Instagram Data Breach of 17 Million Accounts: Denied

Instagram Data Breach of 17 Million Accounts: Denied

In January 2026, Instagram (Meta) denied claims of a new data breach following the release of a dataset allegedly containing information from 17 million accounts on hacking forums. Meta clarified that it fixed a bug that allowed external parties to trigger mass password reset emails. Meta emphasized that no internal systems were compromised. Security researchers suggest the leaked data—which includes usernames, phone numbers, and email addresses—is likely a compilation of information scraped via APIs in previous years (possibly dating back to 2017 or 2022) rather than a fresh breach. Users are advised to ignore unsolicited password reset requests and enable two-factor authentication to protect against phishing and social engineering.

Source: Bleeping Computer

JPMorgan Chase Under Data Breach

Following a similar disclosure from Goldman Sachs, JPMorgan Chase has now notified investors of a data breach. Specifically, the incident hit a private equity fund. The issue stemmed from a security breach at the law firm Fried Frank. During the attack, an unauthorized party copied files from a shared network drive. As a result, the personal information of 659 individuals was compromised. This data included names, Social Security numbers, and passport details. Despite this, JPMorgan emphasized that its own internal systems remained safe. In fact, the breach did not affect their private servers.

Source: Security Week

Endesa, Spanish Energy Giant, Discloses Data Breach

Spanish energy giant Endesa has disclosed a significant data breach after unauthorized actors gained access to its commercial platform. Potentially, this breach impacted a portion of its 22 million customers across Spain and Portugal. The exposed information includes sensitive details such as national identity numbers, contact information, and bank account IBANs, although the company clarified that user passwords remained secure. While Endesa is currently notifying affected individuals and authorities, a threat actor has already claimed to be selling a stolen 1TB database containing 20 million records on the dark web.

Source: The Cyber Express

Critical n8n Vulnerability (CVE-2025-68668) Allows Full System Takeover

A critical vulnerability, CVE-2025-68668, impacts the n8n automation platform. Unauthenticated attackers can achieve full system takeover. They do this by executing commands via the Python Code Node. The flaw exists due to a bypass in the sandboxing mechanism. This allows malicious code to escape the restricted environment. Consequently, attackers can access the underlying server. Users must update to version 1.71.1 or later immediately.

Source: The Hacker News

UK Announces to Strengthen Cyber Defenses for Public Sectors

The UK launched a £210 million Government Cyber Action Plan. A new central unit will unify security standards and response times. This initiative covers all government departments. Agencies must now meet rigorous security thresholds. These standards match those used for critical infrastructure providers. This move counters a “critically high” threat level. The strategy also introduces a Software Security Ambassador Scheme. This program promotes secure development practices across the board. It aims to bolster the nation’s digital supply chain resilience.

Source: Bleeping Computer

Click here to subscribe our Newsletter