SUCCESS
March 4, 2026
•[ data breach, personal information, password hashes ]
In March 2026, the personal development and achievement media brand SUCCESS suffered a data breach. The incident exposed 250k unique email addresses along with names, IP addresses, phone numbers and, for a limited number of staff members, bcrypt password hashes. The data also included orders containing physical addresses and the payment method used. In SUCCESS' disclosure notice, they advised their system had also been abused to send offensive newsletters with quotes falsely attributed to contributors.
Passaic County
March 4, 2026
•[ malware, cyberattack, availability disruption ]
Passaic County, New Jersey reported a malware attack that disrupted county IT systems and took down phone lines used across government offices. The county first announced the phone outage the morning of March 4 and later confirmed the same day that the outage was caused by a cyberattack. Officials said they were working with federal and state partners to investigate and contain the issue and would provide updates once resolved. No data theft, ransomware demand, or impacted record counts were disclosed in the public statement; the confirmed primary effect is availability disruption affecting communications and IT services.
Lehigh Carbon Community College
March 4, 2026
•[ data breach, IT disruption, campus closure ]
Reporting stated that Lehigh Carbon Community College in Pennsylvania suffered a data breach that forced the college to close all campuses for more than a week in early March 2026. After reopening, IT disruptions reportedly persisted (including lack of Wi-Fi and phone service), indicating ongoing recovery and restoration of core services. A trustee publicly attributed the closures to a data breach, but the college did not disclose a threat actor, entry vector, or specific data types in the public reporting cited.
Tehran traffic cameras
March 3, 2026
•[ hacking, surveillance, espionage ]
DataBreaches summarized reporting alleging Israeli intelligence hacked or accessed a very large portion of Tehrans traffic camera network over multiple years to track senior Iranian officials, including Ayatollah Ali Khamenei. The reporting claimed real-time camera data (including cameras around Khameneis compound) was encrypted and transmitted to servers in Israel and used to build pattern of life intelligence, such as where security teams parked vehicles.
AkzoNobel
March 3, 2026
•[ ransomware, data leak, internal correspondence ]
AkzoNobel confirmed a security incident at one of its U.S. sites after the Anubis ransomware group published a partial leak. AkzoNobel stated the incident was contained and limited to the affected site. The leak samples described in reporting included confidential client agreements, internal email correspondence, technical specification sheets, material testing documents, and contact data such as email addresses and phone numbers, as well as passport scans.
Ten official Syrian government accounts on the social media platform X
March 3, 2026
•[ social media compromise, account takeover, coordinated intrusion ]
Weekly Blitz reported Syrias Ministry of Communications and Information Technology confirmed that at least ten official Syrian government accounts on X were briefly compromised in a coordinated intrusion. The article lists affected accounts including the General Secretariat of the Presidency, the Syrian Central Bank, and multiple ministries (Transport, Higher Education, Education, Youth and Sports), as well as the elections committee account. The primary impact described is unauthorized takeover of social media accounts (posting capability), not a broader breach of internal government IT systems or confirmed data theft.
Iranian energy and aviation infrastructure
March 2, 2026
•[ DDoS, wipers, intrusions ]
This SecurityWeek link is an overview/analysis of cyber activity during escalating USIsraelIran conflict, describing multiple incidents (e.g., DDoS, wipers, claims of intrusions) by different actors across different targets. It does not describe one discrete cyberattack against a single clearly identified victim with a bounded timeline and measurable primary effects suitable for a single incident record.
Geo News
March 2, 2026
•[ cyberattack, broadcast hijacking, satellite hacking ]
Pakistan Observer reported Geo News said it suffered a sustained and sophisticated cyberattack over the prior 24 hours in which its transmission via Pakistans PakSat satellite was hacked. The channel said attackers breached the broadcast feed, caused repeated interruptions, and hijacked the screen to air unauthorized messages. Geo News stated it had no connection to the malicious content and was working to restore secure operations. The report focuses on disruption of broadcast integrity/availability rather than data theft.
Denmark School District
March 1, 2026
•[ ransomware, cyber incident, connectivity outage ]
Reporting stated the Denmark School District in Denmark, Wisconsin, lost internet access for five school days due to a cyber incident, forcing paper-based workarounds. DataBreaches noted a ransomware tracking site listed the district domain as a claimed victim by INC Ransom with a discovery date of March 1, 2026, but emphasized that listing alone is not confirmation of ransomware or data theft. The confirmed primary effect described is a weeklong connectivity outage impacting school operations.
Department of Homeland Security (DHS)
March 1, 2026
•[ hacktivism, data leak, government contracts ]
DataBreaches summarized reporting that hacktivists calling themselves Department of Peace claimed to have hacked DHS and leaked allegedly stolen documents. The transparency collective DDoSecrets published data described as relating to contracts between DHS, ICE, and more than 6,000 companies (including major defense contractors and large technology firms). The report attributes the source to DHSs Office of Industry Partnership procurement unit; DHS confirmation and the exact intrusion method were not provided in the DataBreaches excerpt.
Undisclosed Qatari organization
March 1, 2026
•[ DLL hijacking, PlugX, backdoor malware ]
HackRead summarized Check Point Research describing a China-linked campaign beginning March 1, 2026 that used conflict-themed lures and DLL hijacking to install PlugX backdoor malware against targets in Qatar. The report described lures disguised as war news and a separate energy-sector lure delivering a Rust loader and ultimately Cobalt Strike, with the goal of espionage against Qatars military and oil/gas interests.
Bitrefill
March 1, 2026
•[ cyberattack, data breach, cryptocurrency theft ]
Bitrefill disclosed that a March 1, 2026 cyberattack originating from a compromised employee laptop enabled attackers to obtain legacy credentials, access a snapshot containing production secrets, and escalate into parts of Bitrefills infrastructure. The attackers accessed parts of the database and some cryptocurrency wallets, leading to theft of funds and misuse of gift card inventory/supply flows. Bitrefill reported exposure of about 18,500 purchase records containing customer email addresses, IP addresses, and cryptocurrency payment addresses; for about 1,000 purchases, customer names were also potentially exposed (stored encrypted, but the attackers may have obtained decryption keys). Bitrefill said it shut down systems to isolate the incident, worked with security experts/on-chain analysts/law enforcement, and assessed the method as consistent with Lazarus/BlueNoroff activity.
Bitrefill
March 1, 2026
•[ data breach, cryptocurrency theft, PII leak ]
Bitrefill published a post-mortem stating it was attacked on March 1, 2026 and attributed the activity to North Koreas Lazarus Group. The breach was discovered after suspicious purchasing patterns suggested gift card stock and supplier supply lines were being exploited. Bitrefill said attackers accessed about 18,500 purchase records containing customer email addresses, crypto payment addresses, and metadata including IP addresses. The attackers also drained some Bitrefill cryptocurrency wallets and transferred funds to attacker-controlled wallets; the company did not disclose the amount stolen and said it would absorb the losses.
Undisclosed Russian company
March 1, 2026
•[ ransomware, cyber warfare, pro-Ukrainian group ]
A pro-Ukrainian group known as Bearlyfy used GenieLocker ransomware against an undisclosed Russian company as part of a broader campaign targeting Russian firms.
Undisclosed Israeli individual smartphone
March 1, 2026
•[ malware, phishing, spyware ]
A trojanized fake Red Alert app delivered through spoofed SMS messages targeted Israeli users and, when installed, enabled theft of messages, contacts, location data, and other device information from affected smartphones.
BadeSaba
February 28, 2026
•[ hacking, hacktivism, propaganda ]
BadeSaba, a religious calendar app with more than 5 million downloads, was hacked to display anti-regime messages to users. The compromised app showed propaganda urging armed forces to surrender and join the people.
IRNA
February 28, 2026
•[ hacktivism, website defacement, political messaging ]
IRNA was hacked to display political messages during the same campaign that affected BadeSaba. Reporting says multiple Iranian news websites were compromised, and this row captures IRNA as one named victim.
Roskomnadzor
February 27, 2026
•[ DDoS attack, multi-vector attack, traffic scrubbing ]
A multi-vector DDoS attack targeted Roskomnadzor online resources. Traffic peaked at 33 Gbps and 36.9 million packets per second before malicious traffic was redirected to scrubbing servers and access was restored.
Ministry of Defence of the Russian Federation
February 27, 2026
•[ DDoS attack, multi-vector attack, cyber attack ]
A multi-vector DDoS attack targeted online resources associated with the Russian Ministry of Defense. Traffic peaked at 33 Gbps and 36.9 million packets per second before mitigation restored access.
Federal State Unitary Enterprise Main Radio Frequency Center
February 27, 2026
•[ DDoS attack, network infrastructure, cyber security ]
A multi-vector DDoS attack targeted infrastructure operated by the Main Radio Frequency Center. Traffic peaked at 33 Gbps and 36.9 million packets per second before malicious traffic was redirected to scrubbing servers and access was restored.
