How many cybersecurity events occurred in week 16 of 2026?

Between April 13, 2026 and April 20, 2026, there were a total of 17 advisory/vulnerability events and 22 incident/data breach events. Additionally, 4 practical knowledge items were shared during this period.

How do week 16 2026 figures compare to week 15 2026?

Advisories increased from 9 in week 15 to 17 in week 16, while incidents decreased slightly from 23 to 22. The number of known impacted individuals rose significantly, from 42 thousand in week 15 to 17 million in week 16.

What was the largest data breach reported in week 16 of 2026?

The largest breach was the McGraw-Hill Confirms Data Breach Linked to Salesforce Misconfiguration incident, which exposed 13,500,000 individuals. In total, 16,717,203 individuals were impacted across 8 incidents, though the real number is likely higher as not all incidents report impacted individuals.

What were the leading causes of incidents in week 16 of 2026?

Malware, Ransomware and Related Attacks led the list with 6 incidents. This was followed by System Misconfiguration Exploits (2), Third Party Compromise (2), and Social Engineering and Phishing (2). Other causes included Software Vulnerability and SDLC Exploits, Human bad security behaviour, and Unauthorized access, each with 1 incident.

Which industries were most affected by incidents in week 16 of 2026?

Healthcare, IT/Software/Technology, and Finance were tied as the most affected industries, each with 4 incidents. Education, Hospitality/Events, Manufacturing, and Retail each saw 2 incidents, while Entertainment/Leisure and Transport/Logistics each recorded 1 incident.

Knowledge

State of (in)security - Week 16, 2026

published: yesterday

Take action: This week third party libraries and AI are the focus: If you're using Claude Code, update immediately to the latest version and stop using authentication helpers. Instead, set the ANTHROPIC_API_KEY environment variable directly. If you use Axios in your applications, start planning an update to version 1.15.0 or later. Make sure your nginx-ui instances are isolated from the internet and accessible from trusted networks only.

Learn More

In the week between April 13, 2026, midnight and April 20, 2026, midnight we witnessed a total of:

17 advisory/vulnerability events
22 incident/data breach events

Week over Week comparison of week 16 2026 vs week 15 2026

We also shared 4 practical knowledge items

Total impacted individuals via the events of the week

There were a total of 16,717,203 impacted individuals across 8 incidents, with the largest breach being the McGraw-Hill Confirms Data Breach Linked to Salesforce Misconfiguration incident exposing 13,500,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.

Cause breakdown of incidents

Cause	Number of incidents
Malware, Ransomware and Related Attacks	6
System Misconfiguration Exploits	2
Third Party Compromise	2
Social Engineering and Phishing	2
Software Vulnerability and SDLC Exploits	1
Human bad security behaviour	1
Unauthorized access	1

Industry breakdown of incidents

Industry	Number of incidents
Healthcare	4
IT/Software/Technology	4
Finance	4
Education	2
Hospitality/Events	2
Manufacturing	2
Retail	2
Entertainment/Leisure	1
Transport/Logistics	1

Read the Event Details of the Week

Knowledge

active exploit | CISA Warns of Active Exploitation in Apache ActiveMQ Jolokia API Vulnerability
active exploit | Critical nginx-ui Vulnerability CVE-2026-33032 Under Active Exploitation
awareness | Payouts King Ransomware Uses QEMU Virtual Machines to Evade Security
active exploit | ShowDoc Document Management Platform Targeted by Active RCE Exploitation

Vulnerabilities

critical vulnerability | Adobe releases April 2026 patches for multiple products
critical vulnerability | Anthropic Claude Code Leak Reveals Critical Command Injection Vulnerabilities
critical vulnerability | Axios Critical Vulnerability Enables Full Cloud Compromise via Prototype Pollution Gadget
ransomware | CISA Reports Active Exploitation of Four Microsoft Vulnerabilities, Including a 14-Year-Old Flaw
critical vulnerability | Cisco Patches Critical RCE and Impersonation Flaws in ISE and Webex
critical vulnerability | Critical Orthanc DICOM Server Vulnerabilities Expose Healthcare Systems to RCE and DoS
critical vulnerability | Critical Remote Code Execution Vulnerability Discovered in Protobuf.js Library
critical vulnerability | Esri Releases Critical Security Patches for ArcGIS Developer Credential Vulnerabilities
critical vulnerability | Fortinet Reports Critical Unauthenticated Vulnerabilities in FortiSandbox Platform
critical vulnerability | GitHub Webhook Secret Exposure: Some Secrets Inadvertently Leaked in HTTP Headers Between September 2025 and January 2026
critical vulnerability | Google Patches 31 Chrome Vulnerabilities Including Critical Sandbox Escapes
critical vulnerability | Mailcow Patches Critical XSS Flaws Enabling Unauthenticated Account Takeover
critical vulnerability | Microsoft April 2026 Patch Tuesday: 167 Vulnerabilities Fixed, Including Actively Exploited Zero-Day
critical vulnerability | Microsoft Defender RedSun Zero-Day Exploit Grants SYSTEM Privileges
critical vulnerability | SAP Security Patch Day April 2026: Critical SQL Injection and Authorization Flaws Addressed
critical vulnerability | Systemic Design Flaw in MCP Protocol Exposes AI Ecosystem to RCE
critical vulnerability | wolfSSL Patches Critical Certificate Forgery Vulnerability Affecting Billions of Devices

Incidents

data breach | Healthdaq Recruitment Platform Targeted by XP95 Hackers in Major Data Breach
data breach | Booking.com Notifies Customers of Data Breach and Targeted Phishing Campaign
data breach | Hotel Curracloe Guests Targeted in Phishing Campaign Following GuestDiary Data Breach
data breach | Amtrak Customer Data Leaked Following Salesforce Environment Compromise
data breach | Ameriprise Financial Reports Data Breach Affecting Over 47,000 Customers
data breach | Basic-Fit Data Breach Exposes Bank Details of One Million Members
data breach | Iowa Department of Health and Human Services Discloses Medicaid Data Leak
data breach | Pritchard Brown LLC Discloses Ransomware Attack, Data Theft Claimed by Interlock Group
data breach | Kloeckner Metals Corporation Reports Network Intrusion and Data Exfiltration
data breach | McGraw-Hill Confirms Data Breach Linked to Salesforce Misconfiguration
data breach | Fiverr Denies Data Leak Allegations Following Reports of Exposed Cloud Storage
data breach | MedTech Firm EBR Systems Reports Patient Data Breach
data breach | Express Fashion Retailer Exposes Customer Data via Website Security Flaw
data breach | Nobu Restaurant Group Data Breach Linked to Akira Ransomware Attack
data breach | Standard Bank and Liberty Suffer Major Data Breach Impacting 1.2TB of Records
data breach | Georgia Heritage Federal Credit Union Reports Ransomware Attack Affecting 43,077 Members
data breach | Inditex Reports Data Breach via Former Third-Party Technology Provider
data breach | Impac Mortgage Holdings Reports Two-Year-Old Data Breach Affecting Over 19,000 Individuals
data breach | Aligned Orthopedic Partners Discloses Email Environment Data Breach
ransomware | Spring Lake Park Schools Disrupts Operations Following Ransomware Attack
ransomware | FriendlyCare Pharmacy Targeted by Kairos Ransomware Group in 113GB Data Theft
ransomware | Autovista Group Disrupts European and Australian Operations Following Ransomware Attack

Read More
State of (in)security - Week 30, 2024
State of (in)security - Week 1, 2024
Fun story, Serious Risk of data leak via …
State of (in)security - Week 42, 2025
State of (in)security - Week 38, 2024