Delta Air Lines
870K SkyMiles member records and passport data exposed via compromised CrowdStrike integration
Latest Disclosures
North Korean Hackers Use Deepfake
Campaign combines stolen Telegram accounts, fake Zoom calls and ClickFix attacks to deploy infostealer malware
Walgreens Boots Alliance
2.1M pharmacy patient records exposed via compromised health services vendor
Mastercard (EU Processing)
680K European cardholder records exposed via compromised transaction processing node
Microsoft Windows
Microsoft Windows Improper Privilege Management Vulnerability — Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privile
Oman Ministry of Health
280K patient records exposed
“Digital Parasite” Warning as Attackers
Picus Security warns of the increasingly sophisticated ways malicious activity is staying hidden
Association Nationale des Premiers Secours
5,600 records exposed — Dates of birth, Email addresses, Names, Places of birth and 1 more
Microsoft Windows
Microsoft Windows Type Confusion Vulnerability — Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
Deutsche Telekom (Germany)
3.1M customer records accessed via compromised customer service platform
Toy Battles
1,017 records exposed — Chat logs, Email addresses, IP addresses, Usernames
Weston Foods (George Weston)
340K employee and supply records exposed
Microsoft Windows
Microsoft Windows NULL Pointer Dereference Vulnerability — Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
Banco de Chile
450K customer records exposed in credential harvesting
Jean Coutu (Pharmacy)
450K patient records exposed in POS breach
Microsoft Windows
Microsoft Windows Shell Protection Mechanism Failure Vulnerability — Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature ov
Gowling WLG
210K client records compromised via vendor
Rio Tinto (2026)
670K mining operational records exposed in targeted espionage
KU Leuven (Belgium)
190K student records exposed
SaskPower (Canada)
340K customer utility records exposed via compromised billing system vendor
Microsoft Windows
Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability — Microsoft MSHTML Framework contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feat
Microsoft Office
Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability — Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized
Researchers Find 40,000+ Exposed OpenClaw
SecurityScorecard has identified over 40,000 OpenClaw deployments exposed to potential attack
Robinhood Markets (2026)
2.8M customer trading records and SSNs exposed via social engineering attack on support staff