Four Cyber Incidents Hit Global Systems: Tata Breach, Samsung Flaw, Brazil Alert Hack, FortiBleed Campaign

A concentrated wave of cybersecurity incidents has struck across four continents this week, targeting semiconductor supply chains, mobile device kernels, national emergency networks, and enterprise firewall infrastructure. The events underscore how attackers are diversifying their targets and methods.

Tata Electronics confirmed a data breach on February 11 after the threat group World Leaks published a database allegedly containing 200,000 files from Apple and Tesla. The leaked data includes schematics and production records related to the company's semiconductor fabrication operations in India.

Eight-Year-Old Samsung KNOX Vulnerability

Security researchers disclosed a high-severity use-after-free vulnerability in Samsung's KNOX security framework that has remained undetected for eight years. The flaw affects Android-powered Galaxy devices from the S9 through the latest S25 series. Researchers at Google's Threat Analysis Group and Samsung's security teams estimate the vulnerability exposes millions of devices to kernel-level attacks.

• The vulnerability, tracked as CVE-2025-0001, allows local privilege escalation in the KNOX kernel module.
• Samsung has released patches for the S23, S24, and S25 series as of February 10, but the S9 through S22 series remain unpatched on some carriers.
• The flaw was discovered during a routine audit of Samsung's TrustZone implementation, which underpins KNOX.

Emergency Alert System Hijacked in Brazil

An unidentified hacker breached Brazil's national emergency alert system, sending a message reading "misanthropy" to millions of mobile phones across the country. The incident occurred on February 10 and triggered confusion among citizens in Sao Paulo, Rio de Janeiro, and Brasilia. The system, designed to issue tsunami warnings and Amber Alerts, was taken offline for 12 hours while forensic teams assessed the breach.

The attacker exploited a weak API key that was reused across multiple government systems. Brazil's National Telecommunications Agency is now reviewing all third-party integrations with the alert platform, which was built by a consortium of local telcos and Cisco Systems.

FortiBleed Campaign Persists

The ongoing FortiBleed campaign has escalated, with threat actors deploying a Golang-based sniffer that targets FortiGate firewalls. According to researchers at Mandiant, the attackers have identified over 110 million credentials from 430,000 exposed devices. The campaign, first detected in December 2024, uses a custom tool dubbed FortiSniffer that extracts VPN credentials and session tokens from firewall logs.

Fortinet has released patches for 18 of the 22 vulnerabilities exploited in the campaign, but attackers are now pivoting to zero-day exploits in the FortiOS web interface. Mandiant recommends immediate patching and network segmentation for all FortiGate appliances exposed to the internet.

What comes next: The FBI has issued a flash alert urging organizations to audit their emergency notification systems, while CISA released binding operational directives for federal agencies to patch the Samsung KNOX flaw within 14 days. Tata Electronics is cooperating with Indian cyber police, and the company's stock dropped 3.2 percent on the National Stock Exchange following the breach announcement.