MBM, a Polish company specializing in professional training, compliance support, and the implementation of mandatory procedures for both public institutions and private organizations, reports a ransomware claim attributed to the threat actor thegentlemen. The incident underscores the need for robust data protection and GDPR-aligned practices across MBM’s services.
#Poland
Safepay claims to have compromised LC Publishing Group S.p.A., a Milan-based international digital publishing and information services company operating lcpublishinggroup.com. The claim describes ransomware activity, including file encryption and potential data exfiltration, reportedly impacting operations in Italy. #Italy
Safepay claims to have compromised gsglobalresources.com and deployed ransomware against GS Global Resources (GSGR), an American industrial engineering and machine-performance solutions company. GSGR is headquartered in Mukwonago, Wisconsin #UnitedStates
The ransomware claim targets the MRC Prion Unit and Institute of Prion Diseases in the United Kingdom, attributed to crypto24. According to our guidelines, full data will be released once the timer expires. #unitedkingdom
Dragonforce claims to have compromised www.advancedcoolingtech.us, targeting Advanced Cooling Technologies, Inc., a US-based provider of medical cooling solutions that distributes Airsys Medical Chillers. The claim describes a ransomware incident impacting ACT’s operations in the United States, with services including replacement chiller sales, maintenance contracts, OEM parts, and technical support. #countryUnitedStates
Dragonforce claims to have compromised HanseMerkur International (www.hansemerkurintl.com), a German insurer founded in 1875 and headquartered in Germany, in a ransomware incident. The claim mentions encrypted systems and potential exfiltration of data related to health insurance and other products. #Germany
Qilin claims responsibility for a ransomware incident targeting Milott Laboratories in Thailand, encrypting systems and demanding a ransom. The claim provides limited information beyond the ransom note (N/A), with no verified details on data exfiltration or scope. #Thailand
Victim = X-CD Technologies, Country = US, Threat Actor = killsec, Price ???, Disclosures 0/1 describes a ransomware claim targeting X-CD Technologies in the United States. The report notes only the placeholder price and disclosure flag, with no additional details available. #UnitedStates
ShinyHunters claims to have breached CarMax, Inc. in the United States, exfiltrating 1.7 GB (compressed) of data comprising 500,000 records as of 24 Jan 2026. The claim implies ransomware activity with potential leakage or public release of the stolen data if a ransom is not paid. #UnitedStates
Nightspire claims to have breached Supriya Aesthetic Dermatology in the United States, encrypting systems and threatening to leak patient data unless a ransom is paid. The claim suggests potential exposure of patient information and disruption to dermatology operations as leverage for payment #UnitedStates
Nova claims to have breached KPMG, a professional services firm providing audit, tax, and advisory services, and threatens to release sensitive data unless contacted within 10 days. The threat, attributed to the Nova ransomware actor, targets KPMG in the Netherlands.
#Netherlands
A ransomware claim targets YCC Parts Mfg, with attribution to the threat actor qilin. Public details on the breach, including impact, encryption scope, and ransom requests, have not been disclosed. #Unknown
Ransomhouse claims to have gained access to the Warren County Sheriff’s Office networks in Kentucky, encrypting data and threatening a public-facing data leak unless a ransom is paid. The incident could disrupt public safety operations and jeopardize sensitive information, prompting urgent incident response and potential legal and reputational consequences. The Warren County Sheriff’s Office (Kentucky, USA), led by Sheriff Brett Hightower, is a professional law enforcement agency dedicated to protecting residents and visitors, upholding Kentucky state laws and the U.S. Constitution, and delivering comprehensive public safety services across the county. The office provides a wide range of functions, including proactive crime prevention, rapid incident response, equitable enforcement of ordinances and statutes, civil process execution, tax collection and administration, concealed carry permit issuance, and various community-oriented programs and educational initiatives. Headquartered in Bowling Green, the agency maintains a 24/7 operational commitment to emergency preparedness, integrity-driven community policing, and continuous improvement through citizen engagement and feedback to enhance overall safety and quality of life.. #UnitedStates
A threat actor named akira claims to have accessed 37 GB of corporate data from Aschwanden & Partner AG, a Swiss engineering and planning firm, and threatens to upload it online. The data reportedly includes employee personal information, financials, payment details, and detailed project drawings and specifications related to building construction, bridge construction, geotechnics, and earthquake safety studies #Switzerland
Beast, a ransomware threat actor, claims to have encrypted St Andrew’s CE High School in Worthing, UK, disrupting administration and learning during ongoing renovations. The claim also threatens data leakage and ransom payments in exchange for decryption, complicating the school’s efforts to upgrade its sports and STEM facilities for the local community.
#UnitedKingdom