2026 Data Breaches Year-to-Date (747 indexed)
HSIN security platform
HSIN security platform breached by unauthorized party
Tchap French Gov Messenger
73K government accounts and 643K messages stolen
DHS Homeland Security Network
Federal intel-sharing platform breached
Cyber threat actors are infecting victims with the Vidar stealer and the XMRig
Cyber threat actors are infecting victims with the Vidar stealer and the XMRig cryptocurrency miner in a new malicious campaign
A financially motivated operation uses lures of cracked or pirated software to deliver a
A financially motivated operation uses lures of cracked or pirated software to deliver a malware two-for-one combo for data theft and cryptomining.
GitHub continues to be a scintillating target for attackers because it sits in the
GitHub continues to be a scintillating target for attackers because it sits in the middle of the software supply chain and gives threat actors three things they crave: source code, secrets, and automated pipelines to run
Telco giant KDDI
Japanese telecommunications giant KDDI says that millions of people had their email addresses and passwords exposed after attackers breached an email platform used by five internet service providers (ISPs) in the country
For years, account takeover (ATO) followed a predictable script. Attackers bought stolen
For years, account takeover (ATO) followed a predictable script. Attackers bought stolen credentials in bulk, ran them through automated tools, and waited for matches. Credential stuffing was cheap, scalable, and for def
JoomShaper SP Page Builder
JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability — JoomShaper SP Page Builder contains an unrestricted upload of file with dangerous type vulnerability that allows unauthenticated
Accenture
IT services giant Accenture has confirmed it suffered a security breach after a threat actor claimed to have stolen 35 GB of source code and other data from the company. [...]
Chase Jordan
Chase Jordan reports an update in the litigation stemming from a 2024 breach by Hunters International. This case has raised a number of issues about standing and negligence and has been up and down in the courts, with pl
The alleged victim, believed to be a small Ohio county, reportedly paid the extortion
The alleged victim, believed to be a small Ohio county, reportedly paid the extortion group to prevent the public release of sensitive stolen data. The post County Government Reportedly Paid $1 Million to Cyber Extortion
Joomlack Page Builder
Joomlack Page Builder Improper Access Control Vulnerability — Joomlack Page Builder contains an improper access control vulnerability that could allow for remote code execution via unauthenticated arbitrary file upload.
Adobe ColdFusion
Adobe ColdFusion Path Traversal Vulnerability — Adobe ColdFusion contains a path traversal vulnerability that could lead to arbitrary code execution in the context of the current user.
KIRO7
KIRO7 reports: The Washington Department of Social and Health Services (DSHS) is issuing a notice of a massive data breach that happened in March, potentially compromising the personal data of around 8,600 people. An int
The Gentlemen ransomware underscores a challenge many CISOs face: stopping attackers
The Gentlemen ransomware underscores a challenge many CISOs face: stopping attackers after they gain an initial foothold. Researchers say the malware can spread across enterprise networks using legitimate Windows managem
Langflow Langflow
Langflow Authorization Bypass Through User-Controlled Key Vulnerability — Langflow contains an authorization bypass through user-controlled key vulnerability which allows an authenticated attacker to execute any flow bel
A cyber risk assessment helps security teams identify, estimate, and prioritize
A cyber risk assessment helps security teams identify, estimate, and prioritize potential threats and vulnerabilities to key enterprise digital and physical assets. Yet, despite its importance, many CISOs fall victim to
A threat group researchers call "Armored Likho" has gained access to
A threat group researchers call "Armored Likho" has gained access to government agencies and electrical power entities in Russia, Brazil, and Kazakhstan.
JadePuffer
An "agentic threat actor" successfully exploited a Langflow flaw to steal data from a production database server and encrypt other systems.