BridgePay Confirms Ransomware Attack, No
The services of Florida-based payments platform BridgePay are offline due to a ransomware attack
Technology & Software Data Breaches (1270 indexed)
ServiceNow ITSM Platform
620K enterprise workflow configurations exposed via compromised instance admin accounts
Fortinet (Security Vendor)
440K customer records from FortiGate management portal exposed via zero-day authentication bypass
Substack
697K subscriber records exposed — email addresses, phone numbers, internal metadata
Substack
663,121 records exposed — Email addresses, Phone numbers
Kinaxis (Ottawa)
210K enterprise supply chain records exposed
Confluent
180K streaming platform records exposed
React Native Community CLI
React Native Community CLI OS Command Injection Vulnerability — React Native Community CLI contains an OS command injection vulnerability which could allow unauthenticated network attackers to send POST requests to the M
SmarterTools SmarterMail
SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability — SmarterTools SmarterMail contains a missing authentication for critical function vulnerability in the ConnectToHub API method. This co
Vibe-Coded Moltbook Exposes User Data,
Wiz Security claims Moltbook misconfiguration allowed full read and write access
ServiceNow
1.7M ITSM records from enterprise customers exposed via zero-day in Washington DC instance
Sangoma FreePBX
Sangoma FreePBX Improper Authentication Vulnerability — Sangoma FreePBX contains an improper authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access services
SolarWinds Web Help Desk
SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability — SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could lead to remote code execution, which would allow a
Sangoma FreePBX
Sangoma FreePBX OS Command Injection Vulnerability — Sangoma FreePBX Endpoint Manager contains an OS command injection vulnerability that could allow for a post-authentication command injection by an authenticated known
GitLab Community and Enterprise Editions
GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability — GitLab Community and Enterprise Editions contain a server-side request forgery vulnerability which could allow unauthorized exte
Infosys (India)
6.5M client records from BPO division exposed via compromised McCamish Systems subsidiary
Singtel (Singapore)
1.8M customer records exfiltrated from subsidiary Optus-linked systems via shared infrastructure
Ivanti Endpoint Manager Mobile (EPMM)
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability — Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code executi
Fortinet Multiple Products
Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability — Fortinet FortiAnalyzer, FortiManager, FortiOS, and FortiProxy contain an authentication bypass using an alternate path o
GitHub Enterprise Cloud
14M private repository metadata records exposed via OAuth app token leakage
SoundCloud
29,815,722 records exposed — Avatars, Email addresses, Geographic locations, Names and 2 more
Uber Technologies (2026)
570K driver records including SSNs and banking details accessed via compromised HR system
SmarterTools SmarterMail
SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability — SmarterTools SmarterMail contains an authentication bypass using an alternate path or channel vulnerability in the passwor
Linux Kernel
Linux Kernel Integer Overflow Vulnerability — Linux Kernel contains an integer overflow vulnerability in the create_elf_tables() function which could allow an unprivileged local user with access to SUID (or otherwise pri