🌐 hackmanac.com
🌐 hackrisk.io
As we step into 2026, cyber risk analysis needs more than isolated data points — it requires context and comparison.
Today, HackRisk introduces 𝐓𝐫𝐞𝐧𝐝 𝐂𝐨𝐦𝐩𝐚𝐫𝐢𝐬𝐨𝐧, a 𝐧𝐞𝐰 𝐩𝐫𝐞𝐦𝐢𝐮𝐦 𝐜𝐚𝐩𝐚𝐛𝐢𝐥𝐢𝐭𝐲 designed for professionals who rely on data to make strategic decisions.
1/3
🇳🇱Netherlands - Odido
Odido suffered a cyberattack exposing personal data from 6.2 million customer accounts, including names, contact details, IBANs, and ID information.
🇳🇱Netherlands - Odido
Odido suffered a cyberattack exposing personal data from 6.2 million customer accounts, including names, contact details, IBANs, and ID information.
Since November 24, LockBit has resurfaced in its fifth reincarnation — 𝐋𝐨𝐜𝐤𝐁𝐢𝐭 𝟓.𝟎 — and has already been linked to 99 attacks.
For a CISO, the key question is:
“𝙄𝙨 𝙇𝙤𝙘𝙠𝘽𝙞𝙩 𝙧𝙚𝙡𝙚𝙫𝙖𝙣𝙩 𝙩𝙤 𝙢𝙮 𝙤𝙧𝙜𝙖𝙣𝙞𝙯𝙖𝙩𝙞𝙤𝙣?”
1/5
Since November 24, LockBit has resurfaced in its fifth reincarnation — 𝐋𝐨𝐜𝐤𝐁𝐢𝐭 𝟓.𝟎 — and has already been linked to 99 attacks.
For a CISO, the key question is:
“𝙄𝙨 𝙇𝙤𝙘𝙠𝘽𝙞𝙩 𝙧𝙚𝙡𝙚𝙫𝙖𝙣𝙩 𝙩𝙤 𝙢𝙮 𝙤𝙧𝙜𝙖𝙣𝙞𝙯𝙖𝙩𝙞𝙤𝙣?”
1/5
🇺🇸US - Tsunami Tsolutions
Everest hacking group claims to have breached Tsunami Tsolutions.
🇺🇸US - Tsunami Tsolutions
Everest hacking group claims to have breached Tsunami Tsolutions.
🇺🇸US - BCS ProSoft
Sinobi hacking group claims to have breached BCS ProSoft.
Allegedly, the attackers exfiltrated 100 GB of data, including financial data, customer’s data and contracts.
Sector: ICT
Threat class: Cybercrime
Observed: Feb 11, 2026
Status: Pending verification
🇺🇸US - BCS ProSoft
Sinobi hacking group claims to have breached BCS ProSoft.
Allegedly, the attackers exfiltrated 100 GB of data, including financial data, customer’s data and contracts.
Sector: ICT
Threat class: Cybercrime
Observed: Feb 11, 2026
Status: Pending verification
Hack Tuesday: Week 04 - 10 February 2026
⚠️334 cyber attacks across 54 countries ⚠️
More details:
hackmanac.com/news/hack-tu...
Hack Tuesday: Week 04 - 10 February 2026
⚠️334 cyber attacks across 54 countries ⚠️
More details:
hackmanac.com/news/hack-tu...
🇸🇦Saudi Arabia - Texcomp
Space Bears hacking group claims to have breached Texcomp.
Allegedly, the attackers exfiltrated an SQL database containing clients’ and partners’ information such as names, email addresses, physical addresses, and phone numbers.
🇸🇦Saudi Arabia - Texcomp
Space Bears hacking group claims to have breached Texcomp.
Allegedly, the attackers exfiltrated an SQL database containing clients’ and partners’ information such as names, email addresses, physical addresses, and phone numbers.
A ransomware group calling itself Reynolds has been spotted. At the moment, only one victim is listed on the cybercriminals’ blog, apparently linked to an attack that occurred on November 13, 2025.
A ransomware group calling itself Reynolds has been spotted. At the moment, only one victim is listed on the cybercriminals’ blog, apparently linked to an attack that occurred on November 13, 2025.
WormGPT
A threat actor known as Sythe claimed to have leaked the database of WormGPT, a cybercrime-focused AI platform, exposing data linked to more than 19,000 users.
The leaked data allegedly includes email addresses, user IDs, and subscription and billing metadata.
WormGPT
A threat actor known as Sythe claimed to have leaked the database of WormGPT, a cybercrime-focused AI platform, exposing data linked to more than 19,000 users.
The leaked data allegedly includes email addresses, user IDs, and subscription and billing metadata.
🇸🇳Senegal - Direction de l'Automatisation des Fichiers (DAF)
The Government of Senegal confirmed a cyber incident at the Directorate of File Automation (DAF) that disrupted national ID, passport, and biometric services nationwide.
🇸🇳Senegal - Direction de l'Automatisation des Fichiers (DAF)
The Government of Senegal confirmed a cyber incident at the Directorate of File Automation (DAF) that disrupted national ID, passport, and biometric services nationwide.
USE 2FA‼️
USE 2FA‼️
USE 2FA‼️
USE 2FA‼️
USE 2FA‼️
USE 2FA‼️
USE 2FA‼️
USE 2FA‼️
USE 2FA‼️
USE 2FA‼️
USE 2FA‼️
USE 2FA‼️
USE 2FA‼️
USE 2FA‼️
USE 2FA‼️
USE 2FA‼️
🇪🇺European Commission
The European Commission disclosed a data breach affecting its mobile device management system, detected on January 30, 2026.
The incident may have exposed staff names and mobile phone numbers, with no evidence of device compromise.
🇪🇺European Commission
The European Commission disclosed a data breach affecting its mobile device management system, detected on January 30, 2026.
The incident may have exposed staff names and mobile phone numbers, with no evidence of device compromise.
🇯🇵Japan - GEX Co., Ltd. [ ジェックス株式会社 ]
GEX Co., Ltd. disclosed a ransomware incident that encrypted files on part of its internal servers on February 4, 2026, causing operational disruption.
🇯🇵Japan - GEX Co., Ltd. [ ジェックス株式会社 ]
GEX Co., Ltd. disclosed a ransomware incident that encrypted files on part of its internal servers on February 4, 2026, causing operational disruption.
🇮🇹Italy - Sofinter Spa
Payouts King hacking group claims to have breached Sofinter Spa.
🇮🇹Italy - Sofinter Spa
Payouts King hacking group claims to have breached Sofinter Spa.
Here’s this week’s snapshot from HackRisk.io based on our proprietary 𝐄𝐒𝐈𝐗© (𝐸𝑠𝑡𝑖𝑚𝑎𝑡𝑒𝑑 𝑆𝑒𝑣𝑒𝑟𝑖𝑡𝑦 𝐼𝑛𝑑𝑒𝑥) metric that measures operational, financial (direct & indirect), technical and reputational impact of cyber attacks👇
1/7
Here’s this week’s snapshot from HackRisk.io based on our proprietary 𝐄𝐒𝐈𝐗© (𝐸𝑠𝑡𝑖𝑚𝑎𝑡𝑒𝑑 𝑆𝑒𝑣𝑒𝑟𝑖𝑡𝑦 𝐼𝑛𝑑𝑒𝑥) metric that measures operational, financial (direct & indirect), technical and reputational impact of cyber attacks👇
1/7
🇺🇸US - Substack
Substack disclosed a data breach after an unauthorized party accessed its internal systems in October 2025.
🇺🇸US - Substack
Substack disclosed a data breach after an unauthorized party accessed its internal systems in October 2025.
🇷🇴Romania - CONPET S.A.
Qilin hacking group claims to have breached CONPET S.A.
Allegedly, the attackers exfiltrated 1.0 TB of data.
Sector: Energy / Utilities
Threat class: Cybercrime
Observed: Feb 5, 2026
Status: Pending verification
🇷🇴Romania - CONPET S.A.
Qilin hacking group claims to have breached CONPET S.A.
Allegedly, the attackers exfiltrated 1.0 TB of data.
Sector: Energy / Utilities
Threat class: Cybercrime
Observed: Feb 5, 2026
Status: Pending verification
🇮🇹Italy - Sapienza Università di Roma
Hackers at Sapienza, degree appears on the dark web: “Eleven thousand dollars for the diploma”.
For an additional 250 dollars, it is also possible to purchase the doctoral certificate.
Source:
🇮🇹Italy - Sapienza Università di Roma
Hackers at Sapienza, degree appears on the dark web: “Eleven thousand dollars for the diploma”.
For an additional 250 dollars, it is also possible to purchase the doctoral certificate.
Source:
🇸🇳Senegal - Direction de l'Automatisation des Fichiers (DAF)
TH3 GR33N BL00D GR0UP hacking group claims to have breached Direction de l'Automatisation des Fichiers (DAF).
🇸🇳Senegal - Direction de l'Automatisation des Fichiers (DAF)
TH3 GR33N BL00D GR0UP hacking group claims to have breached Direction de l'Automatisation des Fichiers (DAF).
🇯🇵Japan - AOT Japan Ltd.
INC Ransom hacking group claims to have breached AOT Japan Ltd.
Sector: Transportation / Storage
Threat class: Cybercrime
Observed: Feb 5, 2026
Status: Pending verification
🇯🇵Japan - AOT Japan Ltd.
INC Ransom hacking group claims to have breached AOT Japan Ltd.
Sector: Transportation / Storage
Threat class: Cybercrime
Observed: Feb 5, 2026
Status: Pending verification
🇪🇸Spain - #INCIBE warned of a phishing campaign impersonating the Agencia Estatal de Administración Tributaria #AEAT.
Fraudulent emails claim a new electronic tax notice and redirect victims to fake Dirección Electrónica Habilitada Única (DEHú) pages that steal login credentials.
🇩🇪Germany - RENAFAN GmbH
Qilin hacking group claims to have breached RENAFAN GmbH.
Sector: Healthcare
Threat class: Cybercrime
Observed: Feb 4, 2026
Status: Pending verification
🇩🇪Germany - RENAFAN GmbH
Qilin hacking group claims to have breached RENAFAN GmbH.
Sector: Healthcare
Threat class: Cybercrime
Observed: Feb 4, 2026
Status: Pending verification
HasanBroker claimed responsibility for the takedown BreachForums as part of an operation named #OpVictoria.
HasanBroker claimed responsibility for the takedown BreachForums as part of an operation named #OpVictoria.
🇯🇵🇰🇷 - Pure Surface Technology, Ltd. (Parent company: ULVAC, Inc.)
ULVAC, Inc. disclosed a ransomware attack affecting its Korean subsidiary, Pure Surface Technology, Ltd., detected on January 10, 2026 and announced on February 4, 2026.
🇯🇵🇰🇷 - Pure Surface Technology, Ltd. (Parent company: ULVAC, Inc.)
ULVAC, Inc. disclosed a ransomware attack affecting its Korean subsidiary, Pure Surface Technology, Ltd., detected on January 10, 2026 and announced on February 4, 2026.
🇯🇵Japan - Anabuki Housing Service Co., Ltd. [株式会社穴吹ハウジングサービス]
Anabuki Housing Service Co., Ltd. disclosed a ransomware incident on February 3, 2026, affecting part of its internal servers.
🇯🇵Japan - Anabuki Housing Service Co., Ltd. [株式会社穴吹ハウジングサービス]
Anabuki Housing Service Co., Ltd. disclosed a ransomware incident on February 3, 2026, affecting part of its internal servers.
🇺🇸US - Harvard University & University of Pennsylvania
ShinyHunters hacking group claims to have exposed data belonging to Harvard University and the University of Pennsylvania.
🇺🇸US - Harvard University & University of Pennsylvania
ShinyHunters hacking group claims to have exposed data belonging to Harvard University and the University of Pennsylvania.