Yeshiva World News
March 18, 2026
•[ defacement, hacktivism, website downtime ]
Yeshiva World News was defaced with pro-Iran imagery and Farsi text on March 18, 2026, knocking the homepage offline and leaving the site on a maintenance page while restoration work continued.
Verifone
March 11, 2026
•[ hacktivism, data breach claim, cyber attack ]
Cybernews reported that the pro-Iranian hacktivist group Handala claimed it attacked two US multinationals with ties to Israelpayments firm Verifone and medical technology firm Strykerframing the actions as retaliation. Verifone denied the breach claims. The article describes actor claims and escalation risk, but does not provide independently verified evidence of successful compromise or confirmed stolen data for either company in the reporting.
Department of Homeland Security (DHS)
March 1, 2026
•[ hacktivism, data leak, government contracts ]
DataBreaches summarized reporting that hacktivists calling themselves Department of Peace claimed to have hacked DHS and leaked allegedly stolen documents. The transparency collective DDoSecrets published data described as relating to contracts between DHS, ICE, and more than 6,000 companies (including major defense contractors and large technology firms). The report attributes the source to DHSs Office of Industry Partnership procurement unit; DHS confirmation and the exact intrusion method were not provided in the DataBreaches excerpt.
BadeSaba
February 28, 2026
•[ hacking, hacktivism, propaganda ]
BadeSaba, a religious calendar app with more than 5 million downloads, was hacked to display anti-regime messages to users. The compromised app showed propaganda urging armed forces to surrender and join the people.
IRNA
February 28, 2026
•[ hacktivism, website defacement, political messaging ]
IRNA was hacked to display political messages during the same campaign that affected BadeSaba. Reporting says multiple Iranian news websites were compromised, and this row captures IRNA as one named victim.
KPMG Israel
February 27, 2026
•[ hacktivism, DDoS, website defacements ]
Industrial Cyber summarized Intel 471 analysis that USIsrael strikes on Iran triggered a surge of hacktivist activity and claims of DDoS, website defacements, and breach allegations. The most impacted regions during Feb 27Mar 6, 2026 were reported as Israel, Kuwait, and Jordan, with Bahrain, Qatar, and the UAE also in the top ten; the most targeted industries included national government, aerospace/defense, and technology. The article describes broad, multi-actor retaliation dynamics (including pro-Russian and pro-Iranian collectives) rather than one discrete confirmed cyber event against a single named target.
Russian military drone operators
February 21, 2026
•[ data leak, monitoring systems, drone operators ]
Ukrainian hacktivists from the Fenix cyber analytics center, supported by volunteers of the InformNapalm international intelligence community, compromised accounts of Russian military personnel and gained access to monitoring systems used by attack drone operators.
Greenland government-related websites (multiple)
February 20, 2026
•[ DDoS attack, hacktivism, service disruption ]
Greenland media reported that several Greenlandic websites were hit by DDoS attacks on February 20, 2026. Naalakkersuisut stated it was monitoring the situation and assessed that the attacks were not dangerous or harmful to data, but could disrupt availability for short periods. Separate reporting around the same incident attributed the DDoS activity to the pro-Russian hacktivist collective NoName057(16). The confirmed primary effect described is temporary service availability disruption rather than data theft.
Greenland websites (multiple) during Danish/Greenland context
February 20, 2026
•[ DDoS, hacktivism, cyberattack ]
Portuguese-language reporting (from wire coverage) described Denmark denouncing multiple cyberattacks against websites in Greenland, characterized as distributed denial-of-service (DDoS) incidents. The reporting stated the activity was attributed to the pro-Russian hacktivist group NoName057(16) and occurred amid heightened geopolitical attention around the Arctic. The coverage emphasized availability disruption rather than data compromise, indicating the main impact was temporary unavailability or degraded access to targeted public-facing sites.
Ersten Group
February 9, 2026
•[ stalkerware, data leak, scraping ]
A hacktivist scraped more than half-a-million payment records from a provider of consumer-grade stalkerware phone surveillance apps, exposing customer email addresses and partial payment information. The records include payments for phone-tracking services like Geofinder and uMobix and social-media monitoring services like Peekviewer, and the dataset also includes transaction records from Xnspy. The incident is a data exposure affecting customers who paid for surveillance services, not necessarily the surveilled victims.
Italian security cameras
February 5, 2026
•[ DDoS attacks, hacktivism, security cameras ]
Italian reporting stated that pro-Russian hacktivist group NoName057(16) launched DDoS attacks connected to the digital ecosystem around the MilanCortina 2026 Winter Olympics. The reported primary effect is disruption attempts against public-facing online services linked to the event. The article also notes the group displayed content suggesting access to security cameras, but it does not provide sufficient detail to code a separate confirmed camera compromise event; the core confirmed effect described is DDoS activity against websites/services.
Ukrainian Armed Forces digital platforms (Sonata messenger)
January 26, 2026
•[ hacktivism, cyber operations, denial of service ]
Hacktivists disrupted a secure messaging platform used by the Ukrainian Armed Forces, blocking communications as part of cyber operations linked to the RussiaUkraine conflict.
Badr satellite
January 18, 2026
•[ broadcast hijacking, hacktivism, signal interference ]
The Record reported that several Iranian state television channels were briefly hijacked on Sunday (January 18, 2026), interrupting programming to air protest footage and anti-regime messages, including content associated with an exiled opposition figure. The affected channels were transmitted via the Badr satellite used to deliver provincial stations nationwide. Social media clips showed messages urging continued protests alongside solidarity footage. The incident appears to be a short-lived disruption to broadcast integrity/availability rather than a data theft event; the report did not confirm compromise of internal newsroom systems or theft of customer/employee data.
Free Speech Union (FSU)
January 9, 2026
•[ data leak, hacktivism, donor exposure ]
Cybernews reported that the UK-based Free Speech Union (FSU) was hacked by trans activists and that the names of people who donated 50 or more were publicly listed online. The dataset was made available via Distributed Denial of Secrets (DDoSecrets). The article frames the attack as politically motivated (protest/ideological retaliation) and describes the outcome as exposure of supporter identities; it does not confirm the full set of leaked fields beyond donor names and the donation-threshold context, nor does it describe service disruption at the organization.
WhiteDate
January 2, 2026
•[ hacktivism, data leak, data destruction ]
Reporting describes a hacktivist using the pseudonym Martha Root who infiltrated an extremist dating website and related sites and later demonstrated deleting them live on stage during the Chaos Communication Congress. The coverage indicates the actor used automated tools/AI chatbots to extract and download user profile information and then published the acquired dataset. As described, the incident combined disruptive impact (site/service deletion) with unauthorized access and data acquisition affecting site users.
Mallorca Public Transport System
November 25, 2025
•[ ddos, hacktivism ]
Security reporting described a claimed DDoS attempt attributed to the pro-Russian hacktivist collective NoName057(16) targeting public-facing transport websites linked to Mallorcas TIB. Available reporting indicated analysts believed the group attempted to overload public web endpoints with DDoS traffic, but no verified outages or service interruptions were observed for TIB platforms, and there were no reported impacts on trains, buses, or metro operations.
Donbas Post
November 24, 2025
•[ hacktivism, wiper attack, data destruction ]
Ukrainian Cyber Alliance claimed responsibility for wiping Donbas Post's systems in Russian-occupied Ukraine, deleting data from over 1,000 workstations and dozens of servers, disrupting web, email, and corporate operations.
Department of the Interior and Local Government (DILG)
November 23, 2025
•[ data leak, hacktivism ]
Hacktivist group HappyGoLuckyPH claims to have infiltrated the Philippine Department of the Interior and Local Governments intranet and exfiltrated about 400GB of internal government data, including personal and financial details of roughly 10,000 employees and contractors, while DILG publicly states it is still verifying the alleged breach and says core systems remain stable; despite the ongoing verification, the combination of leaked samples and size claims is treated here as a successful cyberattack involving significant data theft.
Venstre
November 17, 2025
•[ ddos, hacktivism, political ]
A DDoS attack attributed to NoName057(16) temporarily disrupted Venstres website on the eve of Denmarks municipal and regional elections.
Socialdemokratiet
November 17, 2025
•[ ddos, hacktivism, service disruption ]
A DDoS attack attributed to NoName057(16) temporarily disrupted the Social Democrats website on the eve of Denmarks municipal and regional elections.
