Illinois State Government
System failure exposed personal data of residents publicly for four years
Latest Disclosures
Takeda Pharmaceutical (Japan)
670K clinical records compromised
Banca Transilvania (Romania)
340K customer records stolen
Falabella (Chile)
450K customer records stolen
Conduent
Fortune 500 operational data — multiple state governments affected
View incident → Indexed 3 months, 1 week ago
MongoDB MongoDB and MongoDB Server
MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability — MongoDB Server contains an improper handling of length parameter inconsistency vulnerability in Zlib compressed protocol head
WIRED
2,364,431 records exposed — Dates of birth, Display names, Email addresses, Genders and 4 more
Utair
401,400 records exposed — Dates of birth, Email addresses, Genders, Loyalty program details and 4 more
Медицинская лаборатория Гемотест (Gemotest)
6,341,495 records exposed — Dates of birth, Email addresses, Genders, Government issued IDs and 4 more
Digiever DS-2105 Pro
Digiever DS-2105 Pro Missing Authorization Vulnerability — Digiever DS-2105 Pro contains a missing authorization vulnerability which could allow for command injection via time_tzsetup.cgi.
WIRED / Conde Nast
2.3M subscriber records leaked on hacking forum
WatchGuard Firebox
WatchGuard Firebox Out of Bounds Write Vulnerability — WatchGuard Fireware OS iked process contains an out of bounds write vulnerability in the OS iked process. This vulnerability may allow a remote unauthenticated attac
The Botting Network
96,320 records exposed — Dates of birth, Email addresses, Passwords, Usernames
AUTOSUR
487,226 records exposed — Email addresses, Names, Phone numbers, Physical addresses and 3 more
SonicWall SMA1000 appliance
SonicWall SMA1000 Missing Authorization Vulnerability — SonicWall SMA1000 contains a missing authorization vulnerability that could allow for privilege escalation appliance management console (AMC) of affected devices.
ASUS Live Update
ASUS Live Update Embedded Malicious Code Vulnerability — ASUS Live Update contains an embedded malicious code vulnerability client were distributed with unauthorized modifications introduced through a supply chain compro
Cisco Multiple Products
Cisco Multiple Products Improper Input Validation Vulnerability — Cisco Secure Email Gateway, Secure Email, AsyncOS Software, and Web Manager appliances contains an improper input validation vulnerability that allows thr
Web Hosting Talk
515,149 records exposed — Email addresses, IP addresses, Passwords, Usernames
Fortinet Multiple Products
Fortinet Multiple Products Improper Verification of Cryptographic Signature Vulnerability — Fortinet FortiOS, FortiSwitchMaster, FortiProxy, and FortiWeb contain an improper verification of cryptographic signature vulner
Apple Multiple Products
Apple Multiple Products Use-After-Free WebKit Vulnerability — Apple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to me
Gladinet CentreStack and Triofox
Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability — Gladinet CentreStack and TrioFox contain a hardcoded cryptographic keys vulnerability for their implementation of the AES cryptoscheme. This vulne
Sierra Wireless AirLink ALEOS
Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability — Sierra Wireless AirLink ALEOS contains an unrestricted upload of file with dangerous type vulnerability. A specially crafted H
Google Chromium
Google Chromium Out of Bounds Memory Access Vulnerability — Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a c