Veeam patches critical security flaw in backup software 

Veeam has released patches for a critical security vulnerability (CVE-2025-23114, CVSS 9.0) in its Backup software that could allow attackers to execute arbitrary code via a Man-in-the-Middle attack. 

The flaw affects older versions of Veeam Backup for Salesforce, Nutanix AHV, AWS, Microsoft Azure, Google Cloud, and Oracle Linux Virtualization Manager/Red Hat Virtualization. Veeam has confirmed that versions 6 and higher for most products remain unaffected. 

The issue has been addressed in the latest Veeam Updater component versions, ranging from 7.9.0.1124 for Salesforce to 9.0.0.1128 for Google Cloud and Microsoft Azure. 

Veeam clarified that environments not using these cloud-based backups are unaffected. Users are urged to apply the patches immediately to secure their systems. 

For full details, check Veeam’s official security advisory. 

Italy, Taiwan and more bans DeepSeek AI over security risks 

Taiwan has banned government agencies from using Chinese AI startup DeepSeek, citing national security risks. The Ministry of Digital Affairs warned that the platform poses a threat due to cross-border data transmission and potential leaks. 

Italy recently blocked DeepSeek over data handling concerns, and several companies have also restricted its use. Despite its appeal as an open-source, cost-effective alternative to leading AI models, DeepSeek's large language models (LLMs) remain vulnerable to jailbreak techniques and censorship aligned with Chinese regulations. 

Cyber threats against DeepSeek have surged, with NSFOCUS detecting multiple DDoS attacks targeting its API. Additionally, malicious Python packages masquerading as DeepSeek tools were found stealing user data before their removal. 

Meanwhile, global AI security efforts are ramping up. The EU's AI Act, the UK’s AI Code of Practice, and Meta’s Frontier AI Framework are tackling risks like AI-driven cyberattacks. Google also reported state-linked hackers attempting to exploit AI tools for malicious operations. 

Casio UK e-shop hacked, customer payment data stolen 

Casio UK's online store was hacked between January 14 and 24, 2025, exposing customer payment details. Security firm JSCrambler discovered the breach on January 28, identifying malicious scripts designed to steal credit card data from customers checking out on casio.co.uk. The scripts were removed within 24 hours. 

The attack exploited Magento vulnerabilities and also affected 17 other websites. Hackers used a two-stage skimmer, first planting a script that dynamically fetched a second, obfuscated skimmer from a Russian server. Victims were tricked into entering payment details into a fake checkout form, after which stolen data was encrypted and sent to an attacker-controlled server. 

Despite Casio implementing a Content Security Policy (CSP), it was configured too loosely to prevent the attack. This breach follows recent Casio security incidents, including an October ransomware attack and a separate data breach affecting its ClassPad education platform. Customers are urged to monitor their payment transactions. 

Community Health Center breach exposes data of over 1 million patients 

Community Health Center (CHC), a major Connecticut healthcare provider, has disclosed a data breach affecting 1,060,936 individuals. The attack, discovered on January 2, 2025, allowed hackers to access patient personal and health data, including names, Social Security numbers, medical diagnoses, and treatment details. 

CHC confirmed the breach did not disrupt operations, and investigators attributed it to a "skilled criminal hacker." While no ransomware was deployed, threat actors increasingly focus on data theft for extortion rather than encryption. 

This breach follows a surge in healthcare cyberattacks. The New York Blood Center recently faced a ransomware incident, while UnitedHealth revealed that the Change Healthcare attack exposed nearly 190 million patient records. 

In response, the U.S. Department of Health and Human Services (HHS) is proposing updates to HIPAA regulations to bolster healthcare data security. Affected CHC patients are urged to monitor their personal and financial information. 

Law enforcement dismantles major cybercrime forums 

An international law enforcement operation has taken down key cybercrime platforms, including Cracked, Nulled, Sellix, and StarkRDP. The effort, dubbed Operation Talent, was carried out between January 28 and 30, 2025, with authorities from the U.S., Europe, and Australia seizing multiple domains linked to illicit activities. 

Cracked and Nulled, with over 10 million users, facilitated the sale of stolen data, hacking tools, and AI-driven attack scripts. Europol estimates they generated over €1 million in profits. Two suspects were arrested, with searches yielding 17 servers, over 50 electronic devices, and €300,000 in cash and cryptocurrency. 

The U.S. Department of Justice unsealed charges against Nulled administrator Lucas Sohn, a 29-year-old Argentinian residing in Spain, for facilitating cybercrime. If convicted, he faces up to 15 years in prison. The takedown underscores global efforts to disrupt cybercriminal networks profiting from stolen credentials and hacking services. 

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.