Grafana Labs has
Grafana Labs has confirmed a recent data breach was caused by the TanStack supply chain attack
2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.
Grafana Labs has confirmed a recent data breach was caused by the TanStack supply chain attack
Langflow Origin Validation Error Vulnerability — Langflow contains an origin validation error vulnerability in which an overly permissive CORS configuration combined with a refresh token cookie configured as SameSite=Non
126,293 records exposed — Dates of birth, Email addresses, Names, Passwords and 2 more
46,105 records exposed — Email addresses, IP addresses, Passwords, Usernames
Microsoft Internet Explorer Use-After-Free Vulnerability — Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code by accessing a pointer associate
Microsoft DirectX NULL Byte Overwrite Vulnerability — Microsoft DirectX contains a NULL byte overwrite vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow which could allow remote attackers to
Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability — Adobe Acrobat and Reader contain a heap-based buffer overflow vulnerability which could allow remote attackers to execute arbitrary code via a crafted P
Microsoft Internet Explorer Use-After-Free Vulnerability — Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code via vectors involving access to
Microsoft Defender Denial of Service Vulnerability — Microsoft Defender contains an unspecified vulnerability that allows for denial of service.
Microsoft Defender Link Following Vulnerability — Microsoft Defender contains a link following vulnerability that allows an authorized attacker to elevate privileges locally.
Microsoft Windows Buffer Overflow Vulnerability — Microsoft Windows contains a buffer overflow vulnerability in the Windows Server Service that allows remote attackers to execute arbitrary code via a crafted RPC request
468,124 records exposed — Email addresses, Names, Phone numbers
34,532,941 records exposed — Age groups, Credit scores, Device information, Email addresses and 9 more
Microsoft Exchange Server Cross-Site Scripting Vulnerability — Microsoft Exchange Server contains a cross-site scripting vulnerability during web page generation in Outlook Web Access and when certain interaction conditi
711,099 records exposed — Email addresses, Employers, Job titles, Names and 2 more
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability — Cisco Catalyst SD-WAN Controller & Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass a
237,810 records exposed — Email addresses, Job titles, Names, Phone numbers and 3 more
Instructure says it reached an agreement with ShinyHunters over the Canvas breach data
HiddenLayer reveals infostealer malware in a Hugging Face repository
310,431 records exposed — Email addresses, Job titles, Names, Phone numbers and 2 more
The ICO has fined South Staffordshire Water nearly £1m for a series of data protection failings
ShinyHunters gets away with emails and other data on 200,000 Zara customers
ShinyHunters has escalated its Canvas extortion campaign, defacing hundreds of school login pages and threatening to leak stolen data unless institutions negotiate
197,376 records exposed — Email addresses, Geographic locations, Purchases, Support tickets