2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.
Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability — Synacor Zimbra Collaboration Suite (ZCS) contains a server-side request forgery vulnerability if WebEx zimlet installed and zimlet JSP
TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability — TeamT5 ThreatSonar Anti-Ransomware contains an unrestricted upload of file with dangerous type vulnerability. ThreatSonar
Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability — Microsoft Windows Video ActiveX Control contains a remote code execution vulnerability. An attacker could exploit the vulnerability by constr
Hudson Rock has warned OpenClaw users that infostealers are targeting their configuration files
581,877 records exposed — Device information, Email addresses, IP addresses, Names and 4 more
Google Chromium CSS Use-After-Free Vulnerability — Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulne
Dutch telco Odido has revealed a major data breach impacting over six million customers
740K customer records from Jean Coutu pharmacy division exposed in ransomware attack
623,750 records exposed — Charitable donations, Dates of birth, Email addresses, Genders and 7 more
450,764 records exposed — Email addresses, Names, Physical addresses
780K international health insurance member records exposed via insider data theft
900K patient research records exposed via compromised genomics analysis platform
1.2M SNKRS app user records exposed — sneaker purchase history and payment data stolen
1.8M taxpayer records exposed via compromised e-filing software vendor
740K enterprise customer metadata and colocation records exposed in Netscaler vulnerability exploit
780K customer records from wealth management division exposed via insider threat
1.4M citizen records from provincial health and education systems compromised
780K enterprise meeting recordings and transcripts accessed via compromised admin portal
Defense subcontractor breach exposes classified program metadata and personnel clearance records
Hundreds of thousands of users have downloaded malicious AI extensions masquerading as ChatGPT, Gemini, Grok and others, warn cybersecurity researchers at LayerX
6.2M customer records including passport and bank account numbers leaked by ShinyHunters
480K investor records from Canadian asset manager exposed via compromised fund admin portal
BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability — BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Suc
890K unemployment claimant records exposed via compromised benefits administration portal