15.4M Victims in a Single State, 8.5TB Stolen, and Multiple CVSS 10.0 Vulnerabilities Exposed

More than 15.4 million individuals in Texas alone were confirmed affected in the Conduent Business Services breach, pushing total victim counts beyond 25 million, while SafePay ransomware operators claimed to have exfiltrated 8.5 terabytes of data. At the same time, three separate healthcare providers reported ransomware-driven compromises, including one case involving 118 gigabytes of stolen data and confirmed exposure of protected health information (PHI).

The latest ColorTokens Threat Advisory analyzes critical Common Vulnerabilities and Exposures (CVEs) scoring up to 10.0 on the Common Vulnerability Scoring System (CVSS), including a Cisco Secure Email Gateway remote command execution flaw and a Fortinet authentication bypass vulnerability (CVE-2025-59718) affecting FortiOS and related platforms. The report also details exploitation of Operational Technology (OT) and Industrial Control Systems (ICS), plus Indicators of Compromise (IOCs) covering malicious IP addresses, domains, URLs, and file hashes.

How ColorTokens Threat Intelligence Helps You Stay Breach Ready:

• Flags CVSS 10.0 vulnerabilities early, including Cisco Secure Email Gateway remote command execution risks and authentication bypass flaws in Fortinet environments, enabling faster patch prioritization.
• Tracks large-scale healthcare breach impact, including incidents affecting 22,552 patients at one provider and more than 15.4 million individuals in a single U.S. state, helping security leaders quantify risk exposure.
• Surfaces ransomware trends across sectors, from Lazarus-linked Medusa ransomware campaigns targeting U.S. healthcare to SafePay’s multi-terabyte data theft and extortion operations.
• Monitors OT and ICS exploitation activity, including automated FortiGate account creation, firewall configuration theft, and patch-bypass concerns impacting industrial environments.
• Delivers actionable Indicators of Compromise (IOCs) categorized by IP address, domain, URL, and hash, allowing security teams to validate controls and strengthen detection immediately.

Our cybersecurity specialists can help you interpret threat patterns, validate exposure to high-severity CVEs, and operationalize microsegmentation to limit blast radius before disruption spreads.