How many cybersecurity advisories and incidents were reported in week 11 of 2026 (March 9–16)?

In the week of March 9–16, 2026, there were 22 advisory/vulnerability events and 16 incident/data breach events. Advisories increased from 15 the previous week, while incidents slightly decreased from 17.

How many individuals were impacted by data breaches in week 11 of 2026?

A total of 3,343,098 individuals were impacted across 6 incidents that reported numbers. The largest breach involved Cal AI, which allegedly exposed 3 million user records. The actual number is likely higher since not all incidents disclose impacted individuals.

What were the most common causes of cybersecurity incidents in week 11 of 2026?

The leading cause was malware, ransomware, and related attacks with 4 incidents, followed by software vulnerability/SDLC exploits and unauthorized access with 2 incidents each. Other causes included intentional system sabotage, system misconfiguration exploits, third-party compromise, and social engineering/phishing.

Which industries were most affected by cyber incidents during this week?

Consulting/Professional Services and Healthcare led with 3 incidents each, followed by Food and Beverage and Finance with 2 incidents each. Other affected industries included IT/Software/Technology, Non-profit/Charity, Retail, Entertainment/Leisure, Energy, and Telecommunications.

What were some of the major cybersecurity events reported in week 11 of 2026?

Key events included CISA mandating emergency patching for SolarWinds Web Help Desk vulnerabilities, ShinyHunters exploiting Salesforce misconfigurations targeting 100 organizations, Telus Digital confirming a data breach following a 1 petabyte theft claim, Microsoft's March 2026 Patch fixing 79 vulnerabilities including two zero-days, and the Bell Ambulance ransomware attack impacting over 237,000 individuals.

Knowledge

State of (in)security - Week 11, 2026

published: March 16, 2026

Take action: If you use AI platforms and chatbots, remember that they are just web applications and have a bunch of other possible flaws. Make sure databases, API endpoints, and system prompts are locked down with proper authentication, access controls, and integrity monitoring, not left exposed as an afterthought. Regularly audit your AI infrastructure for basic web application flaws like exposed APIs, SQL injection, and missing authentication, because even the most advanced AI tools can be undone by classic, well-known security mistakes.

Learn More

In the week between March 9, 2026, midnight and March 16, 2026, midnight we witnessed a total of:

22 advisory/vulnerability events
16 incident/data breach events

Week over Week comparison of week 11 2026 vs week 10 2026

We also shared 4 practical knowledge items

Total impacted individuals via the events of the week

There were a total of 3,343,098 impacted individuals across 6 incidents, with the largest breach being the Cal AI Faces Alleged Data Breach Claims Exposing 3 Million User Records incident exposing 3,000,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.

Cause breakdown of incidents

Cause	Number of incidents
Malware, Ransomware and Related Attacks	4
Software Vulnerability and SDLC Exploits	2
Unauthorized access	2
Intentional System Sabotage and Crime	1
System Misconfiguration Exploits	1
Third Party Compromise	1
Social Engineering and Phishing	1

Industry breakdown of incidents

Industry	Number of incidents
Consulting/Professional Services	3
Healthcare	3
Food and Beverage	2
Finance	2
IT/Software/Technology	1
Non-profit/Charity	1
Retail	1
Entertainment/Leisure	1
Energy	1
Telecommunications	1

Read the Event Details of the Week

Knowledge

active exploit | CISA Mandates Emergency Patching for SolarWinds Web Help Desk Vulnerabilities
active exploit | CISA Warns of Active Exploitation in Ivanti Endpoint Manager Authentication Bypass
awareness | Escalating Cyber Attack Techniques Targeting Organizations During the 2026 Middle East Conflict
active exploit | ShinyHunters Exploits Salesforce Misconfigurations to Target 100 High-Profile Organizations

Vulnerabilities

critical vulnerability | AdGuard Home Patches Critical Authentication Bypass Vulnerability
critical vulnerability | Adobe releases March 2026 patches for multiple products
data breach | Apple Patches 'Coruna' Exploit Kit Targeting Legacy iOS Devices
critical vulnerability | CrackArmor: Nine Critical Vulnerabilities in AppArmor Allow Unprivileged Users to Escalate to Full Root Privileges
critical vulnerability | Critical 1-Click Account Takeover Vulnerability Patched in ZITADEL IAM Platform
critical vulnerability | Critical Authentication Bypass and Smuggling Flaws Impact Siemens RUGGEDCOM APE1808
critical vulnerability | Critical Authentication Bypass in Honeywell IQ4x BMS Controllers Allows Remote Takeover
critical vulnerability | Critical Gogs Vulnerability Enables Silent Supply-Chain Attacks via LFS Overwrites
critical vulnerability | Critical n8n Vulnerabilities Enable Remote Code Execution and Credential Theft
critical vulnerability | Critical Nginx UI Flaw Allows Unauthenticated Backup Theft and Decryption
critical vulnerability | Critical SSRF Vulnerability Patched in Angular Server-Side Rendering
critical vulnerability | Critical Vulnerabilities in Apeman ID71 Cameras Allow Remote Takeover
critical vulnerability | Critical Vulnerabilities in Lantronix EDS Series Allow Root-Level Takeover
critical vulnerability | ForceMemo: Hundreds of GitHub Python Repos Compromised via Account Takeover and Force-Push
critical vulnerability | Fortinet FortiManager vulnerability allows remote command execution
data breach | GnuPG Releases Version 2.5.17 to Patch Critical RCE and Buffer Overflow Flaws
critical vulnerability | Google Patches Critical WebML Vulnerability and 28 Other Flaws in Chrome 146
critical vulnerability | HPE Patches Multiple Flaws Aruba AOS-CX Including Critical Allowing Admin Password Resets
critical vulnerability | Microsoft March 2026 Patch Fixes 79 Vulnerabilities, Eight Critical, Two Publicly Disclosed Zero-Days
critical vulnerability | SAP March 2026 Updates Patch Critical FS-QUO, NetWeaver and SCM Flaws
critical vulnerability | Siemens Patches Critical Code Injection Flaw in SIMATIC S7-1500 Controllers
critical vulnerability | Veeam Patches Critical RCE Vulnerabilities in Backup & Replication Software

Incidents

data breach | Telus Digital Confirms Data Breach Following 1 Petabyte Theft Claim by ShinyHunters
data breach | Lloyds Banking Group Technical Glitch Exposes Private Customer Transactions
data breach | People's Party of Thailand Reports Membership Database Breach
data breach | Sweden Investigates Source Code Leak of E-Government Platform Following CGI Sverige Breach
data breach | Starbucks Reports Employee Data Breach Following Credential Theft Campaign
data breach | Banner Capital Bank Discloses Data Breach Following Employee Email Compromise
data breach | Ericsson US Subsidiary Discloses Data Breach Following Third-Party Provider Hack
data breach | Autonomous Agent Exploits SQL Injection in McKinsey AI Platform Lilli
data breach | Loblaw Companies Limited Reports Data Breach Affecting Customer Contact Information
data breach | Cal AI Faces Alleged Data Breach Claims Exposing 3 Million User Records
ransomware | England Hockey Investigates 129GB Data Theft Claim by AiLock Ransomware Group
ransomware | SafePay Ransomware Group Targets Smile Team Orthodontics in New South Wales
ransomware | Stryker Global Networks Disrupted by Destructive Cyberattack Claimed by Handala
ransomware | Bell Ambulance Ransomware Attack Impacts Over 237,000 Individuals
ransomware | DragonForce Ransomware Group Leaks 79GB of Data from Australian Poultry Giant Hazeldenes
ransomware | EV Charger Manufacturer ELECQ Hit by Ransomware Attack Exposing Customer Data

Read More
Over 40,000 Internet-connected cameras stream live footage with …
State of (in)security - Week 21, 2023
State of (in)security - Week 43, 2023
Swiss Cheese failure mode example - Google cloud …
State of (in)security - Week 39, 2023