Mytheresa
84,108 records exposed — Email addresses, Names, Partial credit card data, Phone numbers and 3 more
2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.
84,108 records exposed — Email addresses, Names, Partial credit card data, Phone numbers and 3 more
All Major LLMs Exposed to Multi-Turn Manipulation, Warn Researchers
Nx Console Embedded Malicious Code Vulnerability — Nx Console contains an embedded malicious code vulnerability that allowed a malicious version of Nx Console to be published. The compromised extension fetched an obfusca
TanStack Unspecified Vulnerability — TanStack contains an unspecified vulnerability that allowed malicious versions of the product to be published to the npm registry to publish credential-stealing malware under a truste
Daemon Tools Lite Embedded Malicious Code Vulnerability — Daemon Tools contains an unspecified vulnerability that has a high impact on confidentiality, integrity, and availability.
LiteSpeed cPanel Plugin Privilege Escalation Vulnerability — LiteSpeed cPanel Plugin contains privilege escalation vulnerability that is exposed via the user-end cPanel plugin, which can be abused by any cPanel user acco
502,597 records exposed — Email addresses, Employers, Financial transactions, Job titles and 3 more
CERT-In urges 12-hour patching of exposed flaws as AI compresses exploitation timelines
185,256 records exposed — Dates of birth, Email addresses, Names, Phone numbers and 1 more
The infostealer payload in this campaign collect a vast amount of data, from collaboration authentication keys to cryptocurrency wallets
Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published
Drupal Core SQL Injection Vulnerability — Drupal Core contains a SQL injection vulnerability that could allow for privilege escalation and remote code execution via specially crafted requests sent with the database abstr
Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability — Trend Micro Apex One (on-premise) contains a directory traversal vulnerability that could allow a pre-authenticated local attacker to modify a key tab
Langflow Origin Validation Error Vulnerability — Langflow contains an origin validation error vulnerability in which an overly permissive CORS configuration combined with a refresh token cookie configured as SameSite=Non
46,105 records exposed — Email addresses, IP addresses, Passwords, Usernames
126,293 records exposed — Dates of birth, Email addresses, Names, Passwords and 2 more
Grafana Labs has confirmed a recent data breach was caused by the TanStack supply chain attack
Microsoft DirectX NULL Byte Overwrite Vulnerability — Microsoft DirectX contains a NULL byte overwrite vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow which could allow remote attackers to
Microsoft Internet Explorer Use-After-Free Vulnerability — Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code by accessing a pointer associate
Microsoft Defender Denial of Service Vulnerability — Microsoft Defender contains an unspecified vulnerability that allows for denial of service.
Microsoft Defender Link Following Vulnerability — Microsoft Defender contains a link following vulnerability that allows an authorized attacker to elevate privileges locally.
Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability — Adobe Acrobat and Reader contain a heap-based buffer overflow vulnerability which could allow remote attackers to execute arbitrary code via a crafted P
Microsoft Internet Explorer Use-After-Free Vulnerability — Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code via vectors involving access to
Microsoft Windows Buffer Overflow Vulnerability — Microsoft Windows contains a buffer overflow vulnerability in the Windows Server Service that allows remote attackers to execute arbitrary code via a crafted RPC request