Italian security cameras
February 5, 2026
•[ DDoS attacks, hacktivism, security cameras ]
Italian reporting stated that pro-Russian hacktivist group NoName057(16) launched DDoS attacks connected to the digital ecosystem around the MilanCortina 2026 Winter Olympics. The reported primary effect is disruption attempts against public-facing online services linked to the event. The article also notes the group displayed content suggesting access to security cameras, but it does not provide sufficient detail to code a separate confirmed camera compromise event; the core confirmed effect described is DDoS activity against websites/services.
Rinku Singh's Facebook account
February 5, 2026
•[ account takeover, hacking, social media breach ]
Indian media reported that cricketer Rinku Singhs Facebook account was hacked, with police stating the cybercrime unit was investigating. The report indicated it was not yet known whether the compromise resulted in financial fraud or other misuse beyond unauthorized access/control of the account. The confirmed effect is account compromise and loss of control of a social media profile; additional impacts were not established in the reporting.
Conpet
February 4, 2026
•[ cyberattack, ransomware, data breach ]
Romanias national oil pipeline operator Conpet said a cyberattack disrupted parts of its technology infrastructure and knocked its website offline earlier in the week, while operational technology systems (including SCADA and telecoms) remained functional and oil transport operations were not affected. Conpet did not confirm a data breach or name the attacker, but the Qilin ransomware group listed Conpet on its leak site and claimed to have stolen nearly one terabyte of data, publishing images of alleged internal documents, financial records, and passport scans. Conpet said it took immediate mitigation steps, worked with national cybersecurity authorities, and filed a criminal complaint.
HubEE
February 4, 2026
•[ security vulnerability, data leak, unauthorized access ]
It wasn't the Service-public.gouv.fr portal itself that was directly hacked, but a key component of its infrastructure: HubEE, the platform responsible for transmitting supporting documents between users and government agencies. For several days, attackers exploited a security vulnerability, navigating the system undetected.
Choisir le Service Public (French civil service recruitment platform)
February 4, 2026
•[ data leak, personal data theft, phishing risk ]
Frances official civil-service recruitment platform Choisir le Service Public disclosed a security incident that resulted in the theft of personal data for 377,418 registered candidates. The stolen dataset includes standard identifiers (name, address, phone, date of birth, email) and more detailed professional/education profile fields that can enable highly targeted phishing and fraud. The platform stated passwords were not compromised and CVs/attachments were not taken. In response, some features (candidate space access and direct-application functionality) were temporarily disabled for several days, authorities were notified, and a complaint was planned.
Iron Mountain
February 3, 2026
•[ unauthorized access, extortion, compromised credentials ]
Iron Mountain said a breach claim by the Everest extortion gang was limited to access to a single folder on a file-sharing server that primarily contained marketing materials. The company stated that a single compromised login credential was used, the credential was deactivated, and there was no ransomware or malware involvement beyond the unauthorized access. Iron Mountain also said no other systems were breached and that no customer confidential or sensitive information was involved.
NationStates
February 3, 2026
•[ vulnerability, remote code execution, data leak ]
NationStates confirmed a data breach after taking its website offline to investigate a security incident. The operator stated that on January 27, 2026 a player reported a critical vulnerability, then exceeded authorized boundaries and obtained remote code execution on the main production server, allowing them to copy application code and user data. NationStates indicated the only way to restore confidence was to rebuild the server and determine what was accessed or copied, leading to site instability and downtime during response. The incident combines confirmed unauthorized access/data copying with operational disruption from the shutdown/rebuild.
Senegal's Directorate of File Automation (DAF)
February 3, 2026
•[ ransomware, cyberattack, operational disruption ]
The Record reported that Senegal confirmed a cybersecurity incident affecting its Directorate of File Automation (DAF), an office managing sensitive identity information such as national ID cards, passports, and other biometric data. DAF issued a public notice warning residents that the cyberattack forced the temporary suspension of the offices operations. The article noted the breach became public after ransomware claims, but it did not confirm in the government notice that biometric or identity records were exfiltrated; the confirmed primary effect in the report is operational disruption via suspension/closure of the offices services.
Portland Public Schools
February 3, 2026
•[ phishing, email compromise, unauthorized access ]
A phishing email offering a fake part-time job opportunity was sent to students after a staff email account (reported as a teacher account) was compromised. Because the message originated from an internal staff account, it bypassed normal restrictions and reached many student inboxes across the district. The district technology department removed copies of the email from the school system and issued guidance for students who submitted information to the linked form. The confirmed effect is unauthorized use of an internal account to distribute phishing content; the report does not confirm broader system compromise or data exfiltration beyond what students may have submitted to the scam.
Poly
February 2, 2026
•[ ransomware, data leak, source code ]
HackRead reported that the Everest ransomware group claimed it stole about 90GB of internal data from systems linked to Polycom (a legacy enterprise communications brand now under HP Inc., branded as Poly). Everest said the dataset included an internal database and documentation and threatened publication after a nine-day countdown. Screenshots posted by the group appeared to show engineering build directories, source code trees, debug/log files, and technical documentation for Polycom conferencing platforms (including RMX and RealPresence), with filenames referencing dates from 20172019. The report stated there was no indication that HPs current production systems or customer services were impacted and the screenshots did not show customer personal data.
At least one use of GhostChat
February 2, 2026
•[ spyware, phishing, mobile malware ]
A fake Android dating app (GhostChat) identified by researchers as spyware. The app lures victims with locked profiles and fake access codes, then redirects them to WhatsApp and abuses permissions to extract data from victims phones.
Onze-Lieve-Vrouwinstituut Pulhof
February 2, 2026
•[ ransomware, encryption, extortion ]
Belgian media reported that OLV Pulhof in Berchem was hacked and its servers were encrypted, consistent with a ransomware incident. The attackers demanded payment and reportedly threatened to publish personal data of students and staff if the ransom was not paid. In a follow-up, school leadership said they had no information that data had actually been leaked at that time and that they were closely monitoring the situation with responders. The incident primarily produced disruption through system encryption and extortion pressure; confirmed data exposure was not established in the referenced update.
Westport Public Schools email account
February 2, 2026
•[ phishing, email hijacking, data leak ]
Student-submitted personal info via linked Google Form: name, email address, home address, date of birth, grade level, and bank name","Westport Public Schools reported that a district staff email account (identified as a Spanish teachers account) was hijacked on a Friday afternoon and then used to send a phishing email to students in grades K12 with the subject line Employment Program For Westport Public Schools. The message advertised a work-from-home employment program connected to Feed the Children and included a linked Google Form encouraging students to apply. Because the email originated from an internal staff account, it bypassed normal email restrictions and reached student inboxes across the district, including Staples High School. District officials said the technology department removed all copies of the email from the school system and began identifying students who clicked the link and may have submitted personal information; families of students who filled out the form were contacted directly and advised to monitor accounts for fraud. Officials stated no district systems were breached beyond the single compromised email account and that student school-issued accounts remained secure.
Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP) and the Council for Justice
February 1, 2026
•[ vulnerability, data leak, employee personal information ]
Dutch media reporting summarized by DataBreaches stated that a vulnerability in Ivanti Endpoint Manager Mobile (EPMM), used by government agencies, allowed unauthorized third parties to access employee personal information at multiple Dutch agencies, including the Dutch Data Protection Authority and the Council for Justice. The exposed information was described as employee names, email addresses, and phone numbers; the number of affected employees was still under investigation at the time of reporting.
KSeF
February 1, 2026
•[ DDoS attack, service disruption, e-invoicing ]
Polish reporting quoted Finance and Economy Minister Andrzej Domaski stating that early access problems with the KSeF e-invoicing system were due in part to a DDoS attack against the login system, alongside heavy legitimate login attempts. The minister said the DDoS traffic came from 17 countries, which contributed to overload and user access difficulties, and that the situation was brought under control. The reporting does not describe data theft; the primary effect is temporary disruption/degradation of system accessibility due to external traffic flooding.
Olympique de Marseille
February 1, 2026
•[ cyberattack, data leak, data breach ]
Olympique de Marseille confirmed a cyberattack after a threat actor claimed to have breached club systems earlier in February and leaked samples of staff and supporter data online.
Tulsa International Airport
January 31, 2026
•[ ransomware, data leak, internal documents ]
Qilin ransomware gang claimed responsibility for a ransomware attack on Tulsa International Airport and posted leaked internal documents; airport confirmed incident but not the attribution.
Step Finance
January 31, 2026
•[ hacking, cryptocurrency theft, treasury breach ]
Step Finance reported that hackers compromised devices belonging to company executives and used that access to breach several treasury wallets, resulting in approximately $40 million in stolen digital assets. The platform detected the incident on January 31, 2026 and engaged cybersecurity researchers and partners; it reported partial recovery (including assets associated with Remora and other positions) and stated certain operations were halted to reinforce security. The incident affected treasury wallet holdings rather than user rTokens (reported as fully backed), and Step advised users to avoid interacting with the STEP token pending an outcome plan and snapshot process.
Association Nationale des Premiers Secours
January 30, 2026
•[ data breach, PII, legacy system ]
In January 2026, a data breach impacting the French non-profit Association Nationale des Premiers Secours (ANPS) was posted to a hacking forum. The breach exposed 5.6k unique email addresses along with names, dates of birth and places of birth. ANPS self-submitted the data to HIBP and advised the incident was traced back to a legacy system and did not impact health data, financial information or passwords.
Ttareungyi (Seoul public bike-sharing service)
January 30, 2026
•[ data breach, PII exposure, data leak ]
Approximately 4500000 user records including user IDs and mobile phone numbers were exposed in a data breach affecting Seouls public bike-sharing service Ttareungyi; authorities stated the timing of the exposure was under investigation, and no attacker attribution had been confirmed at the time of reporting.
