Province of Quebec (Revenu)
670K taxpayer records exposed via compromised e-filing integration at provincial revenue agency
Latest Disclosures
Roundcube Webmail
RoundCube Webmail Cross-site Scripting Vulnerability — RoundCube Webmail contains a cross-site scripting vulnerability via the animate tag in an SVG document.
Atlassian Confluence Cloud
4.8M wiki pages from enterprise customers exposed via critical authentication bypass
VIQ Solutions (Canada)
Sensitive court transcripts compromised after Indian subcontractor breach — ignored warnings
Hydro-Quebec (Canada)
640K customer billing records exposed via compromised metering data system
University of Sydney (Australia)
340K student records including visa and financial information exposed in targeted attack
Figure
967,178 records exposed — Dates of birth, Email addresses, Names, Phone numbers and 1 more
Canada Health Infoway
3.2M patient health records from interprovincial data exchange compromised
GitLab GitLab
GitLab Server-Side Request Forgery (SSRF) Vulnerability — GitLab contains a server-side request forgery (SSRF) vulnerability when requests to the internal network for webhooks are enabled.
Adidas (Third-Party Breach)
815K customer records stolen from third-party licensing partner — second breach in a year
CIBC (Canada)
1.2M customer records compromised via third-party mortgage processing vendor
Dell RecoverPoint for Virtual Machines (RP4VMs)
Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability — Dell RecoverPoint for Virtual Machines (RP4VMs) contains an use of hard-coded credentials vulnerability that could allow an un
Hogan Lovells International LLP
510K cross-border dispute records exposed via compromised document review platform
Record Number of Ransomware Victims
Searchlight Cyber reports a 30% annual increase in ransomware victim numbers in 2025
Rolls-Royce Holdings
280K employee and defense contract records from engine division exposed in supply chain attack
TeamT5 ThreatSonar Anti-Ransomware
TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability — TeamT5 ThreatSonar Anti-Ransomware contains an unrestricted upload of file with dangerous type vulnerability. ThreatSonar
NEC Corporation (Japan)
540K defense contractor employee records and project data accessed over multi-year intrusion
Synacor Zimbra Collaboration Suite
Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability — Synacor Zimbra Collaboration Suite (ZCS) contains a server-side request forgery vulnerability if WebEx zimlet installed and zimlet JSP
Low-Skilled Cybercriminals Use AI to
Unit 42 researchers observed a low-skilled threat actor using an LLM to script a professional extortion strategy, complete with deadlines and pressure tactics
Infostealer Targets OpenClaw to Loot
Hudson Rock has warned OpenClaw users that infostealers are targeting their configuration files
Canada Goose
581,877 records exposed — Device information, Email addresses, IP addresses, Names and 4 more
Microsoft Windows
Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability — Microsoft Windows Video ActiveX Control contains a remote code execution vulnerability. An attacker could exploit the vulnerability by constr
Google Chromium
Google Chromium CSS Use-After-Free Vulnerability — Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulne
Bupa (UK/Global)
780K international health insurance member records exposed via insider data theft