State of (in)security - Week 4, 2026
Take action: Be aware that all MCP servers are vulnerable various prompt injections. Always add filtering and validation to all inputs to the AI Agent and to the MCP server. If you are using Anthropic mcp-server-git, update it to version 2025.12.18 ASAP and avoid running Git and filesystem MCP servers on the same host.
Learn More
In the week between Jan. 19, 2026, midnight and Jan. 26, 2026, midnight we witnessed a total of:
- 15 advisory/vulnerability events
- 20 incident/data breach events
Week over Week comparison of week 4 2026 vs week 3 2025 :
- Advisories and incidents are down. Advisories are down from 25 in week 3 2026 to 15 in week 4 2026. Incidents are down from 21 in week 3 2026 to 20 in week 4 2026.
- The number of known impacted individuals is up - from 20 million in week 3 2026 to 149.7 million in week 4 2026.
We also shared 7 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 149,766,221 impacted individuals across 6 incidents, with the largest breach being the Massive Infostealer Database Exposes 149 Million Global Credentials incident exposing 149,404,754 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Healthcare | 7 |
| Government | 4 |
| Retail | 2 |
| Food and Beverage | 1 |
| Finance | 1 |
| Education | 1 |
| Hospitality/Events | 1 |
| IT/Software/Technology | 1 |
| Manufacturing | 1 |
| Automotive | 1 |
Read the Event Details of the Week
Knowledge
- active exploit | Attacks Target Freshly Patched Critical Fortinet Flaws
- active exploit | Broadcom and CISA Warn of Active Exploitation in VMware vCenter Server
- active exploit | Cisco Patches Actively Exploited Flaw in Unified Communications Products
- active exploit | Critical Privilege Escalation in Modular DS WordPress Plugin Actively Exploited
- active exploit | Critical SmarterMail Authentication Bypass Under Active Exploitation
- active exploit | GNU InetUtils telnetd Authentication Bypass Exploited in the Wild
- awareness | Mobile Security Threats Every Smartphone User Should Know About
Vulnerabilities
- critical vulnerability | 20,000 WordPress Sites Exposed to Backdoor in LA-Studio Element Kit
- critical vulnerability | Anthropic Patches Critical Prompt Injection Flaws in Official Git MCP Server
- critical vulnerability | Apache bRPC Critical Remote Command Injection Vulnerability
- critical vulnerability | Critical Command Injection Vulnerability in Legacy Vivotek Cameras
- critical vulnerability | Critical File Upload Flaw reported RealHomes CRM Plugin
- critical vulnerability | Critical Vulnerability Reported in Advanced Custom Fields: Extended Plugin
- critical vulnerability | FortiGate Firewalls Compromised Despite Recent Patches for CVE-2025-59718
- critical vulnerability | GNU InetUtils Telnetd Vulnerability Allows Unauthenticated Root Access
- critical vulnerability | Google Patches High-Severity V8 Race Condition in Chrome 144
- critical vulnerability | Hubitat Patches Critical Authorization Bypass in Elevation Hubs
- critical vulnerability | Multiple Vulnerabilities Reported in EVMAPA Electric Vehicle Charging Systems
- critical vulnerability | Oracle Releases January 2026 Patch Update Fixing 337 Security Flaws in Multiple Products
- critical vulnerability | TP-Link Patches Authentication Bypass Flaw in VIGI Cameras
- critical vulnerability | Vulnerabilities in Chainlit AI Framework Expose Data and Cloud Environments
- critical vulnerability | Zoom Patches Critical Command Injection Flaw in Node Multimedia Routers
Incidents
- data breach | PcComponentes Blocks Credential Stuffing Attack After False Breach Claims
- data breach | Progressive Auto Group Reports Data Breach
- data breach | Laurel Health Centers Email Breach Exposes Patient Medical and Financial Data
- data breach | Minnesota Human Services Program Breach Exposes Data of 300,000 Individuals
- data breach | Valley Family Health Care Patients Impacted by Third-Party Portal Breach
- data breach | European Space Agency Suffers Massive Data Theft by Scattered Lapsus$ Hunters
- data breach | RansomHouse Claims Breach of Apple Manufacturing Partner Luxshare
- data breach | Anchorage Police Department Isolates Servers Following Third-Party Cyberattack
- data breach | Middlesex Sheriff's Office Reports Data Breach
- data breach | Adapt Integrated Health Reports a Third Party Breach Exposing Patient Data
- data breach | Modern Health Reports Data Breach Affecting Member Medical Profiles
- data leak | Massive Infostealer Database Exposes 149 Million Global Credentials
- ransomware | French Crypto Tax Platform Waltio Hit by Shiny Hunters Extortion Attack
- ransomware | SAFEPAY Ransomware Gang Claims Breach of Glendale Obstetrics and Gynecology
- ransomware | Winona County Declares Emergency Following Ransomware Attack
- ransomware | NightSpire Ransomware Group Claims Breach of Hyatt Hotels
- ransomware | Everest Ransomware Group Claims 861 GB Data Theft from McDonald's India
- ransomware | Qilin Ransomware Group Claims Breach of Columbia Medical Practice
- ransomware | Cyberattack Disrupts Dresden State Art Collections Digital Infrastructure
- ransomware | Nike Investigates Potential Data Breach Following WorldLeaks Ransomware Claims
