Payments platform BridgePay confirms ransomware attack behind outage

• BridgePay Network Solutions, a major U.S. payment gateway provider, confirmed a ransomware attack that disrupted its payment processing systems nationwide starting Friday, February 6, 2026.
• The attack knocked key systems offline including BridgePay Gateway API, PayGuardian Cloud API, MyBridgePay virtual terminal, hosted payment pages, and PathwayLink gateway portals.
• Multiple merchants across the United States were forced to accept cash-only payments due to the widespread card processing outage affecting the platform.
• The com
• pany engaged federal law enforcement including FBI and U.S. Secret Service, along with external forensic and recovery teams to investigate the incident.
• Initial forensic findings indicate that no payment card data has been compromised, and any accessed files were encrypted with no evidence of usable data exposure.
• Organizations affected include City of Palm Bay Florida, Lightspeed Commerce, ThriftTrac, and City of Frisco Texas, all reporting service impacts from the BridgePay incident.
• The company stated recovery could take time and is being handled in a secure and responsible manner while forensic investigation continues.
• BridgePay has not yet disclosed which ransomware group was responsible for the attack that caused this nationwide payment processing disruption.

*Source

Flickr discloses potential data breach exposing users’ names, emails

• Photo-sharing platform Flickr notified users of a potential data breach after a vulnerability at a third-party email service provider exposed user information on February 5, 2026.
• The breach potentially affected user real names, email addresses, Flickr usernames, account types, IP addresses, general location data, and platform activity information.
• Flickr hosts over 28 billion photos and videos with 35 million monthly users and 800 million monthly page views, making this a significant exposure.
• The company shut down access to the affected system within hours of being alerted to the vulnerability by the third-party email service provider.
• Passwords and payment card numbers were not compromised in the incident, according to Flickr’s investigation findings.
• The company did not disclose which third-party email provider was involved or specify the exact number of users potentially affected by this security incident.
• Flickr encouraged affected users to review account settings for unexpected changes and remain vigilant against phishing emails using their account information.
• Users are recommended to update passwords immediately if they use their Flickr credentials on other services as a precautionary security measure.

*Source

Romanian oil pipeline operator Conpet discloses cyberattack

• Romania’s national oil pipeline operator managing nearly 4,000 kilometers of pipeline network, disclosed a cyberattack that disrupted business systems on Tuesday, February 4, 2026.
• The Qilin ransomware gang claimed responsibility for the attack and added Conpet to their dark web leak site, threatening to release stolen data.
• Threat actors claim they stole nearly 1TB of documents from Conpet’s compromised systems and leaked over a dozen photos of internal documents containing financial information and passport scans.
• The attack affected corporate IT infrastructure but did not disrupt operational technologies (SCADA System and Telecommunications System) or core oil transport business operations.
• Conpet’s website was taken offline during the incident, and the company is working with national cybersecurity authorities to investigate and restore affected systems.
• The company notified the Directorate for Investigating Organized Crime and Terrorism (DIICOT) and filed a criminal complaint regarding the security incident.
• Qilin ransomware has emerged as a major threat since 2022, claiming responsibility for nearly 400 victims including high-profile organizations across multiple sectors.
• This attack follows recent ransomware incidents targeting other Romanian critical infrastructure including Romanian Waters, Oltenia Energy Complex, and Electrica Group in recent months.

*Source

Italian university La Sapienza goes offline after cyberattack

• Rome’s La Sapienza university, Europe’s largest by number of in-campus students with over 112,500 enrolled, was targeted by a cyberattack that impacted IT systems and caused widespread operational disruptions.
• The university immediately shut down network systems as a precautionary measure to ensure data integrity and security following the cyberattack discovery.
• Italian newspaper Corriere Della Sera reports the incident was a ransomware attack perpetrated by pro-Russian threat actor Femwar02 using Bablock/Rorschach ransomware strain.
• The ransomware resulted in data encryption across university systems, though technicians are working to restore systems from backups that were reportedly not impacted.
• A ransom demand exists but university staff has not opened it to avoid triggering the 72-hour payment timer, so the ransom amount remains unspecified.
• Temporary infopoints have been established for students to access information from digital systems and databases that are currently unavailable due to the attack. Italian CSIRT specialists, Agenzia per la Cybersicurezza Nazionale (ACN), and Polizia Postale are assisting with system restoration and investigation efforts.
• Although Rorschach ransomware does not operate a dark web extortion portal, stolen data could still be disseminated or sold to other data extortion groups.

*Source

Spain’s Ministry of Science shuts down systems after breach claims

• Spain’s Ministry of Science announced a partial shutdown of IT systems affecting several citizen- and company-facing services following a reported cyberattack on February 5, 2026.
• The Ministry is responsible for science policy, research, innovation, and higher education, maintaining administrative systems used by researchers, universities, and students handling sensitive information. A threat actor using alias ‘GordonFreeman’ claimed responsibility and offered stolen data to the highest bidder on underground forums before the forum went offline.
• The alleged hacker leaked data samples including personal records, email addresses, enrollment applications, and screenshots of documents and official paperwork as proof of breach.
• The threat actor claims they exploited a critical Insecure Direct Object Reference (IDOR) vulnerability that provided full admin-level access to ministry systems. All ongoing administrative procedures have been suspended while safeguarding rights and interests of affected persons during the temporary closure of electronic headquarters.
• The Ministry will extend all deadlines for affected procedures in accordance with Article 32 of Law 39/2015 to mitigate disruption impact.
• Spanish media outlets report that a ministry spokesperson confirmed the IT systems disruption is related to a cyberattack, though official details remain limited.

*Source

Man pleads guilty to hacking nearly 600 women’s Snapchat accounts

• Kyle Svara, a 26-year-old Illinois man, pleaded guilty in federal court to hacking nearly 600 women’s Snapchat accounts to steal nude photos between May 2020 and February 2021.
• Svara used social engineering tactics to obtain victims’ emails, phone numbers, and Snapchat usernames, then texted over 4,500 targets requesting access codes while impersonating Snap representatives.
• He successfully harvested credentials from approximately 570 victims and accessed at least 59 accounts without permission to download private photos for personal use, sale, or trade.
• One client was former Northeastern University track coach Steve Waithe, who hired Svara to hack accounts of students and women’s track and soccer team members before being sentenced to five years for sextortion.
• Svara advertised his hacking services on multiple online platforms, offering to ‘get into girls snap accounts’ for clients and requesting contact through encrypted messaging app Kik.
• He independently targeted women in Plainfield, Illinois, and students at Colby College in Maine beyond his paid hacking jobs for clients.
• Svara faces charges of aggravated identity theft (minimum two years), wire fraud (up to 20 years), computer fraud (up to five years), and false statements related to child pornography (maximum eight years).
• During investigation interviews, Svara falsely denied knowledge of Snapchat hacking and interest in child pornography, contrary to evidence showing he collected, distributed, and solicited child sexual abuse material.

*Source