State of (in)security - Week 12, 2026
Take action: If you use Trivy, trivy-action, or setup-trivy in your pipelines, this is urgent and important! Treat all secrets that ran through affected pipelines as compromised: rotate them now and investigate logs for all systems where those secrets may have given access. Then immediately pin to the known safe versions GitHub Actions to full commit SHA hashes instead of version tags, since tags can be silently rewritten to point to malicious code.
Learn More
In the week between March 16, 2026, midnight and March 23, 2026, midnight we witnessed a total of:
- 17 advisory/vulnerability events
- 14 incident/data breach events
Week over Week comparison of week 12 2026 vs week 11 2026
- Both advisories and incidents are down. Advisories are down from 22 in week 11 2026 to 17 in week 12 2026. Incidents are down from 16 in week 11 2026 to 14 in week 12 2026.
- The number of known impacted individuals is up - from 3 million in week 11 2026 to 9 million in week 12 2026.
We also shared 6 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 8,975,681 impacted individuals across 6 incidents, with the largest breach being the Companies House Logic Flaw Leaks Data of Five Million UK Directors incident exposing 5,000,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Social Engineering and Phishing | 4 |
| Unauthorized access | 4 |
| Denial-of-Service Attacks | 1 |
| Malware, Ransomware and Related Attacks | 1 |
| Software Vulnerability and SDLC Exploits | 1 |
| System Misconfiguration Exploits | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Government | 4 |
| Healthcare | 3 |
| IT/Software/Technology | 3 |
| Telecommunications | 2 |
| Education | 1 |
| Retail | 1 |
Read the Event Details of the Week
Knowledge
- active exploit | Attackers Exploit Critical Quest KACE SMA Authentication Bypass
- active exploit | Critical Langflow RCE Vulnerability CVE-2026-33017 Exploited Within Hours
- active exploit | Critical Microsoft SharePoint RCE Vulnerability CVE-2026-20963 Under Active Exploitation
- active exploit | DarkSword Exploit Kit Targets iPhones with Multi-Stage Malware Chain
- active phishing | DocuSign impersonation phishing with stolen email thread and fake Google login
- active exploit | Google Reports Chrome Zero-Day Vulnerabilities Exploited in the Wild
Vulnerabilities
- supply chain attack | Aqua Security's Trivy Vulnerability Scanner Compromised in Major Supply Chain Attack
- critical vulnerability | Claudy Day: Chaining Prompt Injection and Data Exfiltration in Claude.ai
- critical vulnerability | ConnectWise Patches Critical ScreenConnect Cryptographic Flaw
- critical vulnerability | Critical RCE Vulnerability Patched in Delta Electronics COMMGR 2
- critical vulnerability | Critical Unpatched Telnetd Flaw Enables Unauthenticated Root Remote Code Execution
- critical vulnerability | CTEK Chargeportal Vulnerabilities Enable Unauthorized Control of EV Infrastructure
- critical vulnerability | Google Patches 26 Vulnerabilities in Major Chrome Update, Three Critical
- critical vulnerability | IGL-Technologies Patches Critical Authentication Bypass in eParking.fi Platform
- critical vulnerability | Microsoft Issues Urgent Hotpatch for Windows 11 RRAS Vulnerabilities
- critical vulnerability | Multiple Flaws Reported in Automated Logic WebCTRL Premium Server
- critical vulnerability | Multiple IP KVM Vulnerabilities Reported, at Least One Critical
- critical vulnerability | OpenWrt Releases Critical Security Updates for mdnsd and Web Interface
- critical vulnerability | Oracle Issues Emergency Patch for Critical Vulnerability in Identity Manager, Web Services Manager
- critical vulnerability | Over 70 CODESYS Vulnerabilities Reported in Festo Automation Suite, Multiple Critical
- data breach | PolyShell Vulnerability Exposes Adobe Commerce and Magento to Remote Code Execution
- critical vulnerability | Schneider Electric Patches Critical RCE Vulnerability in SCADAPack RTUs
- critical vulnerability | Ubiquiti Patches Critical Account Takeover Flaw in UniFi Network Application
Incidents
- data breach | Intoxalock Cyberattack Strands Thousands of Drivers Across 46 States
- data breach | Companies House Logic Flaw Leaks Data of Five Million UK Directors
- data breach | Serbia's Business Registers Agency Targeted by Threat Actor Linked to Telekom Serbia Breach
- data breach | Intuitive Surgical Robotics Firm Reports Data Breach Following Targeted Phishing Attack
- data breach | Telekom Srbija Suffers Data Breach and Extortion Attempt Targeting m:SAT TV Users
- data breach | CommuniCare Discloses Data Breach Affecting Nearly 20,000 Patients
- data breach | Aura Data Breach: Vishing Attack Exposes 900,000 Marketing Records
- data breach | Kaplan North America Reports Data Breach Impacting Nearly 195,000 Individuals
- data breach | City of New Bedford Email Account Compromised in Phishing Attack
- data breach | Hacker Claims Breach of Navigate360 P3 Global Intel Tip Platform
- data breach | Freedom Mobile Suffers Second Data Breach in Months via Subcontractor Credentials
- data breach | Navia Benefit Solutions Data Breach Impacts 2.7 Million Individuals
- data leak | Researcher Reports Data Leak of Sears Home Services AI Chatbot Logs and Audio Recordings
- ransomware | Foster City Declares State of Emergency Following Paralyzing Ransomware Attack
