As your dedicated cybersecurity services provider, CyberOne equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 16, 2026
Information security updates and events from the past week
1.Iran-linked campaign against Israel and the UAE
Check Point reporting published this week said Iran mounted a three-wave cyber campaign against more than 300 organizations in Israel and 25 entities in the UAE, with cloud password spraying a major technique and local authorities pointing to intensified activity around the Iranian “Jerusalem Day” period.
The campaign mainly targeted local authorities and other exposed cloud services, showing a strong preference for identity abuse rather than destructive malware.
2.OpIsrael 2026 activity
Public guidance around OpIsrael 2026 warned that pro-Palestinian hacktivist groups were organizing coordinated attacks, with the modern wave using automated scanning, phishing, and ransomware rather than only simple defacement or DDoS.
The timing aligned with the annual April 7 mobilization window, and the week’s reporting shows the campaign continuing to drive both opportunistic noise and real compromise attempts against Israeli organizations.
3.Global DDoS surge and political targeting
Radware’s 2026 threat report, cited this week, showed a 168% year-over-year rise in network-layer DDoS attacks and more than 120% growth in application-layer malicious activity, making web apps and APIs the primary battleground.
The same report said Israel ranked first globally as a target for political cyberattacks in 2025, and the pattern carried into April with public-facing services absorbing sustained pressure.
4.Ransomware remains high-volume
BlackFog’s April reporting confirmed that March ended with 90 publicly disclosed ransomware attacks, with healthcare the most targeted sector and the United States responsible for 60% of public cases.
That backdrop matters for this week because the OpIsrael period and broader April threat environment showed the same mix of extortion, leak-site pressure, and opportunistic exploitation of exposed services.
5.Early April breach environment
Early-April breach trackers showed continuing disclosures around vendor and cloud exposure, including public-sector, healthcare, and service-provider incidents that surfaced in ongoing notification cycles.
The common theme is that attackers are still leveraging weak identity controls, third-party dependencies, and exposed internet-facing systems to produce broad operational impact.
6.What stood out
This week was less about one single global mega-breach and more about a concentrated geopolitical cyber campaign, especially against Israel, plus a broader environment of DDoS, credential attacks, and ransomware volume.
For a security briefing, the key message is that April 2026 is opening with sustained politically motivated activity and a strong focus on cloud identities, web applications, and perimeter services.
The cybersecurity attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. CyberOne is here to help! Check out our services.
