As your dedicated cybersecurity services provider, CyberOne equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 02, 2026
Information security updates and events from the past week
1. Sedgwick confirms government subsidiary hack – first ransomware claims, now official confirmation
The ransomware group TridentLocker has announced that it has breached the system of Sedgwick Government Solutions. According to the attackers, 3.4GB of documents were stolen, some of which were even published on the attackers’ website. The publication has raised concerns because the subsidiary provides services to federal agencies in the US.
The subsidiary provides services to more than 20 federal government agencies, including CISA, the Department of Homeland Security, the Immigration and Customs Enforcement, the Department of Labor and the Coast Guard. The company said it has notified law enforcement authorities and is in regular contact with its customers during the investigation.
https://therecord.media/sedgwick-cyber-incident-ransomware
2. Brightspeed ISP Investigates Data Breach and Data Leak Claims
Brightspeed, one of the largest fiber infrastructure providers in the US, announced that it is investigating claims of data breach and data leak, after the ransomware group Crimson Collective announced that it had managed to penetrate the company’s systems.
Brightspeed said it had received reports of a cyber incident, and the issue is under active investigation.
The company emphasizes that the security of its customers and employees’ information is a top priority, and that updates will be provided as the investigation progresses.
The Crimson Collective group claims to have stolen sensitive information from over a million customers. According to the group, the information includes personally identifiable information (PII), addresses, user account details, email addresses, phone numbers, payment history, and some credit card details.
3. Attackers claim to have leaked code and databases from NordVPN development servers
An attacker named 1011 posted on the BreachForums forum claiming that he was able to gain access to a NordVPN development server and leak code and databases in SQL format.
More than 10 databases were allegedly leaked from a development server. According to the post, the server was incorrectly configured and was hacked using brute force.
Among the information allegedly exposed: Salesforce API keys, Jira tokens, access details and other internal credentials
The attacker claims that this is information stored on a NordVPN development server.
4. Data leak at gas stations in the US
Gulshan Management Services, Inc., which operates about 150 gas stations and convenience stores, confirmed a security incident in which an attacker maintained unauthorized access to the organization’s systems for days. Not ransomware, not a zero-day, and not a loud attack, but a silent intrusion that exploited basic weaknesses in access management and monitoring.
During the access, PII and financial data, including government identifiers and banking information, were exposed.
Rainbow Six Siege servers have been hacked again, and players have started experiencing random bans, access blocks and sync failures for no apparent reason.
This comes after a serious incident in late December, when attackers broke into Ubisoft’s backend, disabled the service, distributed rare credits and skins, including developer items, and played around with the ban mechanism.
Higham Lane School in England has suspended classes due to a cyberattack.
Following the attack, telephony services, email, servers and other systems were disabled and about 1,500 students were asked to stay home and not connect to systems remotely.
The school says they hope to return to normal later in the week.
The cybersecurity attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our services.
