As your dedicated cybersecurity services provider, CyberOne equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 13, 2026
Information security updates and events from the past week
1.An Iranian attack group claims to have managed to penetrate the systems of Lockheed Martin, one of the world’s largest defense companies, and steal an unusually large amount of sensitive information.
What the group claims:
- Theft of approximately 375TB of information.
- The information allegedly includes technical documents and code related to the F-35 Block 4 project, information on advanced interception systems (Next-Gen Interceptor), contracts with the Pentagon until 2030, personal data of 63,000 employees, internal emails of research departments
- The group claims that the value of the information is estimated at hundreds of millions of dollars, and that it may be offered for sale. – A POC has been published that they claim proves the attack.
2.Ransomware attack in the US: Los Angeles and the metro system affected
A significant cyber incident was recorded in the US, with the WorldLeaks ransomware group claiming to have breached the city of Los Angeles and its metro systems, along with additional vulnerabilities in other cities in the region.
Event details:
- Unusual activity was detected in the internal systems of Metro Los Angeles.
- Following the incident, access to administrative systems was restricted.
- Station screens stopped displaying arrival times.
- There is a breach in digital services such as online ticket loading.
- Transportation itself (trains and buses) continues to operate as usual.
- The WorldLeaks group has added the city of Los Angeles to its leak site. It claims that 159.9GB of information (approximately 779 files) was stolen. – At this point, there is no official confirmation of the extent of the leak.
3.A state of emergency has been declared in the city of Foster City, California, following a ransomware attack.
- Many city services were affected, but emergency services (such as 911) continue to operate.
- Systems were proactively shut down to prevent the spread.
- There is a fear of data leaks, and residents have been instructed to change passwords.
4.The port of Vigo, Spain, one of the strategic centers for trade and fishing in Europe, has suffered a ransomware attack, leading to the complete shutdown of its digital cargo management systems.
The port management was forced to disconnect the servers from the network to prevent the spread of the malware, which forced staff to switch to manual work and caused critical delays in the supply chain.
The attack directly affected the TOS (Terminal Operating System), which is responsible for coordinating ship movements and unloading containers.
The LockBit 3.0 ransomware group has claimed responsibility for the attack and has already released a PoC of 5GB of 200GB of stolen data.
The data includes passports and ID cards of port workers, logistics tables detailing distribution routes for automakers, sensitive customs documents, and internal correspondence.
The attackers have set a 7-day deadline for the ransom to be paid before the full cache is released.
The incident highlights the vulnerability of critical maritime infrastructure, which is a strategic target due to the huge economic pressure created by port delays.
5.Iran’s classified underground air force base, Oghab 44, has apparently been breached and the data is up for sale, 3TB of data for $8,000.
The information includes documents on war operations, missile systems, nuclear infrastructure and technical details on the regime’s military aircraft.
This is one of Iran’s most secure facilities, first revealed in 2023 as a bomb-proof base. The data includes logistical and operational plans of the Iranian Air Force and reveals the base’s core capabilities.
6.Cyber incident at Dutch Ministry of Finance, internal systems disconnected due to fear of spread
The Netherlands Ministry of Finance has been investigating a cyber incident that affected several key internal systems in recent days, after anomalies were identified by a third party.
Upon discovery of the incident, the affected systems were immediately disconnected and access to them was blocked, a step designed to prevent possible spread within the organizational network.
According to reports, this was an intrusion into internal systems (and not public services). The tax and customs service’s continue to operate as usual, and currently, there is no evidence of a leak of citizens’ information.
The incident is being managed with the assistance of the NCSC and is being investigated to determine whether this is an advanced stage actor (APT) activity, although there is no official attribution at this stage.
7. A cyber-attack has prevented thousands of drivers in the US from starting their vehicles.
The attack was carried out on the systems of Intoxalock, a company that provides breathalyzer systems for detecting blood alcohol levels. The systems are installed in the vehicles of drivers accused of drunk driving, requiring them to breathe into the device to start the vehicle.
Following the attack (apparently a DDoS attack), the company’s servers became unavailable and thousands of drivers in 45 states in the US were unable to start their vehicles.
According to media reports, the attack has been ongoing since Saturday, making it a relatively long attack compared to DDoS attacks. According to the company’s report, the drivers’ information remains protected and not exposed.
8. The US, in cooperation with law enforcement agencies around the world, has shut down the world’s largest DDoS IoT network.
The shutdown includes damage to command-and-control infrastructures used by four botnet networks. As part of the attack infrastructure’s activities, millions of IoT devices around the world, such as cameras, routers, and more, were infected, and tens of thousands of DDoS attacks were carried out using those devices, some reaching a volume of 30 Terabits p/s and causing damage of tens of thousands of dollars to organizations.
The cybersecurity attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. CyberOne is here to help! Check out our services.
