State of (in)security - Week 2, 2026
Take action: Vendors of AI are racing to push out products with very limited controls and the users are at risk. Limit the data your AI agents can access by using the principle of least privilege for all app connectors. Turn off the 'Memory' feature if your team does not need the AI to remember details across different chat sessions to prevent persistent prompt injection. Limit the abilities of the Agents to not be able to impersonate you without enforced human review and decision.
Learn More
In the week between Jan. 5, 2026, midnight and Jan. 12, 2026, midnight we witnessed a total of:
- 19 advisory/vulnerability events
- 19 incident/data breach events
Week over Week comparison of week 2 2026 vs week 1 2026 :
- Advisories are up and incidents remain the same as previous week. Advisories are up from 7 in week 1 2026 to 19 in week 2 2026. Incidents are still at 19 in week 1 2026 and in week 2 2026.
- The number of known impacted individuals is up - from 1.05 million in week 1 2026 to 19 million in week 2 2026.
We also shared 4 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 19,022,558 impacted individuals across 7 incidents, with the largest breach being the Instagram API exposure leaks 17.5 million user records incident exposing 17,500,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Healthcare | 4 |
| Education | 4 |
| IT/Software/Technology | 3 |
| Government | 2 |
| Finance | 2 |
| Telecommunications | 1 |
| Insurance | 1 |
| Other | 1 |
| Retail | 1 |
Read the Event Details of the Week
Knowledge
- active exploit | CISA reports actively exploited Critical HPE OneView flaw
- active exploit | CISA warns of active attacks legacy PowerPoint flaw
- active exploit | Critical RCE Vulnerability Exploited in Legacy D-Link DSL Routers
- active exploit | Massive holiday exploitation campaign targets adobe ColdFusion, other systems
Vulnerabilities
- critical vulnerability | Another critical RCE flaw reported in n8n automation platform
- data breach | Cisco patches Identity Services Engine flaw after public exploit release
- critical vulnerability | Coolify reports 11 critical flaws enabling full server compromise
- critical vulnerability | Critical flaws and public exploits released for Trend Micro Apex Central on-premise management
- critical vulnerability | Critical Ni8mare flaw in n8n allows unauthenticated remote takeover
- critical vulnerability | Critical path traversal flaw in AdonisJS enable server takeover
- critical vulnerability | Critical path traversal flaw reported in jsPDF library
- critical vulnerability | Critical sandbox bypass reported in n8n automation platform
- critical vulnerability | Google Android security bulletin for January 2026 patches Zero-Click vulnerability in Dolby Audio decoder
- critical vulnerability | Google patches high-risk WebView flaw in first 2026 Chrome update
- critical vulnerability | Hitachi Energy patches critical RCE flaw in Asset Suite
- critical vulnerability | Kanboard patches critical authentication bypass and information disclosure flaws
- critical vulnerability | Mitsubishi Electric patches critical SCADA and HMI vulnerabilities
- critical vulnerability | OWASP CRS Patches Critical Multipart Charset Validation Bypass
- critical vulnerability | Ubiquiti patches security flaws in UniFi Protect camera software
- critical vulnerability | Unpatched command Injection flaw reported in Trendnet TEW-713RE extenders
- critical vulnerability | Unpatched root backdoor found in EoL TOTOLINK EX200 extenders
- critical vulnerability | Veeam Patches Critical Remote Code Execution Flaw in Backup & Replication v13
- critical vulnerability | ZombieAgent attack techniques exploit ChatGPT Connectors to steal data
Incidents
- data breach | Suspected breach of unclassfied U.S. House Committee email systems
- data breach | Leiden University leaks staff expense records during system migration
- data breach | Hacker claims breach of NordVPN, company refutes, claims it's third-party test data breach
- data breach | Instagram API exposure leaks 17.5 million user records
- data breach | Aurora College Suspends Classes Following Holiday Cyber Attack
- data breach | Broadband provider Brightspeed investigates data breach claims
- data breach | Vida Y Salud-Health Systems Data Breach
- data breach | Australian insurer Prosura reports data breach, extortion attempt
- data breach | Keio University Shonan Fujisawa Campus reports data breach
- data breach | Hackers claim breach of Resecurity, the company reports the exposed system was a honeypot
- data breach | Gulshan Management Services reports phishing attack exposing data of 377,000 customers
- data breach | HCIactive reports data breach exopsing data of 103,000 South Carolinians
- data breach | Ledger customers impacted by third party breach on Global-e
- data breach | First Federal Savings & Loan Association Data Breach Investigation
- ransomware | Qilin ransomware gang claims breach of Valley Eye Associates
- ransomware | Leduc County reports ransomware attack impacting municipal services
- ransomware | Higham Lane School Shuts Down Following Major Cyberattack
- ransomware | Lynx ransomware group claims breach of Regis Resources subsidiary
- ransomware | Hale Makua Health Services hit by ransomware attack
