State of (in)security - Week 13, 2026
Take action: Treat AI browser extensions as extremely dangerous high-privilege agents. If you use the Claude Chrome Extension, make sure it's updated to version 1.0.41 or higher immediately! Older versions allow attackers to silently hijack your browser session and access your email, documents, and chat history without any clicks. Review what permissions the extension has and stay alert for suspicious sites that may have exploited this before the patch.
Learn More
In the week between March 23, 2026, midnight and March 30, 2026, midnight we witnessed a total of:
- 16 advisory/vulnerability events
- 32 incident/data breach events
Week over Week comparison of week 13 2026 vs week 12 2026
- Advisories are down and incidents are up. Advisories are down from 17 in week 12 2026 to 16 in week 13 2026. Incidents are up from 14 in week 12 2026 to 32 in week 13 2026.
- The number of known impacted individuals is up - from 9 million in week 12 2026 to 15 million in week 13 2026.
We also shared 3 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 14,620,622 impacted individuals across 10 incidents, with the largest breach being the Crunchyroll Supply Chain Breach: 100GB of Subscriber Data Allegedly Leaked via BPO Partner incident exposing 6,800,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Malware, Ransomware and Related Attacks | 11 |
| Third Party Compromise | 4 |
| Software Vulnerability and SDLC Exploits | 3 |
| Unauthorized access | 3 |
| Social Engineering and Phishing | 2 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Healthcare | 7 |
| Government | 6 |
| IT/Software/Technology | 4 |
| Transport/Logistics | 3 |
| Entertainment/Leisure | 3 |
| Non-profit/Charity | 2 |
| Education | 1 |
| Insurance | 1 |
| Consulting/Professional Services | 1 |
| Retail | 1 |
| Telecommunications | 1 |
| Finance | 1 |
| Automotive | 1 |
Read the Event Details of the Week
Knowledge
- active exploit | F5 Warns of Critical BIG-IP APM Zero-Day Exploited by Nation-State Actors
- active exploit | Oracle WebLogic Servers Face Immediate Exploitation of Critical RCE Vulnerabilities
- active exploit | PTC Warns of Imminent RCE Threat in Windchill and FlexPLM Systems
Vulnerabilities
- critical vulnerability | Anthropic Patches "ShadowPrompt" Vulnerability in Claude Chrome Extension
- critical vulnerability | Apple Patches Over 140 Vulnerabilities Across macOS, iOS, iPadOS, and tvOS in March 2026 Security Updates
- critical vulnerability | Critical Hidden Functionality Vulnerability in WAGO Industrial Managed Switches
- critical vulnerability | Critical Memory Leak and Session Hijacking Vulnerabilities Patched in Citrix NetScaler
- critical vulnerability | Critical RCE Vulnerability in Kali Forms Plugin Under Active Exploitation
- critical vulnerability | Critical Zero-Click Vulnerability in Telegram Allows Remote Account Takeover
- critical vulnerability | GoHarbor Harbor Registry Vulnerable to Full System Compromise via Default Credentials
- critical vulnerability | n8n Patches Critical Remote Code Execution and Credential Theft Vulnerabilities
- critical vulnerability | NVIDIA Patches Multiple Flaws Including Critical RCE Vulnerability in Apex AI Optimization Library
- critical vulnerability | OpenCode Systems Patches High-Severity Access Control Flaw in Messaging Gateways
- critical vulnerability | Pharos Controls Patches Critical Root Access Flaw in Mosaic Show Controllers
- critical vulnerability | Schneider Electric Patches Critical Redis Vulnerabilities in Plant iT/Brewmaxx
- critical vulnerability | Supply Chain Attack Targets litellm Library to Steal Cloud Credentials and Hijack Kubernetes Clusters
- ransomware | TeamPCP Compromises Telnyx Python SDK on PyPI Using WAV Steganography, Steals Credentials
- data breach | TeamPCP Hackers Deploys CanisterWorm Supply Chain Malware via Compromised NPM Packages
- critical vulnerability | TP-Link Patches Multiple Flaws Including Authentication Bypass in Archer NX Routers
Incidents
- data breach | Smith & Co Solicitors Reports Data Breach and Financial Fraud Following Email Compromise
- data breach | Crunchyroll Supply Chain Breach: 100GB of Subscriber Data Allegedly Leaked via BPO Partner
- data breach | NYC Health + Hospitals Reports Data Breach Caused by Possible Third-Party Vendor Compromise
- data breach | Stockton Cardiology Medical Group Reports Data Breach Following Phishing Incident
- data breach | QualDerm Partners Data Breach Impacts 3.1 Million Patients
- data breach | Infinite Campus Salesforce Breach Exposes School Staff Data
- data breach | Hightower Holding LLC Discloses Data Breach Affecting Over 131,000 Individuals
- data breach | Ajax Amsterdam Data Breach Exposes 300,000 Fans via App Vulnerability
- data breach | PEAR Ransomware Group Claims 16TB Data Theft from Monmouth University
- data breach | European Commission Cloud Infrastructure Breached; 350 GB of Data Allegedly Stolen
- data breach | Iran-Linked Handala Hack Team Breaches FBI Director's Personal Email
- data breach | Corewell Health Vendor Breach Exposes Data of 19,000 Patients
- data breach | Rogers and Fido Confirm Data Breach Possibly Affecting Millions of Customer Records
- data breach | Shwapno Retail Chain Suffers Data Breach Affecting 4 Million Customers
- data breach | Deaconess Health System Discloses Data Breach via Third-Party Vendor File-Sharing Platform
- data breach | Malta Gaming Authority Breached by Security Researcher Claiming Corruption
- data breach | Mazda Reports Data Breach After Exploitation of Warehouse Management System
- data breach | South African Insurer Liberty Reports Data Breach
- data breach | French Ministry of Education Data Breach Exposes 243,000 Staff Records
- data breach | Dutch Ministry of Finance Reports Breach Affecting Policy Department
- ransomware | Philippine DPWH Investigates Alleged 50GB Data Breach by Bashe Ransomware
- ransomware | LA Metro Restricts Network Access Following Discovery of Unauthorized Activity
- ransomware | Trio-Tech International Reports Ransomware Attack on Singapore Subsidiary
- ransomware | Rocky Mountain Care Targeted by Qilin Ransomware Group
- ransomware | Ransomware Attack Disrupts Digital Operations at Spain's Port of Vigo
- ransomware | Qilin Ransomware Group Targets German Political Party Die Linke
- ransomware | Woodfords Family Services Reports Second Ransomware Attack Impacting Thousands
- ransomware | Maine Mental Health Provider AMHC Targeted by Qilin Ransomware Group
- ransomware | Namibia Airports Company Targeted by INC Ransomware Group
- ransomware | Ransomware Attack on Viva Ticket Impacts 3,500 Global Partners Including the Louvre
- ransomware | Jackson County Sheriff's Office Hit by Ransomware Attack
- ransomware | Hikvision Targeted by New ALP-001 Ransomware Group Claiming 20TB Data Theft
