As your dedicated cybersecurity services provider, CyberOne equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 03, 2026
Information security updates and events from the past week
1. Attack group Nova claims to have hacked the systems of Dubai Royal Air Wing, the UAE government’s air wing used for VIP flights by the royal family and government officials.
What the attackers claim:
– They claim that 757GB of data was stolen.
– A “Tree Provided” was published, allegedly indicating the structure of the stolen data.
– The attackers hint at the possession of employee data and financial information.
2. Target takes down development server after allegations of internal source code theft
Target was forced to take down its internal Git server from external exposure after an attacker claimed to have accessed the development environment and stolen internal source code, claiming that it was offered for sale. At this point, there is no official confirmation from the company of the actual hack, but the sequence of events raises significant question marks.
– After BleepingComputer contacted the company, all repositories were removed and began returning 404 errors.
– At the same time, the development server became inaccessible from the Internet, after until then it was available at least to an external login page.
Target did not issue an official response confirming or denying a hack and did not provide further details by the time of publication.
Source code leaks are an operational threat. Once code, documentation or system architecture is leaked, the attacker receives a roadmap. The real question is no longer whether there was access, but whether a lateral hunt, rotation for secrets and a deep examination of the development environment were carried out.
3. Spanish energy giant Endesa confirms data leak – contract details and personal data of customers were exposed
Spanish energy company Endesa has notified its customers of an information security incident, after unauthorized access was detected to the company’s commercial systems and those of its subsidiary Energía XXI.
According to the statement, the attackers accessed information related to energy supply contracts, including personal details.
Endesa has begun notifying affected customers and has issued official public notice.
The company has reported the incident to the Spanish Data Protection Agency and relevant regulatory authorities in addition to directly notifying affected customers.
Endesa, which is owned by the Enel Group, supplies electricity and gas to more than 22 million customers in Spain and Portugal, and stresses that the incident did not affect the continuity of services.
Everest claims to have hacked Nissan and extracted 900GB of data
The Everest attack group claims to have managed to penetrate the systems of Nissan Motor Co., Ltd. in Japan and extract 900GB of data.
Nissan has not issued an official statement confirming the claim currently.
What else is claimed in the attackers’ publication:
– Samples and example files have been published.
– The attackers claim that these are tens of thousands of files in various formats, including TXT, CSV, ZIP and XLS.
4. The public education system of the state of Victoria in Australia has notified parents of a security incident in which an unauthorized party was able to penetrate one of its information systems and access a database of students, both current and those who have already graduated.
According to the report, the information that was exposed includes names, school affiliations, age groups and email addresses managed by the institutions themselves. In addition, passwords were also exposed because they were not encrypted.
The Ministry of Education emphasizes that no more sensitive information such as residential addresses, phone numbers or dates of birth was exposed.
Currently, there is no indication that the information was distributed. In addition, all passwords have been reset, access to the system has been temporarily blocked and the vulnerability that allowed the intrusion has been addressed.
5. The AZ Monica hospital in Belgium has entered a digital emergency after a cyberattack that hit its core systems and shut down all servers on both campuses.
The decision to shut down the infrastructure was made in the early hours of the morning, fearing further spread of the attack.
This shutdown did not remain in the IT world. Surgeries and procedures were canceled, the emergency department moved to reduced activity and medical teams were forced to return to paper and pen because the medical information systems were unavailable.
Critical patients were evacuated to other hospitals with the help of the Red Cross, to ensure continuity of care.
At this point, the type of attack or whether a ransom demand was made has not been officially announced, but the incident is being investigated by the police and the cybercrime unit. What is already clear is that the damage was not only technological but also operational, medical and human.
This is another painful reminder that in healthcare systems, cyber is not an “IT problem.” is a critical layer of security.
6. Alleged leak of over 104,000 PayPal accounts login details
An attacker named Lud shared a PayPal combo list that includes 104,472 lines in email and password format.
There is currently no official verification from PayPal, and the incident is classified as “pending verification.”
It is important to emphasize that this is not necessarily a direct hack of PayPal. It is more likely that it is a collection from previous sources such as old leaks, scraping or reuse of passwords from other sites.
From the user’s perspective, the risk is the same as account takeover attempts, financial fraud, and targeted phishing.
7. Alleged leak of 17.5 million Instagram accounts
Malwarebytes researchers report a database with information on approximately 17.5 million users, including usernames, emails, phones, and addresses. Some of the data is already distributed on the dark web, and there are reports of password reset attempts and active exploitation.
There is currently no official confirmation from Meta of a direct hack, but it may be a collection from other sources (scraping, third-party leaks, old repositories). From the user’s perspective, the risk is the same.
8. Data leak at gas stations in the US
Gulshan Management Services Inc., which ooperates atabout 150 gas stations and convenience stores, confirmed a security incident in which an attacker had unauthorized access to the organization’s systems for days. Not ransomware, not a zero-day, and not a loud attack, but a silent intrusion that exploited basic weaknesses in access management and monitoring.
During the access, PII and financial data repositories were exposed, including government identifiers and banking information.
This is exactly the type of incident that occurs when there is no separation of environment, when there are excessive permissions, and when logs exist but no one really looks at them in real time.
The cybersecurity attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. CyberOne is here to help! Check out our services.
