The Silent Cybersecurity Crisis of 2026

In the first four months of 2026, a series of unprecedented cyber incidents unfolded, which would have dominated news cycles in previous years. Major breaches occurred across various sectors, including a Chinese supercomputer losing ten petabytes of data, Stryker's operations being wiped in 79 countries, and Lockheed Martin losing 375 terabytes. Despite the gravity of these events, public discourse remains eerily quiet.

## Major Cyber Incidents

Several clusters of cyber threats have emerged, targeting U.S. and Western entities. The first cluster involves Iran's Handala Hack Team, which conducted destructive operations against U.S. targets as retaliation for a missile strike in Iran. This cluster includes the wiping of Stryker's devices and the doxxing of Lockheed Martin engineers.

The second cluster, Scattered LAPSUS$ Hunters, is a merger of notorious cybercriminal groups focusing on SaaS theft and extortion. They have compromised hundreds of organizations, stealing approximately 1.5 billion Salesforce records.

North Korea's UNC1069 forms the third cluster, specializing in open-source supply chain compromises. They hijacked the Axios npm package, affecting millions of downloads.

The fourth cluster, Russia's APT28, exploits zero-day vulnerabilities against Ukraine and the EU, highlighting a broader trend of exploiting trust relationships in Western enterprises.

## The Role of AI

AI's role in these incidents is significant yet underreported. AI-generated phishing emails have surged, and AI is used across the attack lifecycle by North Korean actors. Anthropic's Mythos model has identified numerous zero-day vulnerabilities, prompting high-level government meetings due to its potential risks.

## The Silence and Its Implications

Despite the scale of these incidents, public discourse remains muted. This silence may stem from the complexity of attributing state actors, the uncomfortable truths about the SaaS supply chain, public fatigue with cyber news, and the awkward intersection of AI advancements with cybersecurity threats.

## Historical Context

These events are not isolated but part of a longer pre-positioning campaign by state actors like China's Volt Typhoon and Salt Typhoon, which have been embedded in U.S. infrastructure for years. The 2026 incidents are the visible surface of deeper, ongoing threats.

The gap between public silence and private government discussions, such as the urgent meeting between U.S. financial leaders about AI threats, underscores the unusual nature of this period. The historian's task will be to understand why such significant events passed with so little public acknowledgment.