CTT
468,124 records exposed — Email addresses, Names, Phone numbers
2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.
468,124 records exposed — Email addresses, Names, Phone numbers
34,532,941 records exposed — Age groups, Credit scores, Device information, Email addresses and 9 more
Microsoft Exchange Server Cross-Site Scripting Vulnerability — Microsoft Exchange Server contains a cross-site scripting vulnerability during web page generation in Outlook Web Access and when certain interaction conditi
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability — Cisco Catalyst SD-WAN Controller & Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass a
711,099 records exposed — Email addresses, Employers, Job titles, Names and 2 more
237,810 records exposed — Email addresses, Job titles, Names, Phone numbers and 3 more
Instructure says it reached an agreement with ShinyHunters over the Canvas breach data
310,431 records exposed — Email addresses, Job titles, Names, Phone numbers and 2 more
HiddenLayer reveals infostealer malware in a Hugging Face repository
The ICO has fined South Staffordshire Water nearly £1m for a series of data protection failings
ShinyHunters has escalated its Canvas extortion campaign, defacing hundreds of school login pages and threatening to leak stolen data unless institutions negotiate
ShinyHunters gets away with emails and other data on 200,000 Zara customers
197,376 records exposed — Email addresses, Geographic locations, Purchases, Support tickets
ACSC warns over a campaign targeting organizations which uses ClickFix to deliver Vidar infostealer malware
BerriAI LiteLLM SQL Injection Vulnerability — BerriAI LiteLLM contains a SQL injection vulnerability that allows an attacker to read data from the proxy's database and potentially modify it, leading to unauthorized acces
Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability — Ivanti Endpoint Manager Mobile (EPMM) contains an improper input validation vulnerability that allows a remotely authenticated user with adm
447,593 records exposed — Email addresses, Names, Phone numbers, Physical addresses
10,144 records exposed — Email addresses, Names, Passwords, Purchases
Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability — Palo Alto Networks PAN-OS contains an out-of-bounds write vulnerability in the User-ID Authentication Portal (aka Captive Portal) service that can allow an un
Rapid7 reveals an Iranian false flag operation masquerading as a Chaos ransomware attack
ISACA report warns that while AI has become the norm, many organizations are yet to formally apply safety or security policies around its use
119,167 records exposed — Email addresses, Names
1,837,078 records exposed — Email addresses, Employers, Job titles, Names and 2 more
5,118,184 records exposed — Email addresses, Names, Phone numbers