The week in breach news

February 11, 2026


This week’s news shows how cyberthreats are accelerating in both frequency and complexity, impacting users, organizations and governments alike. A fast-growing infostealer campaign is targeting macOS users worldwide, while an espionage operation hit government agencies and critical infrastructure organizations across 37 countries. Elsewhere, a cyberattack crippled Europe’s largest university and cybercriminals escalated pressure by demanding ransom payments from parents to avoid leaking children’s data.

North America

macOS users

Industry: Technology Exploit: Ransomware & Malware

macOS users worldwide are being targeted by the highly active information-stealing malware (infostealer) known as Odyssey Stealer.

Recent telemetry data shows a sharp surge in Odyssey Stealer activity aimed at macOS systems. Earlier campaigns were largely limited to users in the United States, France and Spain, but newer samples are now spreading well beyond those regions, targeting users across North America, Latin America, Europe, Asia and Africa.

Threat actors typically deploy Odyssey Stealer through social engineering, most commonly by creating fake CAPTCHA verification pages that trick users into initiating the malware themselves.

Source

How it could affect your business

Infostealers are an increasingly serious threat. Designed to quietly harvest credentials, session tokens and other sensitive data, they enable attackers to reuse access across multiple services. Raising user awareness is critical, especially around fake websites that impersonate legitimate software downloads or verification steps, so users know how to spot and avoid social engineering traps before malware is installed.

Europe

La Sapienza University

Industry: Education Exploit: Hacking

La Sapienza University in Rome, Europe’s largest university by student enrollment, suffered a significant cyberattack that crippled its IT systems and caused widespread operational disruption.

The university disclosed the incident in a social media post last week, stating that its IT infrastructure had been targeted in a cyberattack. As a precaution and to protect data integrity and security, La Sapienza immediately shut down its network systems.

In response, the university formed a technical task force to begin remediation and restoration efforts. Its main website is back online, with recovery work continuing.

Source

How it could affect your business

Disruptions like this highlight why a robust business continuity and disaster recovery strategy is critical for resilience in the face of cyberattacks. Having encrypted, reliable backups, tested recovery plans and clear restoration procedures helps organizations restore services faster and limit operational downtime when core systems are taken offline.

Latin America & the Caribbean

Ministry of Mines and Energy of Brazil

Industry: Energy & Natural Resources Exploit: Nation-State

An espionage campaign targeted government agencies and critical infrastructure organizations across 37 countries, including Brazil’s Ministry of Mines and Energy.

According to a recent report, the state-backed campaign has been active for over a year and appears focused on collecting intelligence on rare-earth minerals, trade deals and economic partnerships. Victims include Brazil’s energy ministry, a key government agency in a country believed to hold the world’s second-largest supply of rare earth minerals.

The report notes that the group’s methods, choice of targets and scale of operations are alarming. Researchers warn that the campaign could carry long-term implications for national security and the stability of essential services.

Source

How it could affect your business

Nation-state campaigns continue to target government agencies and critical infrastructure across countries, often with long-term strategic goals in mind. Organizations operating in sensitive sectors need heightened awareness of these threats, along with robust monitoring and detection capabilities, to spot activity early and limit its impact.

Europe

Onze-Lieve-Vrouw Instituut Pulhof

Industry: Education Exploit: Ransomware & Malware

In a troubling sequence of events, cybercriminals hacked Onze-Lieve-Vrouw Instituut Pulhof, a secondary school in Berchem, Belgium, and escalated extortion by demanding ransom payments from both the school and parents.

According to reports, attackers compromised the school shortly after the Christmas holidays. They initially demanded a €100,000 ransom, later reducing it to €15,000. When the school did not respond, parents began receiving emails demanding €50 per child, with threats to publicly leak and sell student data on the dark web if payment was not made.

The attackers reportedly exfiltrated 45 GB of data belonging to students and staff, including ID cards, mental health records, diplomas and the school’s financial data.

Source

How it could affect your business

Relying on criminals to keep their word is never an option, as attackers can still leak or sell data even after payment is made. Organizations need proactive threat monitoring, encrypted backups and a robust business continuity and disaster recovery strategy so they can restore operations quickly and continue business as usual without being forced into ransom decisions.

United States

Jefferson-Blount-St. Clair Mental Health Authority

Industry: Healthcare Exploit: Ransomware & Malware

Jefferson-Blount-St. Clair (JBS) Mental Health Authority in Alabama notified more than 30,000 individuals that some of their personal and protected health information was exposed in a ransomware attack.

Threat actors gained access to the organization’s network on November 25, 2026, and may have viewed or acquired information related to patients and employees dating back to 2011 through 2025. A recently concluded investigation confirmed that the exposed data included names, Social Security numbers, health insurance details, dates of birth and medical information, such as diagnoses, physician details, medical record numbers, Medicare or Medicaid information, prescription data, treatment details and billing or claims information.

Affected individuals have been advised to remain vigilant for signs of identity theft and fraud by closely monitoring their financial accounts and explanation of benefits statements.

Source

How it could affect your business

Sensitive data taken in attacks like this can be exploited for identity theft, insurance fraud and long-term financial abuse, often months or years after the initial breach. Organizations handling health information need strong access controls, continuous monitoring and well-tested incident response plans, while affected individuals should closely monitor accounts, credit reports and benefit statements for signs of misuse.

Like what you're reading?

Subscribe now to get security news and information in your inbox every week

Upcoming webinars & events

Join our upcoming events and webinars for expert insights, practical strategies and the latest trends shaping cybersecurity.

RocketCyber Tech Jam: Real-world threat detection for MSPs

February 12, 2026 11:00 AM EST

Get a hands-on look at the RocketCyber Managed SOC and see how MSPs can deliver enterprise-grade threat detection and response without added complexity or overhead.

Register Now

The human layer of cybersecurity

February 18, 2026 2:00 PM EST

Cybercriminals are increasingly leveraging AI to exploit user behavior, while traditional email defenses struggle to keep up. Join two industry experts as they explore how AI is reshaping email security and how MSPs can move beyond reactive threat blocking to real-time user protection.

Register Now