MSP cybersecurity news digest, February 3, 2026 - Acronis

Home Articles Acronis Threat Research Unit February 03, 2026 MSP cybersecurity news digest, February 3, 2026 Unsecured MongoDB databases remain easy targets for data exfiltration and extortion campaigns, ShinyHunters’ leak claims prompt Match Group to confirm limited data exposure event, and more. Here are the latest threats to MSP security. Author: Acronis Threat Research Unit Unsecured MongoDB databases remain easy targets for data exfiltration and extortion campaigns Researchers continue to observe data extortion attacks against internet-exposed MongoDB instances, where threat actors gain access to unsecured databases, copy sensitive data and extort organizations without deploying ransomware. The activity typically starts with unauthenticated access to misconfigured MongoDB servers, followed by data exfiltration and extortion demands, showing that basic exposure issues remain highly exploitable. Publicly accessible databases significantly increase the risk of credential reuse, environment mapping and secondary compromise, especially in environments lacking segmentation and access monitoring. Critical CVEs in SolarWinds web help desk patched after researchers warn of high‑impact exploitation paths SolarWinds released security updates for Web Help Desk addressing critical authentication bypass (tracked as CVE-2025-40552 and CVE-2025-40554) and remote command execution (CVE-2025-40553) issues affecting a widely used help-desk platform. Exploitation could allow attackers to invoke privileged actions and execute code, creating a path to compromise IT support workflows and potentially harvest credentials or tickets containing sensitive data. ITSM / help-desk systems are attractive targets because they can provide indirect access to admin processes and internal infrastructure details. RCE risks emerge for n8n servers as researchers detail sandbox escape impacting stored credentials and tokens Researchers reported vulnerabilities in n8n that could enable sandbox escape leading to remote code execution, placing exposed automation servers at risk. Successful attacks can allow execution on the underlying host, potentially exposing stored credentials, workflow secrets and connected SaaS tokens used by automation pipelines. Automation platforms concentrate on integrations and secrets, so compromise can cascade into multiple connected services quickly. IPIDEA proxy network dismantled after investigation links it to trojanized apps and hijacked endpoints Google and partners disrupted IPIDEA-related infrastructure used to route traffic through compromised devices, targeting domains used for device management and proxy routing. Residential proxy ecosystems can be built via trojanized apps / SDKs or deceptive “bandwidth monetization,” turning endpoints into covert egress nodes used for fraud, scanning and intrusion activity. This reinforces that endpoint compromise isn’t only about local damage — it can also turn fleets into operational infrastructure for threat actors. ShinyHunters’ leak claims prompt Match Group to confirm limited data exposure event Match Group confirmed a cybersecurity incident involving a limited amount of user data, after data was allegedly leaked by the ShinyHunters threat actor. The reporting describes leaked files and claims affecting multiple Match-owned services, highlighting data-theft / extortion dynamics rather than purely disruptive encryption-only events. Consumer platforms remain frequent targets because attackers can monetize access via extortion, credential reuse and downstream fraud. On this page Unsecured MongoDB databases remain easy targets for data exfiltration and extortion campaigns Critical CVEs in SolarWinds web help desk patched after researchers warn of high‑impact exploitation paths RCE risks emerge for n8n servers as researchers detail sandbox escape impacting stored credentials and tokens IPIDEA proxy network dismantled after investigation links it to trojanized apps and hijacked endpoints ShinyHunters’ leak claims prompt Match Group to confirm limited data exposure event Share twitter facebook linkedin reddit Related articles Acronis Cyberthreats Update, March 2026 MSP cybersecurity news digest, March 23, 2026 Vidar Stealer 2.0 distributed via fake game cheats on GitHub and Reddit MSP cybersecurity news digest, March 16, 2026 Opt out of sale of personal data and targeted advertising When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link. More information Allow All Manage Consent Preferences Strictly Necessary Cookies Always Active These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms.    You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. Sale of Personal Data and Targeted Advertising Sale of Personal Data and Targeted Advertising Third party trackers collect information to use for analytics and to personalize your experience with targeted ads. Under the Colorado CPA, the Virginia CDPA, the Texas DPSA, the Oregon CPA, the Montana CDPA, and the Florida DBR, you have the right to opt-out of the sale of your personal data to third parties, of targeted advertising related processing, and of some types of profiling. You may exercise your rights by using the toggles below. If you opt out, the ads and content that you see may not be as relevant to you. Under the Colorado CPA, you have the right to opt back in to these categories at any time should you initially choose to opt out, and you may do so using the same toggles provided below. For more details on the data we process and how to exercise your rights, and to view information related to required opt-in disclosures, see our Privacy Policy Targeting Cookies Switch Label label These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites.    They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. Performance Cookies Switch Label label These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.    All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. Cookie List Clear checkbox label label Apply Cancel Consent Leg.Interest checkbox label label checkbox label label checkbox label label Confirm My Choices