1.24M Victims, $260K Average Ransom Demands, and CVSS 10.0 Remote Code Execution Exposed

A ransomware attack on the University of Hawai’i Cancer Center exposed sensitive research data tied to 1.24 million individuals, while U.S. medical device manufacturer UFP Technologies confirmed stolen company data following an intrusion. At the same time, investigators linked Medusa ransomware campaigns to North Korean state-sponsored threat actors targeting healthcare organizations and non-profits.

The latest ColorTokens Threat Advisory examines these incidents alongside four critical vulnerabilities, including a CVSS 10.0 unauthenticated remote code execution (RCE) flaw in Dynamicweb and an authentication bypass vulnerability affecting Cisco Catalyst SD-WAN systems. The report also analyzes ransomware groups exploiting a VMware ESXi vulnerability now listed in the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities catalog, highlighting continued risks across enterprise and operational technology environments.

How ColorTokens Threat Intelligence Helps You Stay Breach Ready

• Tracks large-scale healthcare breaches, including incidents affecting 1.24 million individuals, helping organizations anticipate how ransomware campaigns expose sensitive medical and research data.
• Identifies critical vulnerabilities with CVSS scores up to 10.0, including remote code execution risks in enterprise platforms such as Dynamicweb and authentication bypass flaws in Cisco Catalyst SD-WAN.
• Monitors ransomware activity from advanced threat groups, including campaigns linked to the Lazarus Group, which has deployed Medusa ransomware in attacks since November 2025.
• Highlights operational technology exploitation trends, including ransomware gangs leveraging VMware ESXi sandbox escape vulnerabilities to compromise virtualized infrastructure
• Provides indicators of compromise (IOCs) across IP addresses, domains, URLs, and file hashes to help security teams detect and respond to active threats faster.

Our cybersecurity specialists can help you interpret these threat patterns and strengthen defenses so a single intrusion does not escalate into a larger operational disruption.