A threat group researchers call "Armored Likho" has gained access to
A threat group researchers call "Armored Likho" has gained access to government agencies and electrical power entities in Russia, Brazil, and Kazakhstan.
Every confirmed data breach we've indexed across 25803+ incidents from healthcare, finance, technology, government, retail, and education. Sourced from Verizon DBIR, public disclosure feeds, and major security news outlets. Updated automatically.
A threat group researchers call "Armored Likho" has gained access to government agencies and electrical power entities in Russia, Brazil, and Kazakhstan.
An "agentic threat actor" successfully exploited a Langflow flaw to steal data from a production database server and encrypt other systems.
Connor Jones reports: AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing. The medical equipment company disclo
A new report from the Citizen Lab has revealed that former Member of the European Parliament Stelios Kouloglou had his mobile device repeatedly hacked with the notorious Pegasus spyware while serving on a committee that
2,303,416 records exposed — Dates of birth, Email addresses, Genders, Marital statuses and 3 more
Security firm Sysdig says it has found what it believes is the first ransomware attack run from start to finish by an AI agent. Its Threat Research Team calls the operator JADEPUFFER and says a large language
Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability — Microsoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code ove
Aflac Japan has notified regulators that policy details and personal and banking information have been compromised
Securonix said the Veil#Drop campaign abuses Google Blogspot to deliver PureLog Stealer in memory
Threat actors don't need any special authentication to reach a target endpoint — they just need to know where it is.
Nissan says employees' data was stolen via the Oracle PeopleSoft zero-day campaign
SimpleHelp Authentication Bypass Vulnerability — SimpleHelp contains an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login
Nation-state attackers breach water systems through weak passwords, exposed PLCs, and poor segmentation — not sophisticated malware.
An attacker has exploited a zero day in Oracle Peoplesoft to gain access to the IT systems of the NAIC, the standard-setting association for the US federal insurance system
2,691,852 records exposed — Customer feedback, Email addresses, Employers, Job titles and 4 more
The UK Cyber Monitoring Centre reviews the Canvas breach affecting 160 UK universities, highlighting data theft risks and financial impacts of cyber incidents
216,601 records exposed — Email addresses, Job titles, Names, Phone numbers and 1 more
Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability — Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SM
PTC Windchill and FlexPLM Improper Input Validation Vulnerability — PTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to execute arbitrary code by
9,796,738 records exposed — Customer service records, Email addresses, Names, Phone numbers and 1 more
Customers of the affected Japanese email services are “strongly advised” to change their email passwords
Ubiquiti UniFi OS Improper Access Control Vulnerability — Ubiquiti UniFi OS contains an improper access control vulnerability which could allow a malicious actor with access to the network to make unauthorized changes to
Ubiquiti UniFi OS Path Traversal Vulnerability — Ubiquiti UniFi OS contains a path traversal vulnerability which could allow a malicious actor with access to the network to access files on the underlying system that coul
Ubiquiti UniFi OS Improper Input Validation Vulnerability — Ubiquiti UniFi OS contains an improper input validation vulnerability which could allow a malicious actor with access to the network to conduct command injectio