As your dedicated cybersecurity services provider, CyberOne equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 10, 2026
Information security updates and events from the past week
1.Israel–Iran Hybrid Conflict: Large‑Scale Cyber Operations
Following the joint Israel–US strikes on Iran on 28 February, Israel reportedly launched a broad cyber campaign to disrupt Iranian government, media, and critical‑infrastructure networks.
Measured internet connectivity in Iran dropped to roughly 4% of normal levels, with widespread outages across ministries, state media (IRNA, Tasnim), and government digital services in major cities.
2.Regional Hacktivist Wave (150+ Incidents)
Between 28 February and 1 March, more than 150 hacktivist incidents were claimed across monitored channels, tied mainly to pro‑Iran and pro‑Palestine narratives targeting Israel and its allies.
Most operations involved DDoS, website defacement, and claimed data leaks against governments, banks, aviation, telecom, and other critical‑infrastructure entities in the Middle East and Western countries.
3.Iranian and Iran‑Aligned Campaigns Against Western Targets
Threat briefs in early March documented increased Iranian cyber activity, including spear‑phishing, VPN and edge‑device exploitation, and wiper‑style malware aimed at U.S., Israeli, Gulf, and European organizations.
Activity spans government, defense, energy, finance, and media, blending classic APT tradecraft with hacktivist branding to complicate attribution and maximize psychological impact.
4.Morpheus & Ailock Ransomware – Industrial and Re‑extortion Activity
ASEC’s “Ransom & Dark Web Issues” report for week 1 of March highlighted a new Morpheus ransomware campaign, including an attack on a South Korean plating/metal‑finishing firm, continuing the focus on industrial and manufacturing victims.
The Ailock ransomware group resurfaced by republishing data from prior victims and signaling renewed extortion efforts, showing how data stolen months earlier can be weaponized again.
5.Payload Ransomware – Double‑Extortion Model
Intel reporting this week also profiled “Payload” ransomware, which encrypts files (adding the .payload extension) and drops a ransom note named RECOVER_payload.txt.
Payload uses a double‑extortion approach: it claims to exfiltrate sensitive data, offers to decrypt a few test files, and pressures victims via threats of public disclosure if negotiations via a Tor portal do not begin quickly.
6.Broader Ransomware and Data‑Breach Environment (Early March)
Early‑March tracking of ransomware and dark‑web activity showed continued high victim counts across multiple families, with healthcare and industrial sectors remaining heavily targeted and February alone seeing over 80 publicly disclosed ransomware incidents.
Parallel “top breaches of 2026” and March breach trackers noted ongoing fallout from earlier incidents (e.g., Figure Technology Solutions, cloud‑sharing compromises) while new March victims began to appear, confirming that volume remains persistently high.
The cybersecurity attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. CyberOne is here to help! Check out our services.
