Lyft Inc.
290K driver and rider records exposed via compromised third-party background check vendor
Technology & Software Data Breaches (1095 indexed)
Microsoft Windows
Microsoft Windows Type Confusion Vulnerability — Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
Microsoft Windows
Microsoft Windows Shell Protection Mechanism Failure Vulnerability — Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature ov
Microsoft Office
Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability — Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized
Microsoft Windows
Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability — Microsoft MSHTML Framework contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feat
Deutsche Telekom (Germany)
3.1M customer records accessed via compromised customer service platform
Microsoft Windows
Microsoft Windows Improper Privilege Management Vulnerability — Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privile
Microsoft Windows
Microsoft Windows NULL Pointer Dereference Vulnerability — Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
Toy Battles
1,017 records exposed — Chat logs, Email addresses, IP addresses, Usernames
BridgePay Confirms Ransomware Attack, No
The services of Florida-based payments platform BridgePay are offline due to a ransomware attack
ServiceNow ITSM Platform
620K enterprise workflow configurations exposed via compromised instance admin accounts
Fortinet (Security Vendor)
440K customer records from FortiGate management portal exposed via zero-day authentication bypass
Substack
697K subscriber records exposed — email addresses, phone numbers, internal metadata
Kinaxis (Ottawa)
210K enterprise supply chain records exposed
SmarterTools SmarterMail
SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability — SmarterTools SmarterMail contains a missing authentication for critical function vulnerability in the ConnectToHub API method. This co
Confluent
180K streaming platform records exposed
React Native Community CLI
React Native Community CLI OS Command Injection Vulnerability — React Native Community CLI contains an OS command injection vulnerability which could allow unauthenticated network attackers to send POST requests to the M
Vibe-Coded Moltbook Exposes User Data,
Wiz Security claims Moltbook misconfiguration allowed full read and write access
GitLab Community and Enterprise Editions
GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability — GitLab Community and Enterprise Editions contain a server-side request forgery vulnerability which could allow unauthorized exte
SolarWinds Web Help Desk
SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability — SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could lead to remote code execution, which would allow a
ServiceNow
1.7M ITSM records from enterprise customers exposed via zero-day in Washington DC instance
Sangoma FreePBX
Sangoma FreePBX OS Command Injection Vulnerability — Sangoma FreePBX Endpoint Manager contains an OS command injection vulnerability that could allow for a post-authentication command injection by an authenticated known
Sangoma FreePBX
Sangoma FreePBX Improper Authentication Vulnerability — Sangoma FreePBX contains an improper authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access services
Infosys (India)
6.5M client records from BPO division exposed via compromised McCamish Systems subsidiary