Crypto Scam "ShieldGuard" Dismantled After
ShieldGuard Chrome extension posed as a crypto security tool but stole wallets and drained user data
2026 Data Breaches Year-to-Date (461 indexed)
Synacor Zimbra Collaboration Suite (ZCS)
Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability — Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability in the Classic UI where attackers could abuse Cascading
FedEx Corporation
1.1M shipping records and customs declarations exposed via unsecured S3 bucket
Wing FTP Server Wing FTP Server
Wing FTP Server Information Disclosure Vulnerability — Wing FTP Server contains a generation of error message containing sensitive information vulnerability when using a long value in the UID cookie.
Canada Post
950K address and package tracking records exposed via third-party logistics vendor breach
McKesson Corporation
2.8M pharmacy customer records exposed via compromised drug distribution platform
Wipro Technologies (India)
890K employee and client records exposed via compromised email system in phishing campaign
Baydöner
1,266,822 records exposed — Dates of birth, Email addresses, Genders, Geographic locations and 5 more
Stripe Inc. (Merchant Data)
1.5M merchant processing records exposed via compromised internal dashboard access
Divine Skins
105,814 records exposed — Email addresses, Purchases, Usernames
LabCorp (Quest Integration)
820K patient lab results exposed via misconfigured API following Quest Diagnostics merger
Norton Rose Fulbright (Canada)
85K client records from Canadian offices exposed via supply chain compromise
Suncorp Group (Australia)
1.4M insurance policyholder records exposed via compromised claims processing system
Google Skia
Google Skia Out-of-Bounds Write Vulnerability — Google Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerabil
Google Chromium V8
Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability — Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerabil
Toshiba (Japan)
430K employee and business partner records stolen in DarkAngels ransomware attack
California State University System
2.3M student records from 23 campuses exposed via compromised PeopleSoft instance
Adobe Inc. (Creative Cloud)
1.8M Creative Cloud subscriber records exposed via compromised customer success platform
National Australia Bank
1.3M customer records stolen via compromised third-party data analytics platform
Sanofi (France)
1.2M clinical trial participant records exposed via compromised research data platform
France
French small and medium businesses remained the organizations most targeted by ransomware in 2025
Compromised WordPress Sites Deliver ClickFix
Over 250 legitimate websites, including news outlets and a US Senate candidate’s official webpage, been compromised to infect visitors with infostealers, warn Rapid7 researchers
n8n n8n
n8n Improper Control of Dynamically-Managed Code Resources Vulnerability — n8n contains an improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system that allows for
TD Bank (Canada/US)
3.8M customer records exposed in cross-border data breach affecting Canadian and US operations