An undisclosed U.S. healthcare organization
February 24, 2026
•[ ransomware, healthcare, encryption ]
Beazley Security and Halcyon reported that Pay2Key maintained access to a compromised administrative account at an undisclosed U.S. healthcare organization for several days before deploying ransomware in late February 2026 and encrypting the environment within three hours; no data exfiltration or ransom demand was reported.
MediMap
February 22, 2026
•[ data integrity, unauthorized access, healthcare breach ]
MediMap was taken offline after an unauthorized user altered patient records, including names, ages, living status, and facility assignments, disrupting medication management across New Zealand providers. Some of the records were changed to designate the patient as dead or have them name changed to Charlie Kirk.
Grand Hotel Taipei
February 21, 2026
•[ cyberattack, data leak, unauthorized access ]
Grand Hotel Taipei reported a cyberattack on its systems and warned that guest reservation information may have been accessed. The potentially exposed data includes guest names and contact details, though the number of affected individuals has not been disclosed.
Russian military drone operators
February 21, 2026
•[ data leak, monitoring systems, drone operators ]
Ukrainian hacktivists from the Fenix cyber analytics center, supported by volunteers of the InformNapalm international intelligence community, compromised accounts of Russian military personnel and gained access to monitoring systems used by attack drone operators.
University of Mississippi Medical Center (UMMC)
February 20, 2026
•[ ransomware, operational disruption, healthcare ]
UMMC reported a ransomware attack triggered its emergency operations plan and forced it to cancel all clinic appointments and elective procedures at locations statewide while it assessed the intrusion and worked to restore systems. Public reporting described broad impacts to phone and electronic systems and significant disruption to patient care workflows, with staff reverting to manual processes. UMMC stated it was working with federal authorities (including the FBI) and external experts to investigate scope and recover operations; reporting at the time did not confirm whether patient data was exfiltrated, but the primary confirmed effect was major operational disruption across the health system.
Greenland government-related websites (multiple)
February 20, 2026
•[ DDoS attack, hacktivism, service disruption ]
Greenland media reported that several Greenlandic websites were hit by DDoS attacks on February 20, 2026. Naalakkersuisut stated it was monitoring the situation and assessed that the attacks were not dangerous or harmful to data, but could disrupt availability for short periods. Separate reporting around the same incident attributed the DDoS activity to the pro-Russian hacktivist collective NoName057(16). The confirmed primary effect described is temporary service availability disruption rather than data theft.
Greenland websites (multiple) during Danish/Greenland context
February 20, 2026
•[ DDoS, hacktivism, cyberattack ]
Portuguese-language reporting (from wire coverage) described Denmark denouncing multiple cyberattacks against websites in Greenland, characterized as distributed denial-of-service (DDoS) incidents. The reporting stated the activity was attributed to the pro-Russian hacktivist group NoName057(16) and occurred amid heightened geopolitical attention around the Arctic. The coverage emphasized availability disruption rather than data compromise, indicating the main impact was temporary unavailability or degraded access to targeted public-facing sites.
Scholengemeenschap Bonaire (SGB)
February 20, 2026
•[ ransomware, phishing, data theft ]
Antilliaans Dagblad reported that Scholengemeenschap Bonaire (SGB) was hit by an international ransomware attack, discovered internally after multiple servers failed to start. Europol reportedly informed police about the broader international attack around the same time. Initial analysis indicated one data server used mainly for archive files was infected, and a relatively small portion of data on that server was stolen; investigators were assessing whether the stolen archive files included personal data. SGB said regular education operations were not impacted because key systems ran in a secured cloud environment (including student/admin platforms and Microsoft Office), and it stated usernames/passwords were not stolen. The school reported filing a police report and notifying the BES data protection oversight body, and required staff and students to change passwords and remain vigilant for phishing.
OpenClaw / ClawHub ecosystem (AI assistant skills) – multi-victim campaign
February 19, 2026
•[ infostealer, AI assistant security, credential theft ]
This TecMundo report describes security researchers warning about OpenClaw, a malware operation that, for the first time, is reported to specifically steal secrets tied to an AI assistant ecosystem (tokens/APIs/other assistant-related data). The article frames the activity as a broad distribution campaign (malicious skills/add-ons and infostealer behavior) that can compromise a victims digital identity by extracting authentication artifacts and credentials used to access accounts and services.
Advantest Corporation
February 19, 2026
•[ ransomware, unauthorized access, incident response ]
Advantest disclosed it detected unusual activity in its IT environment on February 15, 2026 (JST) and activated incident response, isolating affected systems and engaging external cybersecurity experts. Preliminary findings indicated an unauthorized third party may have accessed parts of the companys network and deployed ransomware. Advantest stated the investigation was ongoing and it had not yet confirmed whether customer or employee data was affected; it said it would notify impacted persons if data exposure is confirmed. The public reporting focused on containment and restoration actions and did not describe prolonged manufacturing shutdowns or downstream customer impacts.
Local entities in the Cayman Islands (malicious PDF campaign)
February 19, 2026
•[ phishing, malware, email security ]
RCIPS warned that a malicious PDF was being sent to local entities from a compromised email address. The PDF contained a VIEW PDF link that, when clicked, installs malware; authorities stated they were already aware of some local systems being compromised because recipients clicked the embedded link. The public advisory provided guidance to treat unexpected PDFs as suspicious, avoid clicking the embedded link, and report incidents.
Grange Dental Care
February 19, 2026
•[ phishing, fraudulent invoices, system compromise ]
Threat actors compromised Grange Dental Cares system and sent fraudulent invoice emails from the practice before the incident was quickly contained.
Undisclosed contractor supporting National Bank of Ukraine numismatic online store
February 19, 2026
•[ data leak, supply chain attack, cyberattack ]
Attackers breached an undisclosed contractor supporting the National Bank of Ukraine's numismatic online store, potentially exposing customer registration and delivery data; the online store was temporarily taken offline while the incident was investigated.
Fundação Getúlio Vargas
February 19, 2026
•[ ransomware, data-extortion, data leak ]
TecMundo reported that ransomware/data-extortion group Dragonforce listed Fundao Getulio Vargas (FGV) as a purported victim and claimed a compromise of 1.52 TB of data, posting images of documents as proof and setting a countdown (typical extortion deadline) for publication if ransom is not paid. TecMundo said it reviewed sample documents that appeared to include internship registration forms, personnel/event records, and project proposals. FGV responded that it had experienced service/provider instability that was resolved and that it had no confirmation of system intrusion or data exfiltration, stating that anonymous dark web postings were not proof.
North Ferry Company
February 18, 2026
•[ ransomware, operational disruption, payment system ]
An editorial in the Riverhead News-Review stated that North Ferry Companys payment system froze under a ransomware attack the prior week, preventing customers from paying online while the FBI and U.S. Secret Service investigated. The piece uses the incident to argue local governments and businesses on Long Islands North Fork should treat ransomware as a recurring risk, referencing earlier attacks such as Southold Towns pre-Thanksgiving ransomware disruption. The editorial does not provide the exact attack date, ransomware group, access vector, or whether any data was stolen, but it describes a confirmed operational disruption to the ferry companys payment system consistent with ransomware.
Quitbro
February 17, 2026
•[ data breach, data leak, PII ]
In February 2026, the porn addiction app Quitbro allegedly suffered a data breach that exposed 23k unique email addresses. The data also included users years of birth, responses to questions within the app and their last recorded relapse time. The apps maker, Plantake, did not respond to multiple attempts to contact them about the incident.
Grupo Godo
February 16, 2026
•[ DDoS attack, service availability disruption, cybersecurity protocols ]
Grupo God reported that the websites of La Vanguardia, Mundo Deportivo, RAC1, and RAC105 experienced a coordinated DDoS attack starting around 06:08 that caused slow loading, intermittent errors, and in some cases total access failures. The group said the attack originated from infrastructure located in Germany and that technical teams activated cybersecurity protocols and mitigation measures to restore services, which returned to normal between approximately 07:30 and 07:40. The company stated that technical analysis found no unauthorized access to personal data and that the incident was limited to saturating systems with massive external traffic, making this a service availability disruption without confirmed data theft.
Mercer Advisors
February 16, 2026
•[ cybersecurity breach, ransomware, data leak ]
Wealth Management reported a class action lawsuit alleging Mercer Advisors suffered a cybersecurity breach around Feb. 16, 2026 carried out by ShinyHunters. The complaint said ShinyHunters demanded ransom within 48 hours and threatened to leak roughly 5.7 million client records; after Mercer refused to pay, the group published the stolen information. The article states the leaked data includes names, Social Security numbers, and other personal information, raising risks of identity theft, fraud, and highly targeted phishing/social engineering. The report also mentions ShinyHunters targeting other wealth firms, but the primary record is the Mercer breach and alleged publication of client data.
At least one Bitcoin owner
February 15, 2026
•[ cryptocurrency, phishing, malicious javascript ]
BleepingComputer described a campaign where threat actors abused Pastebin comments to distribute a ClickFix-style attack that tricks cryptocurrency users into executing malicious JavaScript in their browser. The technique enables attackers to hijack crypto swap transactions and redirect funds to attacker-controlled wallets.
BridgePay Network Solutions (vendor) impacting City of Marietta online payments
February 15, 2026
•[ ransomware, third-party risk, payment processing outage ]
City officials said Mariettas inability to process some online credit card payments was caused by a nationwide ransomware incident at BridgePay Network Solutions, one of the citys online payment gateway providers. The city stated its own systems and data were not compromised, but the vendor outage disrupted payment processing for municipal services. Officials worked to stand up a secure alternative solution while the vendor coordinated response with federal authorities and incident-response partners.
