Advantest Corporation
February 19, 2026
•[ ransomware, unauthorized access, incident response ]
Advantest disclosed it detected unusual activity in its IT environment on February 15, 2026 (JST) and activated incident response, isolating affected systems and engaging external cybersecurity experts. Preliminary findings indicated an unauthorized third party may have accessed parts of the companys network and deployed ransomware. Advantest stated the investigation was ongoing and it had not yet confirmed whether customer or employee data was affected; it said it would notify impacted persons if data exposure is confirmed. The public reporting focused on containment and restoration actions and did not describe prolonged manufacturing shutdowns or downstream customer impacts.
Local entities in the Cayman Islands (malicious PDF campaign)
February 19, 2026
•[ phishing, malware, email security ]
RCIPS warned that a malicious PDF was being sent to local entities from a compromised email address. The PDF contained a VIEW PDF link that, when clicked, installs malware; authorities stated they were already aware of some local systems being compromised because recipients clicked the embedded link. The public advisory provided guidance to treat unexpected PDFs as suspicious, avoid clicking the embedded link, and report incidents.
Grange Dental Care
February 19, 2026
•[ phishing, fraudulent invoices, system compromise ]
Threat actors compromised Grange Dental Cares system and sent fraudulent invoice emails from the practice before the incident was quickly contained.
Undisclosed contractor supporting National Bank of Ukraine numismatic online store
February 19, 2026
•[ data leak, supply chain attack, cyberattack ]
Attackers breached an undisclosed contractor supporting the National Bank of Ukraine's numismatic online store, potentially exposing customer registration and delivery data; the online store was temporarily taken offline while the incident was investigated.
Fundação Getúlio Vargas
February 19, 2026
•[ ransomware, data-extortion, data leak ]
TecMundo reported that ransomware/data-extortion group Dragonforce listed Fundao Getulio Vargas (FGV) as a purported victim and claimed a compromise of 1.52 TB of data, posting images of documents as proof and setting a countdown (typical extortion deadline) for publication if ransom is not paid. TecMundo said it reviewed sample documents that appeared to include internship registration forms, personnel/event records, and project proposals. FGV responded that it had experienced service/provider instability that was resolved and that it had no confirmation of system intrusion or data exfiltration, stating that anonymous dark web postings were not proof.
Del Monte Foods
February 19, 2026
•[ ransomware, data leak ]
PayoutsKING claimed responsibility for an attack on Del Monte Foods, with Ransomware.live listing an estimated attack date of February 19, 2026 and discovery on April 30, 2026. Breachsense reported a 1.2TB leak size, while DataBreach indexed approximately 143,000 rows. Public reporting did not confirm encryption, data destruction, attacker-caused operational disruption, or the exact exposed data fields.
Telecare Corporation
February 19, 2026
•[ ransomware, data leak, healthcare ]
Qilin claimed responsibility for an attack on Telecare Corporation on February 19, 2026 and threatened to release sensitive healthcare data unless negotiations began. DataBreach indexed 275,644 rows and listed exposed fields including Social Security numbers, dates of birth, email addresses, phone numbers, names, and street addresses. Public reporting did not confirm encryption, data destruction, attacker-caused operational disruption, or the exact intrusion vector.
North Ferry Company
February 18, 2026
•[ ransomware, operational disruption, payment system ]
An editorial in the Riverhead News-Review stated that North Ferry Companys payment system froze under a ransomware attack the prior week, preventing customers from paying online while the FBI and U.S. Secret Service investigated. The piece uses the incident to argue local governments and businesses on Long Islands North Fork should treat ransomware as a recurring risk, referencing earlier attacks such as Southold Towns pre-Thanksgiving ransomware disruption. The editorial does not provide the exact attack date, ransomware group, access vector, or whether any data was stolen, but it describes a confirmed operational disruption to the ferry companys payment system consistent with ransomware.
Quitbro
February 17, 2026
•[ data breach, data leak, PII ]
In February 2026, the porn addiction app Quitbro allegedly suffered a data breach that exposed 23k unique email addresses. The data also included users years of birth, responses to questions within the app and their last recorded relapse time. The apps maker, Plantake, did not respond to multiple attempts to contact them about the incident.
Grupo Godo
February 16, 2026
•[ DDoS attack, service availability disruption, cybersecurity protocols ]
Grupo God reported that the websites of La Vanguardia, Mundo Deportivo, RAC1, and RAC105 experienced a coordinated DDoS attack starting around 06:08 that caused slow loading, intermittent errors, and in some cases total access failures. The group said the attack originated from infrastructure located in Germany and that technical teams activated cybersecurity protocols and mitigation measures to restore services, which returned to normal between approximately 07:30 and 07:40. The company stated that technical analysis found no unauthorized access to personal data and that the incident was limited to saturating systems with massive external traffic, making this a service availability disruption without confirmed data theft.
Mercer Advisors
February 16, 2026
•[ cybersecurity breach, ransomware, data leak ]
Wealth Management reported a class action lawsuit alleging Mercer Advisors suffered a cybersecurity breach around Feb. 16, 2026 carried out by ShinyHunters. The complaint said ShinyHunters demanded ransom within 48 hours and threatened to leak roughly 5.7 million client records; after Mercer refused to pay, the group published the stolen information. The article states the leaked data includes names, Social Security numbers, and other personal information, raising risks of identity theft, fraud, and highly targeted phishing/social engineering. The report also mentions ShinyHunters targeting other wealth firms, but the primary record is the Mercer breach and alleged publication of client data.
At least one Bitcoin owner
February 15, 2026
•[ cryptocurrency, phishing, malicious javascript ]
BleepingComputer described a campaign where threat actors abused Pastebin comments to distribute a ClickFix-style attack that tricks cryptocurrency users into executing malicious JavaScript in their browser. The technique enables attackers to hijack crypto swap transactions and redirect funds to attacker-controlled wallets.
BridgePay Network Solutions (vendor) impacting City of Marietta online payments
February 15, 2026
•[ ransomware, third-party risk, payment processing outage ]
City officials said Mariettas inability to process some online credit card payments was caused by a nationwide ransomware incident at BridgePay Network Solutions, one of the citys online payment gateway providers. The city stated its own systems and data were not compromised, but the vendor outage disrupted payment processing for municipal services. Officials worked to stand up a secure alternative solution while the vendor coordinated response with federal authorities and incident-response partners.
youX
February 15, 2026
•[ unauthorized access, data leak, exfiltration ]
youX (Australian finance technology platform) confirmed unauthorized access by a third party after a threat actor released data it claimed to have obtained during the incident. Public reporting said youX had flagged an IT security incident about a week earlier and that personal information may have been compromised. External threat reporting associated the incident with a large-scale exfiltration claim (hundreds of gigabytes) affecting borrowers and broker organizations, consistent with data-theft extortion behavior. The companys public statements centered on incident response actions, engagement with external experts, and regulatory notification while it worked to determine the precise scope and which individuals and organizations were impacted.
CarGurus
February 14, 2026
•[ data breach, extortion, data leak ]
In February 2026, the automotive marketplace CarGurus was the target of a data breach attributed to the threat actor ShinyHunters. Following an attempted extortion, the data was published publicly and contained more than 12M email addresses across multiple files including user account ID mappings, finance pre-qualification application data and dealer account and subscription information. Impacted data also included names, phone numbers, physical and IP addresses, and auto finance application outcomes.
Turknet
February 14, 2026
•[ data breaches, Kurd Hacker Forum, Iran ]
Reza abasi notes that there is a new forum called the Kurd Hacker Forum that focuses on databreaches in Iran, Syria, and Turkey. The domain was registered January 28, 2026.
UFP Technologies
February 14, 2026
•[ unauthorized access, data theft, operational disruption ]
UFP Technologies disclosed that threat actors gained unauthorized access to its IT systems around February 14, 2026, disrupting billing and delivery label generation and resulting in the theft or destruction of company or company-related data.
Deutsche Bahn
February 13, 2026
•[ denial-of-service, DDoS, service outage ]
German reporting relayed statements attributed to Germanys BSI leadership describing a massive cyberattack against Deutsche Bahn that overwhelmed systems with exceptionally high request volumes and caused outages to services such as booking. The report characterized the attack as unusually large in scale, consistent with a major denial-of-service event impacting digital service availability. The reporting accessible here does not describe data theft; the primary effect is disruption to online service functionality due to traffic overload.
Washington Hotel chain (Fujita Kanko)
February 13, 2026
•[ ransomware, unauthorized access, point-of-sale system issues ]
A ransomware incident impacted the Washington Hotel chain in Japan, with Fujita Kanko reporting that unauthorized access to some servers was detected on February 13, 2026. The company said it took protective measures to cut off attacker access, formed an internal task force, and engaged police and outside cybersecurity experts. The company confirmed unauthorized access to business data on servers, while stating customer information tied to the external Washington Net system was believed unaffected at the time. Some hotels experienced point-of-sale system issues, but the company reported no major business disruption overall.
CarGurus
February 13, 2026
•[ data breach, social engineering, vishing ]
TechRadar reported that ShinyHunters claimed to have breached CarGurus and stolen about 1.7 million corporate records, threatening to release the data by a stated deadline. The report linked the claim to a broader wave of social-engineering vishing attacks used to obtain employee credentials/MFA codes and then access SSO dashboards (Okta/Entra/Google) and downstream applications. At the time of reporting in the article, CarGurus had not publicly confirmed the breach details, the precise intrusion window, or exactly what categories of data were taken beyond the actors claim, so this record reflects an alleged data-theft event pending independent confirmation.
