Cybersecurity Risk Dashboard
The Risk Dashboard is a rolling status of key cybersecurity events and advisories
Global Monthly Risk Trend
Weekly Events Trend
Impacted Individuals Trend
Most Impacted Industries
Top Threats
Individual weekly status and key items to remember
| State of (in)security - Week 12, 2026 | If you use Trivy, trivy-action, or setup-trivy in your pipelines, this is urgent and important! Treat all secrets that ran through affected pipelines as compromised: rotate them now and investigate logs for all systems where those secrets may have given access. Then immediately pin to the known safe versions GitHub Actions to full commit SHA hashes instead of version tags, since tags can be silently rewritten to point to malicious code. |
| State of (in)security - Week 13, 2026 | Treat AI browser extensions as extremely dangerous high-privilege agents. If you use the Claude Chrome Extension, make sure it's updated to version 1.0.41 or higher immediately! Older versions allow attackers to silently hijack your browser session and access your email, documents, and chat history without any clicks. Review what permissions the extension has and stay alert for suspicious sites that may have exploited this before the patch. |
| State of (in)security - Week 14, 2026 | This week, focus on patching critical and actively exploited flaws in Cisco and Fortinet. Hackers love these systems, because they can't really be isolated from the internet - they are designed to be visible. |
| State of (in)security - Week 15, 2026 | Update your Adobe Acrobat and Reader immediately because attackers are already using this flaw to take over computers through simple PDF files. If you cannot patch right away, use a browser-based PDF viewer as a temporary safety measure and disable Javascript in your Adobe Acrobat and Reader. |