A /28 has 2^(32-28) = 2^4 = 16 addresses, so the last octet of the all-zeroes address of the block must be evenly divisible by 16 (its least significant bits must be 0 0 0 0). The LSBs of 8 are 1 0 0 0.
10.0.0.8/28 is an invalid CIDR block. 10.0.0.0 through .15 is expressed in CIDR notation as 10.0.0.0/28.
Clarification, as requested, of the significance of the divisibility by the number 16, above:
It isn't exactly that the number of addresses is divisible by the last block, but rather that in CIDR notation x.x.x.x/n each block is always 2^(32-n) addresses in size and x.x.x.x must specify the first address in the block when you are specifying a block.
Converting an IPv4 address x.x.x.x to binary, you get a 32 bit number. The (32-n) least significant bits of the address x.x.x.x must be 0. This is the first (0th) address in the block, and is also called the "all-zeroes" address because the unmasked bits -- the final 32-n bits -- are all 0. When specifying a CIDR block for a subnet, this is the address that must be specified.
In the case of a /28 block, note that -- by definition -- any number expressed in binary whose least significant 32-28 = 4 bits are 0 0 0 0 is also divisible by 2^(32-28) = 16, and any other number is not.
For blocks of size /24 through /32, this math is easier for humans, since you don't need to mentally convert the whole of x.x.x.x in to binary -- you only need the last of the four octets.
The only possible /28 subnets that can be derived from a supernet of 10.0.0.0/26 are these:
10.0.0.0/28 .0 to .15
10.0.0.16/28 .16 to .31
10.0.0.32/28 .32 to .47
10.0.0.48/28 .48 to .63
