February 2026 delivered another stark reminder that no sector is immune from cyber disruption. From financial platforms like Betterment and PayPal, to critical financial infrastructure such as France’s National Bank Account Registry (FICOBA), attackers continued to exploit credential weaknesses, third-party dependencies and identity-driven vulnerabilities.
Meanwhile, incidents impacting Iron Mountain, Panera Bread, BridgePay, SmarterTools, Step Finance, Advantest Corporation and even nation-state targets demonstrated the expanding surface area of modern digital ecosystems.
- Ransomware Attacks in February 2026
- Data Breaches in February 2026
- Cyber Attacks in February 2026
- New Malware and Ransomware Discovered
- Vulnerabilities Discovered and Patches Released
- Advisories issued, reports, analysis etc. in February 2026
This month’s compilation highlights a troubling pattern: the growing dominance of identity compromise, data exposure without extortion, and attacks that ripple far beyond a single organisation. Whether it was financial data, payment infrastructure, enterprise systems, or national registries, the common thread was operational impact and trust erosion. The line between commercial breach and systemic risk continues to blur and response speed now defines resilience.
At Cyber Management Alliance, we help organisations prepare for exactly these scenarios. Through our NCSC-Assured Cyber Incident Planning & Response training, expert-led cyber tabletop exercises, and bespoke incident response playbook workshops, we equip teams to respond decisively and recover with confidence. Because in today’s threat landscape, agility in response is not optional. It is your competitive advantage.
Ransomware Attacks in February 2026
| Date | Victim | Summary | Threat Actor | Business Impact | Source Link |
| February 04, 2026 | Organisations running vulnerable VMware ESXi environments | CISA: VMware ESXi flaw now exploited in ransomware attacks | Unknown | Ransomware operators actively exploited a critical VMware ESXi sandbox-escape vulnerability to gain deep access to virtualized environments, increasing the risk of enterprise system compromise and data exposure. | VMware ESXi flaw ransomware attacks |
| February 05, 2026 | Sapienza University | One of Europe’s largest universities knocked offline for days after cyber attack | Femwar02 (linked to use of BabLock/Rorschach malware). | The cyber attack forced Sapienza University of Rome to shut down major IT systems for several days, disrupting online services and limiting communications while recovery efforts were carried out using unaffected backups. | European University Ransomware Attack |
| February 05, 2026 | Conpet S.A. | Romanian oil pipeline operator Conpet discloses cyber attack | Qilin Ransomware | The ransomware attack disrupted Conpet’s corporate IT systems and website and involved the claimed theft of large volumes of internal data, although core oil transport operations continued to run normally. | Source: Bleeping Computer |
| February 07, 2026 | BridgePay | Payments platform BridgePay confirms ransomware attack behind outage | Unknown | The ransomware attack disrupted BridgePay’s payment infrastructure nationwide, knocking critical processing systems offline and forcing many businesses to switch to cash-only transactions while services were being restored. | Source: Bleeping Computer |
| February 09, 2026 | SmarterTools | Hackers breach SmarterTools network using flaw in its own software | Warlock Ransomware | SmarterTools was breached after attackers exploited an unpatched instance of its own SmarterMail software, allowing them to compromise internal systems and multiple Windows servers, though customer data and core business services were not affected. | Source: Bleeping Computer |
| February 20, 2026 | University of Mississippi Medical Center | University of Mississippi Medical Center closes clinics after ransomware attack | Unknown | A ransomware attack crippled the University of Mississippi Medical Center’s IT systems—including its electronic health records—forcing statewide clinic closures, cancellation of surgeries and appointments, and reliance on manual processes for patient care. | Source: Bleeping Computer |
| February 20, 2026 | Organizations using BeyondTrust remote access and support products | CISA: BeyondTrust RCE flaw now exploited in ransomware attacks | Unknown | Attackers actively exploited a critical BeyondTrust remote access vulnerability to gain unauthorized control, deploy malicious tools, and carry out ransomware-related intrusions against affected organizations. | Source: Bleeping Computer |
| February 20, 2026 | Advantest Corporation | Advantest Corporation Hit by Ransomware Attack | Unknown | The company detected a ransomware intrusion in its internal IT network, prompting system isolation and an investigation to contain the incident and assess potential operational impact while maintaining unaffected environments. | Source: Bleeping Computer |
| February 21, 2026 | UAE’s unnamed National Network | UAE foils cyber attacks, state news agency says | Unknown | The United Arab Emirates said it successfully blocked organised cyber attacks that tried to infiltrate national networks, deploy ransomware and run widespread phishing campaigns aimed at government and vital digital infrastructure while no specific threat actor was identified in the report. | Source: Reuters |
| February 24, 2026 | Marquis Health | Marquis blames ransomware breach on SonicWall cloud backup hack | Unknown | Marquis Health attributed a ransomware breach to a compromise of its SonicWall cloud backup systems that allowed attackers to encrypt data and disrupt operations at its facilities and although the specific ransomware group was not publicly confirmed the incident exposed weaknesses in third-party backup protections. | Source: Bleeping Computer |