Every confirmed data breach we've indexed across 4489+ incidents from healthcare, finance, technology, government, retail, and education. Sourced from Verizon DBIR, public disclosure feeds, and major security news outlets. Updated automatically.
Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability — Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability in the Classic UI where attackers could abuse Cascading
Microsoft SharePoint Deserialization of Untrusted Data Vulnerability — Microsoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network.
1.1M shipping records and customs declarations exposed via unsecured S3 bucket
Wing FTP Server Information Disclosure Vulnerability — Wing FTP Server contains a generation of error message containing sensitive information vulnerability when using a long value in the UID cookie.
950K address and package tracking records exposed via third-party logistics vendor breach
2.8M pharmacy customer records exposed via compromised drug distribution platform
890K employee and client records exposed via compromised email system in phishing campaign
1,266,822 records exposed — Dates of birth, Email addresses, Genders, Geographic locations and 5 more
105,814 records exposed — Email addresses, Purchases, Usernames
1.5M merchant processing records exposed via compromised internal dashboard access
85K client records from Canadian offices exposed via supply chain compromise
1.4M insurance policyholder records exposed via compromised claims processing system
820K patient lab results exposed via misconfigured API following Quest Diagnostics merger
Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability — Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerabil
Google Skia Out-of-Bounds Write Vulnerability — Google Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerabil
430K employee and business partner records stolen in DarkAngels ransomware attack
1.8M Creative Cloud subscriber records exposed via compromised customer success platform
2.3M student records from 23 campuses exposed via compromised PeopleSoft instance
3.8M customer records exposed in cross-border data breach affecting Canadian and US operations
1.2M clinical trial participant records exposed via compromised research data platform
Over 250 legitimate websites, including news outlets and a US Senate candidate’s official webpage, been compromised to infect visitors with infostealers, warn Rapid7 researchers
1.3M customer records stolen via compromised third-party data analytics platform
French small and medium businesses remained the organizations most targeted by ransomware in 2025
n8n Improper Control of Dynamically-Managed Code Resources Vulnerability — n8n contains an improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system that allows for