State of (in)security - Week 8, 2026

In the week between Feb. 16, 2026, midnight and Feb. 23, 2026, midnight we witnessed a total of:

• 11 advisory/vulnerability events
• 19 incident/data breach events

Week over Week comparison of week 8 2026 vs week 7 2026 :

• Advisories are down and incidents are up. Advisories are down from 19 in week 7 2026 to 11 in week 8 2026. Incidents are up from 16 in week 7 2026 to 19 in week 7 2026.
• The number of known impacted individuals is down - from 50.8 million in week 7 2026 to 1.2 million in week 8 2026.

We also shared 1 practical knowledge items

Total impacted individuals via the events of the week

There were a total of 1,200,829 impacted individuals across 5 incidents, with the largest breach being the French National Bank Database Breach Exposes 1.2 Million Accounts incident exposing 1,200,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.

Cause breakdown of incidents

Industry breakdown of incidents

Read the Event Details of the Week

Knowledge

• active exploit | Hackers Exploit Dell RecoverPoint Zero-Day to Deploy Stealthy Backdoor

Vulnerabilities

• critical vulnerability | Critical Authentication Bypass in Honeywell CCTV Products Allows Remote Account Takeover
• critical vulnerability | Critical CleanTalk Plugin Vulnerability Allows WordPress Site Takeover via DNS Spoofing
• critical vulnerability | Critical RCE Vulnerability in Airleader Master Industrial Monitoring Systems
• critical vulnerability | Critical Unauthenticated Root Vulnerability in Grandstream GXP1600 VoIP Phones
• critical vulnerability | Critical Vulnerabilities Reported in PUSR USR-W610 Industrial IoT Devices
• critical vulnerability | Google Chrome 145 Update Patches 11 Vulnerabilities Including High-Severity RCE Flaws
• critical vulnerability | Google Issues Emergency Patch for Actively Exploited Chrome Zero-Day
• critical vulnerability | Microsoft Patches Privilege Escalation Flaw in Windows Admin Center
• critical vulnerability | Mozilla Releases Security Updates for Firefox and Thunderbird
• critical vulnerability | Over 60 Security Vulnerabilities Resolved in AI Assistant OpenClaw
• critical vulnerability | Vulnerabilities Reported in Popular VSCode Extensions

Incidents

• data breach | Alert Medical Alarms Reports Data Breach
• data breach | Strategic Investment Solutions Inc. Reports Data Breach Exposing Client SSNs
• data breach | Abu Dhabi Finance Week Exposes Passports of Global Leaders via Cloud Misconfiguration
• data breach | Adidas Investigates Third-Party Data Breach Following Lapsus$ Group Claims
• data breach | City of San Jose Discloses Data Breach Following Loss of USB Drive
• data breach | PayPal Discloses Six-Month Data Exposure Caused by Software Error
• data breach | Holiday Haven Shoalhaven Heads Reports Data Breach and Phishing Campaign
• data breach | Alpine Lumber Ransomware Attack Exposes Employee Personnel Records
• data breach | Canada Goose Investigates Leak of 600,000 Customer Records Linked to Third-Party Breach
• data breach | French National Bank Database Breach Exposes 1.2 Million Accounts
• data breach | ShinyHunters Claims Theft of 1.7 Million CarGurus Records via SSO Vishing
• ransomware | Washington Hotel Japan Hit by Ransomware Attack
• ransomware | Seagrass Boutique Hospitality Group Hit by Kairos Ransomware
• ransomware | Qilin Ransomware Group Claims Breach of Mount Barker Co-operative
• ransomware | Issaqueena Pediatric Dentistry Reports Ransomware Attack Affecting Patient Data
• ransomware | LockBit 5.0 Ransomware Group Claims Breach of Aeromedical Society of Australasia
• ransomware | University of Mississippi Medical Center Shuts Down Clinics Following Ransomware Attack
• ransomware | New Age Dermatology LLC Reports Ransomware Attack Impacting Patient Data
• ransomware | Advantest Corp. Investigates Suspected Ransomware Attack