Simba Telecom
February 10, 2026
•[ cyber espionage, network data exfiltration, telecom infrastructure ]
Singapore confirmed that China-linked cyber espionage group UNC3886 targeted the countrys telecom infrastructure, including Simba Telecom. The government said attackers gained limited access to parts of telecom systems, did not disrupt services, and did not access personal data, but did exfiltrate a small amount of technical (network-related) data to advance operational objectives.
An undislosed cryptocurrency company
February 10, 2026
•[ malware, cryptocurrency, AI-generated video ]
BleepingComputer reported that North Korean threat actor UNC1069 ran tailored campaigns using AI-generated video and the ClickFix technique to deliver malware for macOS and Windows to targets in the cryptocurrency sector, with a financially motivated objective.
Gyrovague.com blog
February 10, 2026
•[ DDoS, Denial of Service, malicious script ]
Cybernews reported that Archive.today (archive.ph / archive.is mirrors) embedded a hidden script that turns visitors into participants in a DDoS attack against the Finnish travel blogger site Gyrovague.com. The script is triggered while visitors solve a CAPTCHA and repeatedly hits Gyrovagues search function with randomized requests to defeat caching and increase resource load. The article frames the attack as a personal vendetta tied to a prior OSINT/doxxing blog post about Archive.todays operator, and notes the operator acknowledged the DDoS and issued additional threats. This is coded as a confirmed disruptive denial-of-service action targeting the bloggers site availability/performance.
WormGPT
February 10, 2026
•[ data leak, AI hacking platform, user emails ]
Cybernews reported that user details for the AI hacking platform WormGPT appeared on a data leak forum. The poster claimed they obtained the data earlier in February 2026 and that about 19,000 WormGPT users were affected. The leaked dataset was described as including user emails, payment data, subscription information, user IDs, and other account details. The reporting indicated the forum post included a sample and that the authors credibility and the sample supported the breach claim; WormGPTs operators did not confirm the incident in the article.
York City
February 10, 2026
•[ ransomware, cyberattack, ransom payment ]
Reporting summarized in secondary coverage stated that York Citys cyberattack (described as a major incident that crippled the citys digital infrastructure) led to a $500,000 ransom payment made by the citys insurance company to overseas hackers, according to a former mayor. The report described the payment as roughly half of the initial demand and framed it as necessary to regain control of systems.
Ersten Group
February 9, 2026
•[ stalkerware, data leak, scraping ]
A hacktivist scraped more than half-a-million payment records from a provider of consumer-grade stalkerware phone surveillance apps, exposing customer email addresses and partial payment information. The records include payments for phone-tracking services like Geofinder and uMobix and social-media monitoring services like Peekviewer, and the dataset also includes transaction records from Xnspy. The incident is a data exposure affecting customers who paid for surveillance services, not necessarily the surveilled victims.
At least one European official
February 9, 2026
•[ social engineering, scams, QR-code device linking ]
Social engineering against Signal users using fake support scams and QR-code device linking to spy on targets.
Air Cote d'Ivoire
February 8, 2026
•[ cyberattack, data leak, sensitive files ]
Air Cte d'Ivoire confirmed that a cyberattack on February 8, 2026 affected parts of its information system and involved the illegal extraction of sensitive files, prompting business continuity measures and technical support for flights and other operations.
Odido
February 7, 2026
•[ data leak, unauthorized access, customer data theft ]
Odido confirmed that hackers gained unauthorized access to its customer contact system and covertly downloaded large volumes of customer information. Odido said more than 6.2 million customers were affected. The compromised data includes names, phone numbers, postal and email addresses, dates of birth, IBAN bank account numbers, and government-issued ID details such as passport or drivers license numbers and validity dates. The report did not attribute the incident to a specific threat group and did not describe operational disruption beyond the data compromise.
BridgePay Network Solutions
February 7, 2026
•[ ransomware, payment outage, credit card payments ]
Government Technology reported that multiple public-sector entities experienced credit card payment outages after BridgePay Network Solutions suffered a ransomware attack that caused a systemwide outage of its payment services. BridgePay said services remained unavailable while it worked with internal and external specialists and federal authorities (including the U.S. Secret Service and FBI) on investigation and recovery.
Toy Battles
February 6, 2026
•[ data leak, gaming, PII ]
In February 2026, the online gaming community Toy Battles suffered a data breach. The incident exposed 1k unique email addresses alongside usernames, IP addresses and chat logs. Following the breach, Toy Battles self-submitted the data to Have I Been Pwned.
Iranian air missile defense systems
February 6, 2026
•[ cyber warfare, operational cyber effects, missile defense disruption ]
The Record reported that U.S. officials said U.S. military cyber capabilities were used in 2025 to digitally disrupt Iranian air missile defense systems during strikes on nuclear-related sites (Fordo, Natanz, and Isfahan). Officials said the cyber action targeted a separate military system connected to the nuclear sites and helped prevent Iran from launching surface-to-air missiles at U.S. aircraft. The report framed the event as operational cyber effects in support of kinetic action; technical specifics, the exact duration of disruption, and the precise systems/components affected were not publicly detailed.
Another Ukraine
February 6, 2026
•[ DDoS, availability disruption ]
Russian state media reported that the website of the movement Another Ukraine was hit by another DDoS attack, according to the groups Telegram channel. The organization said the site returned to normal operation after the attack. No data theft was described; the reported impact was short-term disruption of availability.
Beacon Mutual Insurance Co.
February 6, 2026
•[ ransomware, data breach, workers' compensation ]
Insurance Journal reported that Rhode Island-based workers compensation insurer Beacon Mutual experienced a ransomware attack and was working to determine what information and which individuals may have been affected. The report indicates an active investigation and response effort, but does not provide a confirmed data-type list, count of affected individuals, or a detailed timeline of intrusion and restoration in the excerpt available.
La Comisi�n Nacional de Seguros y Fianzas (CNSF)
February 6, 2026
•[ data leak, security incident, PII ]
In the case of the National Insurance and Bonding Commission (CNSF) , the regulator reported that on January 30th it registered an information security incident that exposed intermediary identification documents containing data such as name, CURP (Unique Population Registry Code), RFC (Federal Taxpayer Registry), and photograph.
Nippon Medical School Musashi Kosugi Hospital (日本医科大å¦æ¦è”µå°æ‰ç—…院)
February 6, 2026
•[ ransomware, data breach, healthcare ]
Japans Nippon Medical School Musashi Kosugi Hospital disclosed it suffered a ransomware attack after nurse-call terminals malfunctioned and investigation found its nurse-call system servers were attacked. The hospital stated patient personal information stored on the nurse-call system servers was stolen and that the intrusion path was tied to a maintenance VPN device. Public reporting in Japan said attackers demanded a large ransom (reported internationally as about $100 million). The hospital stated it would not comply with the ransom demand and reported that clinical services continued while investigation and recovery actions proceeded.
Flickr (via an undisclosed third-party provider)
February 5, 2026
•[ data leak, third-party risk, phishing ]
Flickr notified users of a potential data breach after a vulnerability in a system operated by one of its third-party email service providers may have allowed unauthorized access to member information. Flickr said it was alerted on February 5, 2026 and shut down access to the affected system within hours. The company stated that passwords and payment card numbers were not compromised. Exposed data may include real names, email addresses, usernames, account type, IP address, general location, and platform activity; Flickr urged vigilance for phishing and recommended changing passwords on other services if reused.
Spain's Ministry of Science (Ministerio de Ciencia)
February 5, 2026
•[ cyberattack, data leak, IDOR vulnerability ]
Spains Ministry of Science partially shut down IT systems and suspended ongoing administrative procedures following what it called a technical incident, later reported by Spanish media as related to a cyberattack. A threat actor using the alias GordonFreeman claimed responsibility, posted samples, and offered allegedly stolen ministry data for sale. The attacker claimed an IDOR vulnerability enabled credential access and full admin-level access, but BleepingComputer noted it could not independently confirm all claims. The confirmed impact is significant service disruption for citizen/company-facing procedures, with credible indications of data compromise based on posted samples.
University of La Sapienza
February 5, 2026
•[ cyberattack, operational disruption, network shutdown ]
La Sapienza University in Rome reported that its IT infrastructure was targeted by a cyberattack that caused widespread operational disruption. The university announced it ordered an immediate shutdown of network systems as a precaution to protect data integrity and security, and formed a technical task force while notifying authorities. As of the report, the universitys website remained offline and ongoing status updates indicated continued recovery work. Public reporting did not confirm data theft; the primary documented effect is the deliberate shutdown and resulting loss of availability for key university network services.
Network devices in at least one Norwegian organization
February 5, 2026
•[ state-sponsored espionage, network device compromise, telecom ]
The Record reported that Norways Police Security Service (PST) disclosed that the Chinese state-sponsored espionage campaign tracked as Salt Typhoon compromised network devices in Norwegian organizations. PST made the disclosure in its 2026 annual threat assessment and said the actor exploited vulnerable network devices, consistent with a broader telecom/critical infrastructure espionage focus described by allied authorities. The article does not identify specific victim organizations or provide incident-level dates/effects for one named target, so it is best treated as campaign-level reporting rather than a single victim event record.
