State of (in)security - Week 17, 2026
Take action: If you use the Bitwarden CLI (@bitwarden/cli) version 2026.4.0, treat it as fully compromised - uninstall it immediately, downgrade to 2026.3.0, and rotate every credential on that machine (GitHub/npm tokens, AWS/GCP/Azure keys, SSH keys, .env secrets). Block audit.checkmarx.cx at your network egress and audit your GitHub account for unauthorized repos or workflow changes.
Learn More
In the week between April 20, 2026, midnight and April 27, 2026, midnight we witnessed a total of:
- 10 advisory/vulnerability events
- 21 incident/data breach events
Week over Week comparison of week 17 2026 vs week 16 2026
- Both advisories and incidents are down. Advisories are down from 17 in week 16 2026 to 10 in week 17 2026. Incidents are down from 22 in week 16 2026 to 21 in week 17 2026.
- The number of known impacted individuals is down - from 17 million in week 16 2026 to 1000 thousand in week 17 2026.
We also shared 7 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 999,867 impacted individuals across 11 incidents, with the largest breach being the UK Biobank Data Breach: 500,000 Volunteer Records Listed for Sale on Alibaba incident exposing 500,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Malware, Ransomware and Related Attacks | 4 |
| Social Engineering and Phishing | 3 |
| Unauthorized access | 3 |
| Software Vulnerability and SDLC Exploits | 2 |
| Third Party Compromise | 2 |
| Intentional System Sabotage and Crime | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| IT/Software/Technology | 4 |
| Government | 4 |
| Healthcare | 4 |
| Finance | 3 |
| Other | 1 |
| Construction/Realestate | 1 |
| Retail | 1 |
| Education | 1 |
| Food and Beverage | 1 |
| Insurance | 1 |
Read the Event Details of the Week
Knowledge
- active exploit | CISA Confirms Active Exploitation of Three Cisco Networking Vulnerabilities
- active exploit | Cloudways Patches Actively Exploited File Upload Flaw in Breeze Cache Plugin
- active exploit | LMDeploy AI Inference Engine Exploited Hours After SSRF Disclosure
- active exploit | Mirai Botnet Exploits Critical RCE Flaw in End-of-Life D-Link Routers
- awareness | PhantomRPC: Architectural Windows Flaw Allows Local Privilege Escalation
- active exploit | TeamPCP Campaign Hijacks Bitwarden npm Package to Steal Developer and Cloud Secrets
- active exploit | Zimbra XSS Flaw Actively Exploited
Vulnerabilities
- critical vulnerability | Atlassian Patches 38 Vulnerabilities in April 2026, Including Multiple Critical Flaws
- critical vulnerability | Critical Privilege Escalation Vulnerability in OpenClaw AI Agent Platform
- critical vulnerability | Critical RCE Vulnerability in SGLang AI Framework via Malicious GGUF Models
- critical vulnerability | Critical Unpatched Sandbox Escape in Cohere AI Terrarium Allows Root Code Execution
- critical vulnerability | CrowdStrike Patches Critical Path Traversal Vulnerability in LogScale
- critical vulnerability | Dell Patches Root-Level Vulnerabilities in PowerProtect Data Domain
- critical vulnerability | Microsoft Issues Emergency Patches for Critical ASP.NET Core Cryptographic Flaw
- critical vulnerability | Oracle April 2026 Critical Patch Update Addresses 481 Vulnerabilities
- critical vulnerability | Python asyncio Vulnerability Exposes Windows Systems to Remote Code Execution
- data breach | Xinference PyPI Package Compromised in Supply Chain Attack
Incidents
- data breach | Maryland Real Property Search Tool Taken Offline Following Suspicious Activity
- data breach | Citizens Bank Faces Class Action Lawsuits Following Third-Party Data Breach and Everest Ransomware Claims
- data breach | ADT Confirms Data Breach Following ShinyHunters Extortion Threat
- data breach | ShinyHunters Extortion Group Claims Breach of 1.4 Million Udemy Records
- data breach | BePrime Cybersecurity Breach Exposes Client Pentest Reports and Network Infrastructure
- data breach | ShinyHunters Extorts Canada Life Following Employee Account Compromise
- data breach | Los Angeles County Office of Education Investigates Potential Data Breach Following Fraudulent Tax Filings
- data breach | France Titres (ANTS) Data Breach Exposes Personal Information of Portal Users
- data breach | Rituals Confirms Data Breach of Global Membership Database
- data breach | Bayside Dental Ransomware Attack Exposes Medical Data of Over 15,000 Patients
- data breach | UK Biobank Data Breach: 500,000 Volunteer Records Listed for Sale on Alibaba
- data breach | Vercel Discloses Internal System Breach Following Third-Party OAuth Compromise
- data breach | LPL Financial Breach: Phishing Attack Leads to Unauthorized Client Trades
- data breach | Lovable AI Platform Exposed Thousands of Projects via BOLA Vulnerability
- data breach | Municipality of Epe Data Breach Impacts Nearly All Residents via ClickFix Attack
- data breach | City of Suffolk Stops Ransomware Encryption Following CISA Alert
- data breach | Restaurant Management Company of Wichita Data Breach Impacts 120,000 Individuals
- data breach | Southern Illinois Dermatology Discloses Data Breach Affecting 160,000 Patients
- denial of service | Litecoin Network Executes 13-Block Reorganization to Patch MWEB Zero-Day Exploit
- ransomware | Kairos Ransomware Group Claims 441GB Data Theft from Strata Republic
- ransomware | Ransomware and Email Breaches Impact Three U.S. Healthcare Providers
