Another week, another frontier model. As Anthropic’s Claude Opus 4.7 chases enterprise depth and OpenAI turns ChatGPT, GPT‑6 and GPT‑Rosalind into the ambient verbs of digital work and lab science, the contest is no longer IQ scores. It is which unseen layer we quietly let sit beneath institutions.
ShinyHunters has exposed a critical weakness in cloud systems. The McGraw Hill breach shows how misconfigured Salesforce portals enabled large scale data leaks, with no software flaw to fix. This marks a shift toward exploiting common operational gaps rather than rare vulnerabilities.
Anthropic’s Mythos clampdown, April’s record Patch Tuesday and Nvidia’s Blackwell‑to‑Rubin GPU roadmap mark a turning point in cyber defence, exposing how deeply allied nations now rely on US‑controlled, agentic AI to detect and counter zero‑day threats.
Instagram is denying a system breach after data from 17.5 million accounts was leaked online and users were hit with a wave of password reset emails. Meta says it fixed a bug causing the email spam, but the leaked data, though likely old, still poses a significant phishing risk to users.
Cyber News Centre's cyber update for 12th January 2026: Widespread confusion has hit Instagram users globally as a password reset bug coincided with the leak of data from a reported 17.5 million accounts, forcing parent company Meta to deny its systems were breached while urging users to remain vigilant.
Update: Over the past 48 hours, Instagram users, have been targeted by a confusing series of events. A wave of unsolicited but legitimate password reset emails flooded inboxes, sparking fears of a mass account compromise. Simultaneously, a dataset containing 17.5 million Instagram profiles was released for free on hacking forums. The leaked data includes usernames, names, emails, phone numbers, and physical addresses.
In response, Meta issued a statement clarifying that there was "no breach of our systems." The company stated it had fixed a bug that "allowed an external party to request password reset emails for some Instagram users" and advised users to disregard the emails.
We fixed an issue that let an external party request password reset emails for some people. There was no breach of our systems and your Instagram accounts are secure.
— Instagram (@instagram) January 11, 2026
You can ignore those emails — sorry for any confusion.
While Meta denies a new breach, the source of the leaked data remains contentious. The leaker claims it was scraped via a 2024 API leak, but security researchers suggest it is more likely a compilation of older data, possibly from a known 2022 scraping incident or even a 2017 API bug. Crucially, the leaked data does not contain passwords.
Why it Matters: This incident, despite Meta's denial of a "breach," is a security issue with significant implications for users. The combination of the password reset scare and the data leak creates a perfect storm for phishing attacks. Even if the leaked data is old, it is now freely available and can be used by criminals to craft highly convincing and targeted phishing emails or text messages. An attacker, armed with a user's real name, email, and phone number, could easily trick them into revealing their password or other sensitive information.
The incident highlights that the definition of a "breach" is often debated; while systems may not have been infiltrated in a traditional sense, the mass scraping and release of user data is a severe privacy violation. It serves as a critical reminder for all social media users to enable two-factor authentication, which provides a vital layer of security even if a password is stolen, and to be extremely cautious of any unsolicited communications, even if they appear to come from a trusted source like Instagram.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
ShinyHunters has exposed a critical weakness in cloud systems. The McGraw Hill breach shows how misconfigured Salesforce portals enabled large scale data leaks, with no software flaw to fix. This marks a shift toward exploiting common operational gaps rather than rare vulnerabilities.
Booking.com confirms hackers accessed customer names, emails, addresses, and booking details via third-party compromise. Stolen data is already fuelling targeted WhatsApp phishing attacks, exposing deep supply chain vulnerabilities in global travel platforms.
Anthropic’s rapid push into enterprise AI and its $30B raise signal a new phase where autonomous systems drive both productivity and cyber risk. As AI executes tasks at machine speed, markets, governments and workers face a sharper question: who controls the systems now shaping outcomes.
Zero‑day bugs in high‑privilege edge and security tools are being weaponised faster than organisations can patch, compressing response windows for Asia–Pacific defenders and turning shared enterprise stacks into a regional blast radius for attack.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
