Werkstatt Bremen
February 12, 2026
•[ ransomware, cyberattack ]
Following a cyberattack on a municipal company in Bremen , the IT systems of the police evidence unit were also affected. The public prosecutor's office is investigating, a spokesperson said, confirming reports from Radio Bremen and the "Weser Kurier." The attack involved ransomware.
An undislosed organization
February 11, 2026
•[ ransomware, persistence, evasion ]
BleepingComputer reported that a member of the Crazy ransomware gang abused legitimate employee monitoring software and the SimpleHelp remote support tool to maintain persistence, evade detection, and prepare for ransomware deployment in victim networks.
York City
February 10, 2026
•[ ransomware, cyberattack, ransom payment ]
Reporting summarized in secondary coverage stated that York Citys cyberattack (described as a major incident that crippled the citys digital infrastructure) led to a $500,000 ransom payment made by the citys insurance company to overseas hackers, according to a former mayor. The report described the payment as roughly half of the initial demand and framed it as necessary to regain control of systems.
BridgePay Network Solutions
February 7, 2026
•[ ransomware, payment outage, credit card payments ]
Government Technology reported that multiple public-sector entities experienced credit card payment outages after BridgePay Network Solutions suffered a ransomware attack that caused a systemwide outage of its payment services. BridgePay said services remained unavailable while it worked with internal and external specialists and federal authorities (including the U.S. Secret Service and FBI) on investigation and recovery.
Beacon Mutual Insurance Co.
February 6, 2026
•[ ransomware, data breach, workers' compensation ]
Insurance Journal reported that Rhode Island-based workers compensation insurer Beacon Mutual experienced a ransomware attack and was working to determine what information and which individuals may have been affected. The report indicates an active investigation and response effort, but does not provide a confirmed data-type list, count of affected individuals, or a detailed timeline of intrusion and restoration in the excerpt available.
Nippon Medical School Musashi Kosugi Hospital (日本医科大å¦æ¦è”µå°æ‰ç—…院)
February 6, 2026
•[ ransomware, data breach, healthcare ]
Japans Nippon Medical School Musashi Kosugi Hospital disclosed it suffered a ransomware attack after nurse-call terminals malfunctioned and investigation found its nurse-call system servers were attacked. The hospital stated patient personal information stored on the nurse-call system servers was stolen and that the intrusion path was tied to a maintenance VPN device. Public reporting in Japan said attackers demanded a large ransom (reported internationally as about $100 million). The hospital stated it would not comply with the ransom demand and reported that clinical services continued while investigation and recovery actions proceeded.
Conpet
February 4, 2026
•[ cyberattack, ransomware, data breach ]
Romanias national oil pipeline operator Conpet said a cyberattack disrupted parts of its technology infrastructure and knocked its website offline earlier in the week, while operational technology systems (including SCADA and telecoms) remained functional and oil transport operations were not affected. Conpet did not confirm a data breach or name the attacker, but the Qilin ransomware group listed Conpet on its leak site and claimed to have stolen nearly one terabyte of data, publishing images of alleged internal documents, financial records, and passport scans. Conpet said it took immediate mitigation steps, worked with national cybersecurity authorities, and filed a criminal complaint.
Senegal's Directorate of File Automation (DAF)
February 3, 2026
•[ ransomware, cyberattack, operational disruption ]
The Record reported that Senegal confirmed a cybersecurity incident affecting its Directorate of File Automation (DAF), an office managing sensitive identity information such as national ID cards, passports, and other biometric data. DAF issued a public notice warning residents that the cyberattack forced the temporary suspension of the offices operations. The article noted the breach became public after ransomware claims, but it did not confirm in the government notice that biometric or identity records were exfiltrated; the confirmed primary effect in the report is operational disruption via suspension/closure of the offices services.
Poly
February 2, 2026
•[ ransomware, data leak, source code ]
HackRead reported that the Everest ransomware group claimed it stole about 90GB of internal data from systems linked to Polycom (a legacy enterprise communications brand now under HP Inc., branded as Poly). Everest said the dataset included an internal database and documentation and threatened publication after a nine-day countdown. Screenshots posted by the group appeared to show engineering build directories, source code trees, debug/log files, and technical documentation for Polycom conferencing platforms (including RMX and RealPresence), with filenames referencing dates from 20172019. The report stated there was no indication that HPs current production systems or customer services were impacted and the screenshots did not show customer personal data.
Onze-Lieve-Vrouwinstituut Pulhof
February 2, 2026
•[ ransomware, encryption, extortion ]
Belgian media reported that OLV Pulhof in Berchem was hacked and its servers were encrypted, consistent with a ransomware incident. The attackers demanded payment and reportedly threatened to publish personal data of students and staff if the ransom was not paid. In a follow-up, school leadership said they had no information that data had actually been leaked at that time and that they were closely monitoring the situation with responders. The incident primarily produced disruption through system encryption and extortion pressure; confirmed data exposure was not established in the referenced update.
Tulsa International Airport
January 31, 2026
•[ ransomware, data leak, internal documents ]
Qilin ransomware gang claimed responsibility for a ransomware attack on Tulsa International Airport and posted leaked internal documents; airport confirmed incident but not the attribution.
Multiple organizations with exposed MongoDB databases
January 30, 2026
•[ MongoDB, data breach, ransomware ]
A threat actor actively accessed, queried, and ransacked more than 1400 publicly exposed MongoDB application servers, exfiltrating data and leaving ransom notes demanding payment in exchange for deletion or non-disclosure of the stolen information.
SmarterTools
January 29, 2026
•[ ransomware, network intrusion, vulnerability ]
SmarterTools confirmed that the Warlock ransomware gang breached its network after compromising a single SmarterMail virtual machine set up by an employee and not kept updated. The company said the intrusion began January 29, 2026 and that the attackers waited about a week before attempting encryption, but security controls reportedly prevented encryption, impacted systems were isolated, and data was restored from backups. SmarterTools stated business applications and customer account data were not impacted.
City of New Britain
January 28, 2026
•[ ransomware, cyberattack, infrastructure disruption ]
City of New Britain municipal systems were taken offline following a ransomware attack that disrupted internal networks and communications, prompting coordination with federal and state authorities to restore services.
Atlas Air
January 27, 2026
•[ ransomware, data leak, aircraft maintenance ]
Cybernews reported that the Everest ransomware group claimed it siphoned 1.2TB of data from cargo airline Atlas Air, including aircraft maintenance documents and repair reports and information related to Boeing aircraft. Cybernews said the attackers did not attach direct data samples, only screenshots, and noted that Atlas Air explicitly denied its systems were breached.
Concello de Sanxenxo (Spanish Municipality)
January 26, 2026
•[ ransomware, data encryption, bitcoin ]
A ransomware attack encrypted thousands of administrative documents at the Concello de Sanxenxo, prompting a $5,000 Bitcoin ransom demand. The city refused to pay and is restoring systems from backups; the incident disrupted internal municipal operations and required a formal complaint to the Guardia Civil.
Enviro-Hub Holdings Ltd.
January 25, 2026
•[ ransomware, server breach ]
Enviro-Hub Holdings Ltd. disclosed a ransomware attack targeting group servers; company reported no material operational impact.
HanseMerkur
January 24, 2026
•[ data leak, ransomware, financial documents ]
DragonForce claimed it stole 97 GB of internal data from German insurer HanseMerkur and released sample financial documents; the company had not confirmed the breach at the time of reporting.
Winona County
January 23, 2026
•[ ransomware, forensics, emergency services ]
Winona County, Minnesota reported responding to a ransomware incident that impacted its computer network. The county engaged third-party cybersecurity and forensics specialists and coordinated with local, state, and federal law enforcement. While emergency services such as 911, fire, and emergency response operations were reported to remain operational, the incident was significant enough that county leadership declared a local emergency. Further technical details, including the ransomware variant, extent of disruption across departments, and whether data was stolen, were not provided in the brief public update.
Nike
January 22, 2026
•[ ransomware, data leak, exfiltration ]
A ransomware group calling itself WorldLeaks (reported as a rebrand of Hunters International) claimed it breached Nike and began leaking data online. The groups leak-site posting dated January 22, 2026 alleged exfiltration of more than 1.4TB of files. A review of the leaked directory names suggested the exposed material primarily relates to product development and manufacturing operations, including design specifications and supplier-related operational documents, along with internal presentations and collaboration materials. Nike stated it was investigating the claims.
