Carrie Tait
Carrie Tait reports: A retired lawyer is suing Alberta, its Chief Electoral Officer and two organizations that support secession for their respective roles in an alleged data breach affecting 2.9 million residents in the
2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.
Carrie Tait reports: A retired lawyer is suing Alberta, its Chief Electoral Officer and two organizations that support secession for their respective roles in an alleged data breach affecting 2.9 million residents in the
Higher education has consolidated its entire academic operation into a handful of massive SaaS platforms. The LMS manages instruction, grading and communication. The SIS owns enrollment, records and financial aid. Identi
Connor Jones reports: AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing. The medical equipment company disclo
A new report from the Citizen Lab has revealed that former Member of the European Parliament Stelios Kouloglou had his mobile device repeatedly hacked with the notorious Pegasus spyware while serving on a committee that
2,303,416 records exposed — Dates of birth, Email addresses, Genders, Marital statuses and 3 more
Security firm Sysdig says it has found what it believes is the first ransomware attack run from start to finish by an AI agent. Its Threat Research Team calls the operator JADEPUFFER and says a large language
Aflac Japan has notified regulators that policy details and personal and banking information have been compromised
Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability — Microsoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code ove
Securonix said the Veil#Drop campaign abuses Google Blogspot to deliver PureLog Stealer in memory
Nissan says employees' data was stolen via the Oracle PeopleSoft zero-day campaign
Threat actors don't need any special authentication to reach a target endpoint — they just need to know where it is.
An attacker has exploited a zero day in Oracle Peoplesoft to gain access to the IT systems of the NAIC, the standard-setting association for the US federal insurance system
Nation-state attackers breach water systems through weak passwords, exposed PLCs, and poor segmentation — not sophisticated malware.
SimpleHelp Authentication Bypass Vulnerability — SimpleHelp contains an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login
2,691,852 records exposed — Customer feedback, Email addresses, Employers, Job titles and 4 more
The UK Cyber Monitoring Centre reviews the Canvas breach affecting 160 UK universities, highlighting data theft risks and financial impacts of cyber incidents
216,601 records exposed — Email addresses, Job titles, Names, Phone numbers and 1 more
Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability — Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SM
PTC Windchill and FlexPLM Improper Input Validation Vulnerability — PTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to execute arbitrary code by
9,796,738 records exposed — Customer service records, Email addresses, Names, Phone numbers and 1 more
Customers of the affected Japanese email services are “strongly advised” to change their email passwords
Ubiquiti UniFi OS Path Traversal Vulnerability — Ubiquiti UniFi OS contains a path traversal vulnerability which could allow a malicious actor with access to the network to access files on the underlying system that coul
Ubiquiti UniFi OS Improper Access Control Vulnerability — Ubiquiti UniFi OS contains an improper access control vulnerability which could allow a malicious actor with access to the network to make unauthorized changes to
Ubiquiti UniFi OS Improper Input Validation Vulnerability — Ubiquiti UniFi OS contains an improper input validation vulnerability which could allow a malicious actor with access to the network to conduct command injectio