{"id":10552,"date":"2026-03-10T08:30:00","date_gmt":"2026-03-10T05:30:00","guid":{"rendered":"https:\/\/cyberone.bg\/?p=10552"},"modified":"2026-03-09T11:56:30","modified_gmt":"2026-03-09T08:56:30","slug":"weekly-cybersecurity-report-week-10-2026","status":"publish","type":"post","link":"https:\/\/cyberone.bg\/en\/weekly-cybersecurity-report-week-10-2026","title":{"rendered":"Weekly Cybersecurity Report | Week 10, 2026"},"content":{"rendered":"\n<p>As your dedicated cybersecurity services provider,<strong>&nbsp;<a href=\"https:\/\/cyberone.bg\/\">CyberOne<\/a><\/strong>&nbsp;equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Weekly Cybersecurity Report | Week 10, 2026<\/h2>\n\n\n\n<p><strong><u>Information security updates and events from the past we<\/u><\/strong><strong><u>ek<\/u><\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"1\"><a id=\"1\" href=\"#1\"><strong>1.<strong>Israel\u2013Iran Hybrid Conflict: Large\u2011Scale Cyber Operations<\/strong><\/strong><\/a><\/h3>\n\n\n\n<p>Following the joint Israel\u2013US strikes on Iran on 28 February, Israel reportedly launched a broad cyber campaign to disrupt Iranian government, media, and critical\u2011infrastructure networks.<\/p>\n\n\n\n<p>Measured internet connectivity in Iran dropped to roughly 4% of normal levels, with widespread outages across ministries, state media (IRNA, Tasnim), and government digital services in major cities.\u200b<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"2\"><a id=\"2\" href=\"#2\"><strong>2.<strong>Regional Hacktivist Wave (150+ Incidents)<\/strong><\/strong><\/a><\/h3>\n\n\n\n<p>Between 28 February and 1 March, more than 150 hacktivist incidents were claimed across monitored channels, tied mainly to pro\u2011Iran and pro\u2011Palestine narratives targeting Israel and its allies.<\/p>\n\n\n\n<p>Most operations involved DDoS, website defacement, and claimed data leaks against governments, banks, aviation, telecom, and other critical\u2011infrastructure entities in the Middle East and Western countries.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"3\"><a id=\"3\" href=\"#3\"><strong>3.<strong>Iranian and Iran\u2011Aligned Campaigns Against Western Targets<\/strong><\/strong><\/a><\/h3>\n\n\n\n<p>Threat briefs in early March documented increased Iranian cyber activity, including spear\u2011phishing, VPN and edge\u2011device exploitation, and wiper\u2011style malware aimed at U.S., Israeli, Gulf, and European organizations.<\/p>\n\n\n\n<p>Activity spans government, defense, energy, finance, and media, blending classic APT tradecraft with hacktivist branding to complicate attribution and maximize psychological impact.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"4\"><a id=\"4\" href=\"#4\"><strong>4.<strong>Morpheus &amp; Ailock Ransomware \u2013 Industrial and Re\u2011extortion Activity<\/strong><\/strong><\/a><\/h3>\n\n\n\n<p>ASEC\u2019s \u201cRansom &amp; Dark Web Issues\u201d report for week 1 of March highlighted a new Morpheus ransomware campaign, including an attack on a South Korean plating\/metal\u2011finishing firm, continuing the focus on industrial and manufacturing victims.<\/p>\n\n\n\n<p>The Ailock ransomware group resurfaced by republishing data from prior victims and signaling renewed extortion efforts, showing how data stolen months earlier can be weaponized again.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"5\"><a id=\"5\" href=\"#5\"><strong>5.<strong>Payload Ransomware \u2013 Double\u2011Extortion Model<\/strong><\/strong><\/a><\/h3>\n\n\n\n<p>Intel reporting this week also profiled \u201cPayload\u201d ransomware, which encrypts files (adding the <em>.payload<\/em> extension) and drops a ransom note named <em>RECOVER_payload.txt<\/em>.<\/p>\n\n\n\n<p>Payload uses a double\u2011extortion approach: it claims to exfiltrate sensitive data, offers to decrypt a few test files, and pressures victims via threats of public disclosure if negotiations via a Tor portal do not begin quickly.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"6\"><a id=\"6\" href=\"#6\"><strong>6.<strong>Broader Ransomware and Data\u2011Breach Environment (Early March)<\/strong><\/strong><\/a><\/h3>\n\n\n\n<p>Early\u2011March tracking of ransomware and dark\u2011web activity showed continued high victim counts across multiple families, with healthcare and industrial sectors remaining heavily targeted and February alone seeing over 80 publicly disclosed ransomware incidents. <\/p>\n\n\n\n<p>Parallel \u201ctop breaches of 2026\u201d and March breach trackers noted ongoing fallout from earlier incidents (e.g., Figure Technology Solutions, cloud\u2011sharing compromises) while new March victims began to appear, confirming that volume remains persistently high.<\/p>\n\n\n\n<p><strong><em>The cybersecurity attacks highlighted in this report aren&#8217;t just incidents, they&#8217;re blueprints of the adversary&#8217;s arsenal. To protect your business you need the right partner. CyberOne is here to help! Check out our <a href=\"https:\/\/cyberone.bg\/en\/services\">services<\/a>.<\/em><\/strong><\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>As your dedicated cybersecurity services provider,&nbsp;CyberOne&nbsp;equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape. Weekly Cybersecurity Report | Week 10, 2026 Information security updates and events from the past week 1.Israel\u2013Iran Hybrid Conflict: Large\u2011Scale Cyber Operations Following [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":8576,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[65],"class_list":["post-10552","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-weekly-cyber-updates","tag-weekly-cybersecurity-report"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts\/10552","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/comments?post=10552"}],"version-history":[{"count":1,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts\/10552\/revisions"}],"predecessor-version":[{"id":10553,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts\/10552\/revisions\/10553"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/media\/8576"}],"wp:attachment":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/media?parent=10552"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/categories?post=10552"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/tags?post=10552"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}