In the first hundred days of 2026, a cascade of breaches rattled Western targets. A Chinese supercomputer exfiltrated ten petabytes, Stryker devices vanished in 79 countries, and Lockheed Martin suffered a 375‑terabyte loss. Even the FBI Director’s inbox went public, while Cisco’s private GitHub was cloned. These incidents piled up faster than any prior year.

Analysts have grouped the attacks into four parallel campaigns. The Iran‑linked Handala/Void Manticore team claimed retaliation for a missile strike, hitting Stryker, Lockheed Martin and the FBI Director. Meanwhile, the newly formed Scattered LAPSUS$ Hunters alliance—often called the “Trinity of Chaos”—exploited SaaS misconfigurations, stealing roughly 1.5 billion Salesforce records from firms such as Google, Adidas and LVMH. Their playbook blends social‑engineering phone calls with real‑time credential harvesting.

North Korean actors hijacked the Axios npm package and compromised Cisco’s supply chain without a traditional vulnerability, while Russian APT28 focused on zero‑day exploits against Ukraine and the EU. The most financially striking breach involved Mercor, the $10 billion AI‑training data vendor, breached through a LiteLLM supply‑chain flaw and looted 4 TB of data. The sheer density of these events marks a watershed moment for cybersecurity.