8.8 Million Infected, 145,000 Records Exposed, Hospitals Forced Offline

Healthcare organizations across Europe and the U.S. faced severe operational disruptions between December ’25 and January ’26, with ransomware attacks forcing hospitals to disconnect servers, cancel procedures, and revert to manual workflows. At the same time, financial institutions and service providers grappled with vendor-driven breaches that exposed tens of thousands of customer records.

This edition of the ColorTokens Threat Advisory examines how attackers exploited critical vulnerabilities in email gateways, firewalls, databases, and web frameworks, while phishing campaigns increasingly impersonated trusted internal domains. The report also details how long-running malware operations quietly infected millions of users and how IoT and OT environments were drawn into persistent botnet activity using high-severity flaws like React2Shell.

How ColorTokens Threat Intelligence Helps You Stay Breach Ready

• Identifies critical, high-CVSS vulnerabilities across email, firewall, database, and application stacks requiring urgent remediation
• Tracks ransomware-driven healthcare disruptions to highlight real-world operational and patient-safety impact
• Surfaces phishing and credential-theft tactics abusing internal email trust and misconfigured routing
• Highlights OT and IoT botnet activity to help teams segment exposed devices and contain lateral movement
• Provides actionable context around attacker behavior, helping teams prioritize response before damage spreads

Our cybersecurity specialists can help you interpret emerging threat patterns, assess exposure across IT and OT environments, and strengthen defenses against active exploits and ransomware campaigns.