We may be living through the most consequential hundred days in cyber history

April 13, 2026
aisecurityprivacybusiness
System with various wires managing access to centralized resource of server in data center
Photo by Brett Sayles on Pexels

A cascade of incidents — and almost no noise

The first four months of 2026 have produced an unusual cluster of high-impact intrusions. It has been reported that a Chinese state supercomputer bled ten petabytes, that Stryker was wiped across 79 countries, that Lockheed Martin was hit for a reported 375 terabytes, and that the FBI director’s personal inbox was dumped on the open web. Other incidents have been reported as well: an FBI wiretap management network breach, a Rockstar Games compromise via a little-known SaaS analytics vendor, Cisco’s private GitHub cloned, Oracle’s legacy cloud cracked open, the popular Axios npm package allegedly hijacked by North Korean actors, and a breach of Mercor — a major AI training-data vendor — with roughly four terabytes allegedly extracted by LAPSUS$. Stack them up and you get something historians might call a tectonic shift. Quiet? Strangely so.

Four overlapping campaigns, one unsettling pattern

Strip away the headlines and the wave separates into four running campaigns. First, destructive state operations — Handala/Void Manticore — allegedly tied to Iran and blamed for high-profile destructive strikes; victims reportedly include Stryker, Lockheed, and the FBI director’s accounts. Second, a criminal mega-alliance: it has been reported that ShinyHunters, Scattered Spider and LAPSUS$ effectively fused into a coordinated force (often called Scattered LAPSUS$ Hunters), combining social-engineering access, exfiltration and extortion at industrial scale. Third, systemic supply‑chain compromises — think vendors, open-source libraries and AI-data suppliers — that ripple outward and complicate attribution. Fourth, opportunistic identity and credential attacks that exploit those ripples, turning single failures into mass exposures. Together they’re not random blips. They’re concurrent and compounding.

Why does this feel like the quiet before a storm?

Why is the public conversation so muted? Fatigue, corporate damage control, legal NDAs, and the sheer complexity of supply‑chain forensics all play a part. But there’s an emotional center here: a creeping sense that we’re sleepwalking through a new normal where attacks cascade faster than our ability to explain them. Is this our Sputnik moment for cyber — or just another wave that, like so many before it, will be categorized and sanitized in hindsight? Either way, the convergence matters. If these reports are accurate, the next few months will tell us whether defenders adapt — or whether this hundred‑day run becomes the prologue to something larger.

Sources: ringmast4r.substack.com, Hacker News