Foreign media TechCrunch reported that cybersecurity incidents in the first half of 2026 are no longer limited to data breaches. Attack targets have expanded from corporate databases to government systems, educational platforms, medical technology companies, and energy and water infrastructure, with impacts shifting from data theft to business disruption and real-world damage.
The controversy over DOGE data continues to escalate.
The article states that the U.S. Government Efficiency Department (DOGE), led by Musk, has faced ongoing controversy regarding data processing since its entry into the Social Security Administration. Federal court litigation is still underway. One of the most prominent allegations claims that a live copy of the Social Security database was uploaded to an unprotected third-party server, potentially exposing the Social Security numbers and personal information of millions of U.S. residents.
Energy and water infrastructure frequently targeted by attacks
Recent cyberattacks in Europe have targeted civilian energy and water systems. Reports indicate that Poland’s power grid, a combined heat and power facility in Sweden, and a dam in Norway have all been attacked, with some incidents attributed to Russia or entities linked to Russia. Poland’s water treatment facility, targeted earlier this year, has again been hit.
Following the escalation of tensions in the Middle East, U.S. authorities have warned that Iranian hackers may target critical American infrastructure, particularly water systems operated by private entities with weaker cybersecurity defenses. An intrusion into such facilities would have consequences extending far beyond the digital realm.
Expanded from ransomware to direct destruction
The article states that in March this year, Iranian hackers infiltrated U.S. medical technology company Stryker and remotely wiped tens of thousands of employee devices, disrupting company operations for several days. The U.S. government attributed the hacking group to Iran’s intelligence apparatus. The incident subsequently impacted the company’s first-quarter performance.
Another frequent type of attack comes from ShinyHunters, an organization that primarily obtains access to enterprise internal systems through vishing. The learning platform Canvas, operated by education technology company Instructure, was compromised as a result, leading to the theft of data from over 30 million students and staff. After the company initially refused to pay the ransom, the attackers breached the system again and altered the school login page during U.S. final exam periods, disrupting exam schedules. Reports indicate that the company eventually paid the ransom.
Open-source supply chain affects OpenAI
TechCrunch believes that another clear trend in 2026 will be the ongoing pressure on open-source software supply chains. Tools and projects such as Aqua Security’s Trivy, Bitwarden, and Checkmarx have all been compromised with backdoors, allowing attackers to steal passwords, credentials, and access tokens, and subsequently spread laterally.
Such attacks subsequently impacted downstream companies relying on the affected software. The article specifically named OpenAI and Vercel as also being affected. As open-source components are increasingly used in cloud services and AI development workflows, the spillover risks from single points of compromise are growing.
In April, a surveillance system operated by the U.S. Federal Bureau of Investigation was also compromised, triggering a "major cyber incident" notification protocol. According to external reports, the breach may have exposed sensitive information such as phone numbers of targeted individuals, and the suspected attackers are linked to Chinese espionage activities.
Additional information: The article also notes that after the attack, Hasbro experienced several weeks of business disruption and was forced to delay its financial disclosures; in recent months, numerous hotels, money transfer apps, prison phone service providers, and UK visa services have exposed over 2 million scanned passports or driver’s licenses.