Multiple organizations with exposed MongoDB databases
January 30, 2026
•[ MongoDB, data breach, ransomware ]
A threat actor actively accessed, queried, and ransacked more than 1400 publicly exposed MongoDB application servers, exfiltrating data and leaving ransom notes demanding payment in exchange for deletion or non-disclosure of the stolen information.
At least one government, military, and technology entity in Ukraine
January 30, 2026
•[ APT, vulnerability exploitation, state-sponsored attack ]
Security researchers reported that state-sponsored advanced persistent threat groups exploited a WinRAR vulnerability in real-world attacks that successfully compromised at least one government, military, and technology organization in Ukraine, using malicious archive files to gain unauthorized access to victim systems.
Provecho
January 30, 2026
•[ data leak, email addresses, usernames ]
In early 2026, data purportedly sourced from the recipe and meal planning service Provecho was alleged to have been obtained in a breach. The exposed data included 713k unique email address along with username and the creator account holders followed. Provecho has been notified and is aware of the claims surrounding the incident.
European Commission
January 30, 2026
•[ cyberattack, data leak, vulnerability exploitation ]
The European Commission disclosed it detected traces of a cyberattack on January 30, 2026 targeting its central infrastructure used to manage staff mobile devices. The Commission said the incident may have resulted in access to staff names and mobile phone numbers for some employees, but it had not found evidence that managed mobile devices themselves were compromised. The Commission stated its response contained and cleaned the system within nine hours. The article notes the Commission did not disclose the initial access method, but the incident appeared linked to attacks exploiting vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM).
Valtori (Finnish Government ICT Centre) mobile device management service
January 30, 2026
•[ data breach, mobile device management, zero-day vulnerability ]
Valtori reported a data breach identified on January 30, 2026 in the mobile device management service it provides to Finlands government shared ICT services. Valtori said the attacker accessed information used to operate the service, including names, work email addresses, phone numbers, and device details, and that investigation later found the scope could involve a substantially larger number of users (about 50,000). Valtori stated no data stored directly on mobile devices was compromised. The root cause was described as exploitation of a zero-day vulnerability in a commercial mobile management product, compounded by the systems failure to permanently delete historical data.
Match Group Inc. (Tinder, Hinge, OkCupid)
January 29, 2026
•[ data leak, cybercrime, ShinyHunters ]
A cybercrime group calling itself ShinyHunters claimed responsibility for accessing and leaking limited user and internal data from Match Group platforms. Match Group confirmed a security incident but stated that passwords, financial information, and private messages were not compromised.
SmarterTools
January 29, 2026
•[ ransomware, network intrusion, vulnerability ]
SmarterTools confirmed that the Warlock ransomware gang breached its network after compromising a single SmarterMail virtual machine set up by an employee and not kept updated. The company said the intrusion began January 29, 2026 and that the attackers waited about a week before attempting encryption, but security controls reportedly prevented encryption, impacted systems were isolated, and data was restored from backups. SmarterTools stated business applications and customer account data were not impacted.
Embark Studios (Arc Raiders & The Finals servers)
January 28, 2026
•[ DDoS attacks, server disruption, gameplay instability ]
Embark Studios confirmed that the multiplayer games ARC Raiders and The Finals were hit by extensive, coordinated DDoS attacks that disrupted servers, leading to connection drops, lag, and gameplay instability for players worldwide.
Bumble Inc. (dating app)
January 28, 2026
•[ unauthorized access, internal network, compromised account ]
A contractor account at Bumble was compromised, granting limited unauthorized access to part of the internal network. Bumble stated that no user accounts, profile data, messages, or member databases were accessed.
City of New Britain
January 28, 2026
•[ ransomware, cyberattack, infrastructure disruption ]
City of New Britain municipal systems were taken offline following a ransomware attack that disrupted internal networks and communications, prompting coordination with federal and state authorities to restore services.
Figure
January 28, 2026
•[ social engineering, fintech, data leak ]
In February 2026, data obtained from the fintech lending platform Figure was publicly posted online. The exposed data, dating back to January 2026, contained over 900k unique email addresses along with names, phone numbers, physical addresses and dates of birth. Figure confirmed the incident and attributed it to a social engineering attack in which an employee was tricked into providing access.
Euroxx Securities S.A.
January 27, 2026
•[ cyberattack, defensive shutdown, system shutdown ]
Cyberattack on Euroxx prompted a defensive system shutdown; no disruption or data loss confirmed.
Atlas Air
January 27, 2026
•[ ransomware, data leak, aircraft maintenance ]
Cybernews reported that the Everest ransomware group claimed it siphoned 1.2TB of data from cargo airline Atlas Air, including aircraft maintenance documents and repair reports and information related to Boeing aircraft. Cybernews said the attackers did not attach direct data samples, only screenshots, and noted that Atlas Air explicitly denied its systems were breached.
Concello de Sanxenxo (Spanish Municipality)
January 26, 2026
•[ ransomware, data encryption, bitcoin ]
A ransomware attack encrypted thousands of administrative documents at the Concello de Sanxenxo, prompting a $5,000 Bitcoin ransom demand. The city refused to pay and is restoring systems from backups; the incident disrupted internal municipal operations and required a formal complaint to the Guardia Civil.
Ukrainian Armed Forces digital platforms (Sonata messenger)
January 26, 2026
•[ hacktivism, cyber operations, denial of service ]
Hacktivists disrupted a secure messaging platform used by the Ukrainian Armed Forces, blocking communications as part of cyber operations linked to the RussiaUkraine conflict.
Vladimir Bread Factory
January 26, 2026
•[ cyberattack, operational disruption, delivery disruption ]
A cyberattack knocked offline internal digital systems at a Russian bread factory, disrupting order processing and deliveries while production lines continued operating.
Delta (Russian Security and Alarm Services Company)
January 26, 2026
•[ cyberattack, service disruption, state-sponsored attack ]
A cyberattack attributed to a hostile foreign state disrupted Deltas alarm and vehicle services for thousands of users. No customer data compromise confirmed.
Cuero Chamber of Commerce
January 26, 2026
•[ malware, social engineering, ClickFix ]
The Cuero Chamber of Commerce reported a malware/social engineering incident affecting its web properties after a customer noticed suspicious activity in an email sent January 26. The chamber said users registering for an event were shown a CAPTCHA prompt and then instructed to press Windows+R and paste/run contentbehavior consistent with ClickFix social engineering designed to trick victims into executing malicious commands on their own devices. The chamber stated that the Cuero Development Corporation website was the only confirmed security breach and that significant data loss occurred, and it believed the malware was introduced via a third-party platform (Shopify) used for event registration. The chamber said it could not determine how many people or organizations were affected and implemented additional safeguards.
At least one 7-Zip user
January 26, 2026
•[ malware distribution, proxy botnet, domain impersonation ]
Toms Hardware reported that the unofficial domain 7-zip.com (not the official 7-zip.org) served malware-laden downloads for roughly ten days, from January 12 to January 22. The site initially displayed legitimate links, but after 2030 seconds a script swapped download links to a malicious executable, likely to evade basic automated scanning. The malwares primary described function was to install a proxy service, turning victims PCs into nodes in a proxy botnet that criminals could route traffic through to obscure their origins. This is a malware distribution campaign impacting end users rather than a single named victim organizations breach.
Enviro-Hub Holdings Ltd.
January 25, 2026
•[ ransomware, server breach ]
Enviro-Hub Holdings Ltd. disclosed a ransomware attack targeting group servers; company reported no material operational impact.
