SimpleHelp SimpleHelp
SimpleHelp Authentication Bypass Vulnerability — SimpleHelp contains an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login
2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.
SimpleHelp Authentication Bypass Vulnerability — SimpleHelp contains an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login
An attacker has exploited a zero day in Oracle Peoplesoft to gain access to the IT systems of the NAIC, the standard-setting association for the US federal insurance system
Nation-state attackers breach water systems through weak passwords, exposed PLCs, and poor segmentation — not sophisticated malware.
2,691,852 records exposed — Customer feedback, Email addresses, Employers, Job titles and 4 more
216,601 records exposed — Email addresses, Job titles, Names, Phone numbers and 1 more
The UK Cyber Monitoring Centre reviews the Canvas breach affecting 160 UK universities, highlighting data theft risks and financial impacts of cyber incidents
PTC Windchill and FlexPLM Improper Input Validation Vulnerability — PTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to execute arbitrary code by
Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability — Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SM
Customers of the affected Japanese email services are “strongly advised” to change their email passwords
9,796,738 records exposed — Customer service records, Email addresses, Names, Phone numbers and 1 more
Lantronix EDS5000 Code Injection Vulnerability — Lantronix EDS5000 contains a code injection vulnerability that could allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are exe
Ubiquiti UniFi OS Improper Input Validation Vulnerability — Ubiquiti UniFi OS contains an improper input validation vulnerability which could allow a malicious actor with access to the network to conduct command injectio
Two men pleaded guilty in the United Kingdom this week to criminal charges stemming from an August 2024 cyberattack that crippled Transport for London, the entity responsible for the public transport network in the Great
Ubiquiti UniFi OS Improper Access Control Vulnerability — Ubiquiti UniFi OS contains an improper access control vulnerability which could allow a malicious actor with access to the network to make unauthorized changes to
Ubiquiti UniFi OS Path Traversal Vulnerability — Ubiquiti UniFi OS contains a path traversal vulnerability which could allow a malicious actor with access to the network to access files on the underlying system that coul
368,418 records exposed — Dates of birth, Email addresses, Government issued IDs, Job titles and 4 more
Splunk Enterprise Missing Authentication for Critical Function Vulnerability — Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create o
248,235 records exposed — Email addresses, Employers, Job titles, Names and 2 more
139,903 records exposed — Age groups, Email addresses, Genders, Names and 1 more
Widget Factory Joomla Content Editor Improper Access Control Vulnerability — Widget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload and execution of PHP code v
305,216 records exposed — Email addresses, Employers, Names, Phone numbers and 1 more
How the Anubis ransomware group stole and leaked an Italian Adriatic port authority's data
137,123 records exposed — Email addresses, Employers, Job titles, Names and 4 more
LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability — LiteSpeed cPanel plugin contains a UNIX symbolic link (Symlink) following vulnerability that could allow a user with FTP or web shell access