cybersecurity researchers have begun scrutinizing the platform, with some successfully jailbreaking its model to generate harmful content. The combination of security threats and scrutiny highlights the growing challenges AI firms face as they rapidly scale.
Smiths Group Investigates Security Breach After Cyberattack
London-based engineering giant Smiths Group has disclosed a cybersecurity incident following unauthorized access to its systems. The multinational company, which serves industries including energy, aerospace, and defense, swiftly isolated the affected systems and activated its business continuity plans upon detecting the breach. While the firm has not yet confirmed whether business or customer data was compromised, it is working closely with cybersecurity experts to assess the impact. The attack highlights the increasing risks posed by zero-day vulnerabilities, which cybercriminals frequently exploit to infiltrate corporate networks before security patches are available. Smiths Group has assured stakeholders that it is taking all necessary regulatory measures and will provide updates as more details emerge. This breach follows a string of recent cyber incidents targeting major organizations, including Conduent, Hewlett Packard Enterprise, and Nominet, with attackers leveraging zero-day vulnerabilities to compromise critical infrastructure.
Hackers Exploit SimpleHelp RMM Vulnerabilities to Breach Networks
Cybercriminals are actively exploiting recently patched vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM) software to gain unauthorized access to networks. The security flaws, identified as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728, enable attackers to manipulate files and escalate privileges. Despite fixes being released between January 8 and 13, reports from Arctic Wolf suggest an ongoing attack campaign targeting unpatched SimpleHelp servers. While it remains uncertain if these specific vulnerabilities are responsible, researchers recommend immediate updates to mitigate risks. Shadowserver Foundation has identified 580 exposed vulnerable instances, with the majority in the U.S. Attackers are leveraging pre-installed SimpleHelp clients to establish unauthorized connections, execute reconnaissance commands, and potentially escalate privileges. Organizations using SimpleHelp should upgrade to patched versions and consider uninstalling the software if no longer needed to reduce the attack surface. Security experts urge immediate action to prevent further breaches.
FBI Seizes Cracked.io and Nulled.to in Global Cybercrime Crackdown
In a major international operation, the FBI has taken down the domains of Cracked.io and Nulled.to, two notorious hacking forums known for facilitating cybercrime, including password theft, credential stuffing, and software cracking. As part of “Operation Talent,” authorities from the U.S., Europe, and several other countries collaborated to dismantle platforms involved in illicit online activities. The operation also targeted MySellIX and SellIX, which were used to trade stolen data, as well as StarkRDP, a service allegedly exploited by cybercriminals for unauthorized remote access. Seized domain banners confirm that law enforcement has obtained customer and victim data from these platforms, indicating further legal actions may follow. While forum staff initially cited data center issues, it is now clear that the takedown was part of a coordinated effort to curb cyber threats. The crackdown signals increased global efforts to dismantle online marketplaces that enable cybercriminals to exploit RDP and compromised credentials.
Ransomware Attack Disrupts New York Blood Center Operations
The New York Blood Center (NYBC), one of the largest independent blood collection organizations in the world, has been hit by a ransomware attack, forcing it to reschedule donor appointments and blood drives. The breach, detected on January 26, led NYBC to take certain systems offline while cybersecurity experts work to restore operations. Although blood donations are still being accepted, disruptions continue to affect scheduling and logistics. The attack comes at a critical time, as NYBC had recently declared a blood emergency following a significant drop in donations. While it remains unclear whether donor data was compromised, ransomware groups such as Qilin ransomware are known to exfiltrate sensitive information before encrypting systems. The healthcare sector has been increasingly targeted, with similar attacks impacting London hospitals and major U.S. blood banks in recent months. NYBC has assured hospital partners that it is implementing workarounds to maintain essential blood supply services.
Mizuno USA Confirms Data Breach After Two-Month Network Intrusion
Mizuno USA has disclosed that cybercriminals remained inside its network for over two months, stealing sensitive personal and business data. The breach, detected on November 6, 2024, revealed that attackers had accessed Mizuno’s systems from August 21 to October 29, exfiltrating confidential files. Affected individuals may have had their Social Security numbers, financial details, driver’s license information, or passport numbers compromised. The attack has been linked to BianLian ransomware, a group known for targeting private companies and critical infrastructure. Ransomware gangs like BianLian have shifted towards extortion-only tactics, leaking stolen data rather than encrypting systems. Mizuno previously suffered a ransomware attack in 2022, which disrupted business operations. Following this latest breach, the company is offering free credit monitoring to affected individuals and urging vigilance against fraud. The incident highlights the persistent threat ransomware gangs pose to global enterprises, with Mizuno now a repeat target of cyber extortion.
Hackers Exploit Google’s Gemini AI for Cyberattack Preparation
State-sponsored threat actors from Iran, China, North Korea, and Russia have been leveraging Google’s Gemini AI to streamline their cyber operations, focusing on reconnaissance, coding assistance, and vulnerability research. According to Google’s Threat Intelligence Group, these advanced persistent threat (APT) groups use Gemini primarily to enhance productivity rather than launch direct AI-driven attacks. Iranian cybercriminals have been the most active users, employing Gemini for phishing campaigns, military research, and influence operations. Chinese-backed hackers utilize the AI tool for reconnaissance on U.S. government entities and privilege escalation techniques, while North Korean groups exploit it to support malware development and infiltration of Western companies under false identities. Although some have attempted to bypass Gemini’s security measures through jailbreaks, these efforts have been largely unsuccessful. The increasing misuse of AI in cybercrime underscores the growing risks associated with generative AI tools, particularly as less secure models like DeepSeek R1 and Qwen 2.5 gain popularity.
Conclusion
The rise in cyberattacks across industries, from cryptocurrency exchanges to healthcare institutions, highlights the persistent and evolving nature of cybersecurity threats. Organizations must stay proactive by implementing stringent security measures and regularly updating their systems to minimize vulnerabilities.
As experts in ransomware recovery and cybersecurity, we provide comprehensive solutions, including Ransomware Recovery Services, Ransomware Negotiation Services, and Ransomware Settlement Services. Additionally, we offer advanced training through our Cyber Defense Academy and strategic assessments such as Cybersecurity Risk Assessment. Our Incident Response Retainer ensures rapid support in the event of a security breach.
Don’t wait for an attack to cripple your business—reach out to us today and fortify your organization against cyber threats.