Atlassian Confluence Cloud
4.8M wiki pages from enterprise customers exposed via critical authentication bypass
2026 Data Breaches Year-to-Date (462 indexed)
CarMax
431,371 records exposed — Email addresses, Names, Phone numbers, Physical addresses
Roundcube Webmail
RoundCube Webmail Deserialization of Untrusted Data Vulnerability — RoundCube Webmail contains a deserialization of untrusted data vulnerability that allows remote code execution by authenticated users because the _from
Roundcube Webmail
RoundCube Webmail Cross-site Scripting Vulnerability — RoundCube Webmail contains a cross-site scripting vulnerability via the animate tag in an SVG document.
University of Sydney (Australia)
340K student records including visa and financial information exposed in targeted attack
Hydro-Quebec (Canada)
640K customer billing records exposed via compromised metering data system
Dell RecoverPoint for Virtual Machines (RP4VMs)
Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability — Dell RecoverPoint for Virtual Machines (RP4VMs) contains an use of hard-coded credentials vulnerability that could allow an un
CIBC (Canada)
1.2M customer records compromised via third-party mortgage processing vendor
Record Number of Ransomware Victims
Searchlight Cyber reports a 30% annual increase in ransomware victim numbers in 2025
Hogan Lovells International LLP
510K cross-border dispute records exposed via compromised document review platform
Canada Health Infoway
3.2M patient health records from interprovincial data exchange compromised
Figure
967,178 records exposed — Dates of birth, Email addresses, Names, Phone numbers and 1 more
Adidas (Third-Party Breach)
815K customer records stolen from third-party licensing partner — second breach in a year
GitLab GitLab
GitLab Server-Side Request Forgery (SSRF) Vulnerability — GitLab contains a server-side request forgery (SSRF) vulnerability when requests to the internal network for webhooks are enabled.
TeamT5 ThreatSonar Anti-Ransomware
TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability — TeamT5 ThreatSonar Anti-Ransomware contains an unrestricted upload of file with dangerous type vulnerability. ThreatSonar
Google Chromium
Google Chromium CSS Use-After-Free Vulnerability — Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulne
NEC Corporation (Japan)
540K defense contractor employee records and project data accessed over multi-year intrusion
Canada Goose
581,877 records exposed — Device information, Email addresses, IP addresses, Names and 4 more
Microsoft Windows
Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability — Microsoft Windows Video ActiveX Control contains a remote code execution vulnerability. An attacker could exploit the vulnerability by constr
Synacor Zimbra Collaboration Suite
Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability — Synacor Zimbra Collaboration Suite (ZCS) contains a server-side request forgery vulnerability if WebEx zimlet installed and zimlet JSP
Infostealer Targets OpenClaw to Loot
Hudson Rock has warned OpenClaw users that infostealers are targeting their configuration files
Low-Skilled Cybercriminals Use AI to
Unit 42 researchers observed a low-skilled threat actor using an LLM to script a professional extortion strategy, complete with deadlines and pressure tactics
Rolls-Royce Holdings
280K employee and defense contract records from engine division exposed in supply chain attack
APOIA.se
450,764 records exposed — Email addresses, Names, Physical addresses