Lyft Inc.
290K driver and rider records exposed via compromised third-party background check vendor
2026 Data Breaches Year-to-Date (661 indexed)
Cerner / Oracle Health
5.9M patient records exposed after legacy Cerner migration database left unsecured on Oracle Cloud
Delta Air Lines
870K SkyMiles member records and passport data exposed via compromised CrowdStrike integration
World Leaks Ransomware Group Adds
Accenture Cybersecurity warns over difficult to detect, “sophisticated toolset” being deployed as part of extortion campaigns
SolarWinds Web Help Desk
SolarWinds Web Help Desk Security Control Bypass Vulnerability — SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted
Notepad++ Notepad++
Notepad++ Download of Code Without Integrity Check Vulnerability — Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to intercept or r
Microsoft Configuration Manager
Microsoft Configuration Manager SQL Injection Vulnerability — Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially cra
Apple Multiple Products
Apple Multiple Buffer Overflow Vulnerability — Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker w
Mastercard (EU Processing)
680K European cardholder records exposed via compromised transaction processing node
North Korean Hackers Use Deepfake
Campaign combines stolen Telegram accounts, fake Zoom calls and ClickFix attacks to deploy infostealer malware
Walgreens Boots Alliance
2.1M pharmacy patient records exposed via compromised health services vendor
Microsoft Windows
Microsoft Windows Type Confusion Vulnerability — Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
Gowling WLG
210K client records compromised via vendor
Microsoft Office
Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability — Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized
Microsoft Windows
Microsoft Windows Improper Privilege Management Vulnerability — Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privile
Microsoft Windows
Microsoft Windows Shell Protection Mechanism Failure Vulnerability — Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature ov
Microsoft Windows
Microsoft Windows NULL Pointer Dereference Vulnerability — Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
Microsoft Windows
Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability — Microsoft MSHTML Framework contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feat
“Digital Parasite” Warning as Attackers
Picus Security warns of the increasingly sophisticated ways malicious activity is staying hidden
Deutsche Telekom (Germany)
3.1M customer records accessed via compromised customer service platform
Toy Battles
1,017 records exposed — Chat logs, Email addresses, IP addresses, Usernames
Association Nationale des Premiers Secours
5,600 records exposed — Dates of birth, Email addresses, Names, Places of birth and 1 more
KU Leuven (Belgium)
190K student records exposed
SaskPower (Canada)
340K customer utility records exposed via compromised billing system vendor