Welcome to DBD. Cybercrime made global headlines in 2025. Attacks on well-known brands and organisations raised public awareness of the severity, frequency and impact of cyber attacks. Ransomware attacks were the highest ever recorded, and 2026 could be worse, as cyber criminals continue to extort their victims, with little chance of being brought to justice. It's a dangerous world out there, so please be extra vigilant and mindful of the risks and threats. Wishing you all the best for the New Year. Thanks again for all your support. Stay safe. :)
Dentons Senior Analyst, Washington D.C.
Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 2nd February and 8th February 2026.3rd February
Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group
Open-source attacks move through normal development workflows
Spyware Vendor’s Pall Mall Claims Trigger Civil Society Backlash
2nd February
1st MidAmerica Data Breach Affects 131,000 Members
AI is flooding Identity and Access Management (IAM) systems with new identities
Alleged Data Breach Targets Spain’s Ministry of Science, Innovation, and Universities
Alpine ENT Data Breach Impacts 65,648 Individuals Exposing PII and PHI
Android RAT Uses Hugging Face to Host Malware
Anywhere Real Estate Data Breach Exposes Social Security Numbers
Autonomous AI Agents Emerge As Cybercrime’s New Operating System
BreachForums Breach Exposes Names of 324K Cybercriminals, Upends the Threat Intel Game
Britain and Japan Join Forces on Cybersecurity and Strategic Minerals
Canada Computers data breach exposes guest checkout customers’ card details
Canada Computers says customer information compromised during data breach
CrossCurve Bridge Hacked for $3 Million After Smart Contract Validation Vulnerability Exploited
Crypto Losses Hit Nearly $370 Million in January 2026 as Phishing Scams Surge
Crypto Losses Surge to $370 Million in January, Phishing Dominates
Crypto Theft Jumps to $370 Million in January as Phishing Dominates Losses
Deatak Inc. Targeted by Play Ransomware Attack
December 2025 Healthcare Data Breach Report
DragonForce Ransomware Hits T&M Electric and Mullinax Ford
Encountered fraud messages in the UAE? Here’s what you need to know
Epstein allegedly had a “personal hacker,” was into cyberwar and malware
eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware
Everest Ransomware Breaches Iron Mountain, Polycom, Hosokawa Micron, Shinwa, SIGMA, Acu Trans, and Stellium
Exploit Pack Breach: Full Repository of Exploits and Shellcodes Leaked
Fancy Bear Exploits Microsoft Office Flaw in Ukraine, EU Cyber-Attacks
Flaw in Broadcom Wi-Fi Chipsets Illuminates Importance of Wireless Dependability and Business Continuity
Former Google Engineer Found Guilty of Stealing AI Secrets
From Clawdbot to OpenClaw: This viral AI agent is evolving fast - and it's nightmare fuel for security pros
Gibraltar: Data breach undermined police integrity, judge says, as officers fined £5,000 each
Hackers attempt to extort parents after school refuses to pay ransom fee
Hackers claim 1.4 TB theft from Iron Mountain, major data management company
Hackers exploit vishing to bypass MFA at Okta
Hackers have attacked a Belgian school and are demanding €50 for every child
Hackers share chip photos allegedly stolen from HP subsidiary, Poly
Hackers who hit OkCupid, Bumble, and Crunchbase bypass security with a simple trick: a phone call
Hackers Wipe MongoDB Databases and Leave Ransom Notes in Active Attacks
How state-sponsored attackers hijacked Notepad++ updates
Hugging Face Repositories Abused in New Android Malware Campaign
Ivanti Issues Urgent Fix for Critical Zero-Day Flaws Under Active Attack
Jeffrey Epstein employed a private hacker, new documents reveal
Major health provider data breach may have affected thousands more people - over 700k now thought to have been hit
Malicious ‘Mac Cleaner’ Ads On Google Redirect Users To Phishing Nightmares
Malicious MoltBot skills used to push password-stealing malware
Mandiant Reports ShinyHunters Extortion Tactics, Vishing, and SSO Compromise Target Cloud Environments
Massive 31.4 Tbps DDoS attack breaks records: How the 'apex' of botnets could be weaponizing your home devices
Michigan Sugar Data Breach Affects 16,689 People
Moltbook: fear data breach, not an AI apocalypse
National Security Agency (NSA) Publishes New Zero Trust Implementation Guidelines
NationStates confirms data breach, shuts down game site
New GlassWorm attack targets macOS via compromised OpenVSX extensions
New Punishing Owl Hacker Group Targeting Networks of Russian Government Security Agency
Notepad++ hijacked by suspected state-sponsored hackers
Notepad++ hit by Chinese state-sponsored group, injecting malware into updates
Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users
Notepad++ update feature hijacked by Chinese state hackers for months
Notepad++ Update Hijacking Linked to Hosting Provider Compromise
Notepad++ Updates Delivered Malware After Hosting Provider Breach
Nuneaton school fully operational after recovery from cyber attack
Open VSX Registry Deploys GlassWorm Malware via Four Malicious Extension Versions
Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm
OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link
OpenClaw is a security nightmare - 5 red flags you shouldn't ignore (before it's too late)
Over 1,400 MongoDB Databases Ransacked by Threat Actor
Panera Bread breach impacts 5.1 million accounts, not 14 million customers
Phishing Scam Uses Clean Emails and PDFs to Steal Dropbox Logins
Punishing Owl Hacker Group Targets Russian Government Networks
Qatar: National Cyber Security Agency issues binding decision against sports company due to personal data breach
Qilin Attacks Stephenson Ziegenhorn & Bernard, Sprokkit, INGUS, JCM Agricola
Ransomware report notes fourth quarter 2025 attack surge
Ransomware Strikes Rome's Leading University
Ransomware Without Encryption: Why Pure Exfiltration Attacks Are Surging
Research Says Gen Z Is Nearly 3 Times More Vulnerable To Phishing Than Boomers, Here’s Why
Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users
Rome: Hacker attack on Sapienza University, several systems affected and blocked
Russian APT28 Exploit Zero-Day Hours After Microsoft Discloses Office Vulnerability
Russian Hacker Alliance Launches Large-Scale Cyberattack On Denmark
Russian hackers exploit recently patched Microsoft Office bug in attacks
Russian ransomware hackers allegedly hit Tulsa airport in cyberattack, dump private files online as proof
San Juan Andes Health System Data Breach Exposes Patient Photos
Scottish Council Had “Gaps in Cybersecurity” Prior to Cyber-attack
ShinyHunters flip the script on MFA in new data theft attacks
ShinyHunters Leads Surge in Vishing Attacks to Steal SaaS Data
ShinyHunters-Branded Extortion Activity Expands, Escalates
Spain Ministry of Universities Data Breach
Spyware maker is hijacking diplomatic efforts to limit commercial hacking, civil society warns
State-Aligned Actors Exploit Unrest with RedKitten AI-Accelerated Campaign Targeting Iranian Protests
Taiwan HVAC Engineering Association Data Breach by Hexvior Group
Top ‘Trusted’ Platforms are Key Attack Surfaces
Was Your Data Exposed in the Latest Under Armour Breach? Here’s What You Should Do
Where National Security Agency (NSA) zero trust guidance aligns with enterprise reality
WoundTech Data Breach Exposes 160,000 Sensitive Patient Records
