Centre for Information Technologies of the State (CTIE)
February 26, 2026
•[ malware, data leak, government ]
CTIE detected malware on a system used to manage government mobile-device access and later said an external actor accessed device-holder information and device characteristics. The temporary loss of mobile access to internal state services resulted from CTIE isolating the affected system as a precaution.
Ngong Ping 360
February 26, 2026
•[ ransomware, data breach, internal network compromise ]
Ngong Ping 360 said an attacker stole personal data from its internal network and made a ransom demand. The company said the affected network was separate from cable car operations and electronic payment systems.
Peak Software Systems
February 26, 2026
•[ ransomware, service outage, payment processing ]
Peak Software Systems said attackers encrypted parts of its infrastructure and disrupted the Sportsman recreation-registration platform, causing outages in online signups, rentals, and some payment processing for customer cities.
KomikoAI
February 25, 2026
•[ data breach, PII, AI prompts ]
In February, the AI-powered comic generation platform KomikoAI suffered a data breach. The incident exposed 1M unique email addresses along with names, user posts and the AI prompts used to generate content. The exposed data enables the mapping of individual AI prompts to specific email addresses.
Lovora
February 25, 2026
•[ data breach, personal information, email addresses ]
In February 2026, the couples and relationship app Lovora allegedly suffered a data breach that exposed 496k unique email addresses. The data also included users display names and profile photos, along with other personal information collected through use of the app. The apps maker, Plantake, did not respond to multiple attempts to contact them about the incident.
Clalit Health Services
February 25, 2026
•[ data leak, healthcare breach, cyber attack ]
Handala claimed it breached Clalit Health Services and published patient files and internal documents online; Clalit said it was investigating the incident and that systems were operating normally.
YES Bank / BookMyForex
February 24, 2026
•[ financial fraud, unauthorized transactions, prepaid forex card breach ]
Attackers used compromised YES Bank and BookMyForex prepaid forex card details to conduct unauthorized USD-BRL transactions at multiple merchants. Roughly 5000 customers were affected and about $280000 in fraudulent transactions were processed before the activity was blocked.
LexisNexis Legal & Professional
February 24, 2026
•[ data leak, cloud security breach, vulnerability exploitation ]
FulcrumSec breached LexisNexis Legal & Professional AWS infrastructure through a vulnerable React container and exfiltrated company and customer data. The stolen dataset includes millions of database records and customer account information.
Undisclosed Middle East entity
February 24, 2026
•[ ransomware, cyberattack, data breach ]
Symantec and Carbon Black linked Lazarus to a Medusa ransomware attack against an undisclosed Middle East entity; the same reporting noted an unsuccessful attempt against a U.S. healthcare organization, which is not coded here as a successful event.
Local 100 chapter of the Transport Workers Union of America
February 24, 2026
•[ ransomware, data leak, identity theft ]
SC Media reported that Qilin claimed to have breached TWU Local 100 (NYC transit union) and published stolen data on its leak site, putting over 41,000 active transit workers and 26,000 retirees at risk of identity theft. The report notes Qilin did not specify how much data was taken, but highlighted that the union retains sensitive employee information such as contact details, salary information, job titles, medical and insurance benefits, and retirement/pension planning information. The report frames the incident as a ransomware groups breach claim with a presumed data-theft/extortion outcome.
An undisclosed U.S. healthcare organization
February 24, 2026
•[ ransomware, healthcare, encryption ]
Beazley Security and Halcyon reported that Pay2Key maintained access to a compromised administrative account at an undisclosed U.S. healthcare organization for several days before deploying ransomware in late February 2026 and encrypting the environment within three hours; no data exfiltration or ransom demand was reported.
MediMap
February 22, 2026
•[ data integrity, unauthorized access, healthcare breach ]
MediMap was taken offline after an unauthorized user altered patient records, including names, ages, living status, and facility assignments, disrupting medication management across New Zealand providers. Some of the records were changed to designate the patient as dead or have them name changed to Charlie Kirk.
Grand Hotel Taipei
February 21, 2026
•[ cyberattack, data leak, unauthorized access ]
Grand Hotel Taipei reported a cyberattack on its systems and warned that guest reservation information may have been accessed. The potentially exposed data includes guest names and contact details, though the number of affected individuals has not been disclosed.
Russian military drone operators
February 21, 2026
•[ data leak, monitoring systems, drone operators ]
Ukrainian hacktivists from the Fenix cyber analytics center, supported by volunteers of the InformNapalm international intelligence community, compromised accounts of Russian military personnel and gained access to monitoring systems used by attack drone operators.
University of Mississippi Medical Center (UMMC)
February 20, 2026
•[ ransomware, operational disruption, healthcare ]
UMMC reported a ransomware attack triggered its emergency operations plan and forced it to cancel all clinic appointments and elective procedures at locations statewide while it assessed the intrusion and worked to restore systems. Public reporting described broad impacts to phone and electronic systems and significant disruption to patient care workflows, with staff reverting to manual processes. UMMC stated it was working with federal authorities (including the FBI) and external experts to investigate scope and recover operations; reporting at the time did not confirm whether patient data was exfiltrated, but the primary confirmed effect was major operational disruption across the health system.
Greenland government-related websites (multiple)
February 20, 2026
•[ DDoS attack, hacktivism, service disruption ]
Greenland media reported that several Greenlandic websites were hit by DDoS attacks on February 20, 2026. Naalakkersuisut stated it was monitoring the situation and assessed that the attacks were not dangerous or harmful to data, but could disrupt availability for short periods. Separate reporting around the same incident attributed the DDoS activity to the pro-Russian hacktivist collective NoName057(16). The confirmed primary effect described is temporary service availability disruption rather than data theft.
Greenland websites (multiple) during Danish/Greenland context
February 20, 2026
•[ DDoS, hacktivism, cyberattack ]
Portuguese-language reporting (from wire coverage) described Denmark denouncing multiple cyberattacks against websites in Greenland, characterized as distributed denial-of-service (DDoS) incidents. The reporting stated the activity was attributed to the pro-Russian hacktivist group NoName057(16) and occurred amid heightened geopolitical attention around the Arctic. The coverage emphasized availability disruption rather than data compromise, indicating the main impact was temporary unavailability or degraded access to targeted public-facing sites.
Scholengemeenschap Bonaire (SGB)
February 20, 2026
•[ ransomware, phishing, data theft ]
Antilliaans Dagblad reported that Scholengemeenschap Bonaire (SGB) was hit by an international ransomware attack, discovered internally after multiple servers failed to start. Europol reportedly informed police about the broader international attack around the same time. Initial analysis indicated one data server used mainly for archive files was infected, and a relatively small portion of data on that server was stolen; investigators were assessing whether the stolen archive files included personal data. SGB said regular education operations were not impacted because key systems ran in a secured cloud environment (including student/admin platforms and Microsoft Office), and it stated usernames/passwords were not stolen. The school reported filing a police report and notifying the BES data protection oversight body, and required staff and students to change passwords and remain vigilant for phishing.
Undisclosed South Korean electronics manufacturer
February 20, 2026
•[ espionage, DLL side-loading, reconnaissance ]
Ministry of Intelligence and Security (MOIS) (MuddyWater), also tracked as Seedworm, breached a major South Korean electronics manufacturer in February 2026 as part of a broader espionage campaign. The actor spent about one week inside the victim network, abused signed Fortemedia and SentinelOne binaries for DLL side-loading, conducted reconnaissance and credential-access activity, and exfiltrated data through a public file-transfer service.
OpenClaw / ClawHub ecosystem (AI assistant skills) – multi-victim campaign
February 19, 2026
•[ infostealer, AI assistant security, credential theft ]
This TecMundo report describes security researchers warning about OpenClaw, a malware operation that, for the first time, is reported to specifically steal secrets tied to an AI assistant ecosystem (tokens/APIs/other assistant-related data). The article frames the activity as a broad distribution campaign (malicious skills/add-ons and infostealer behavior) that can compromise a victims digital identity by extracting authentication artifacts and credentials used to access accounts and services.
