LINKEDIN BROWSERGATE
BrowserGate claims LinkedIn secretly fingerprints users via extensions and device data, sending encrypted results to third parties for tracking. BrowserGate is an investigation conducted by Fairlinked (https://browsergat
2026 Data Breaches Year-to-Date (652 indexed)
Home security giant ADT data
The ShinyHunters extortion group stole the personal information of 5.5 million individuals after breaching the systems of home security giant ADT earlier this month, according to data breach notification service Have I B
PyPI package with 1.1M monthly downloads
An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency wallets. [...]
ShinyHunters Leaks Data of Udemy,
ShinyHunters has leaked data linked to Udemy, Zara, and 7-Eleven, with claims of exposed Salesforce records and cloud-based systems.
82 Chrome Extensions Found Selling
LayerX research finds 82 Chrome extensions collecting and selling user data, affecting at least 6.5 million users through disclosed but concerning practices.
Major critical infrastructure supplier
Itron, which makes devices that measure energy usage and control other infrastructure, said its operations were continuing, despite the intrusion.
Energy and Water Management Firm
Itron, which serves utilities and cities around the world, discovered unauthorized access to its systems on April 13. The post Energy and Water Management Firm Itron Hacked appeared first on SecurityWeek.
Widely Used Browser Extensions Selling
Dozens of browser extensions openly sell user data via privacy policy disclosures
ADT
5,488,888 records exposed — Dates of birth, Email addresses, Names, Partial government issued IDs and 2 more
BlackFile Group Targets Retail and
Researchers uncover a new data theft and extortion group dubbed “BlackFile”
Pitney Bowes
8,243,989 records exposed — Email addresses, Job titles, Names, Phone numbers and 1 more
Medtronic
Medtronic confirmed a breach of its IT systems after ShinyHunters claimed the theft of over 9 million records. Medtronic confirmed a cyberattack on its corporate IT systems after the hacker group ShinyHunters claimed to
Vidar Infostealer Spreads via Fake
New version of Vidar infostealer spreads via fake CAPTCHAs, hides in JPEG and TXT files, uses fileless attacks and steals browser, crypto wallet data.
Medtronic
Medical device giant Medtronic disclosed last week that hackers breached its network and accessed data in "certain corporate IT systems." [...]
Regulator fines Fidelity Brokerage Services
Melanie Waddell reports: William Galvin, Massachusetts’ top securities regulator, ordered Fidelity Brokerage Services on Monday to pay $1.25 million for failing to enforce appropriate cybersecurity controls that re
Udemy
1,401,259 records exposed — Email addresses, Employers, Job titles, Names and 3 more
TH: Hacker steals personal data
The Bangkok Post reports: The Council of Engineers Thailand has warned about 350,000 members their personal data was stolen when its database was hacked recently, and could be misused. Prof Amorn Pimanmas, a director in
KR: Data of 100,000 leaked
Oh Seok-min reports: Personal information of around 100,000 customers has been leaked from a golf course, prompting a police investigation, sources said Sunday. The Korean National Police Agency is probing the case after
Samsung MagicINFO 9 Server
Samsung MagicINFO 9 Server Path Traversal Vulnerability — Samsung MagicINFO 9 Server contains a path traversal vulnerability that could allow an attacker to write arbitrary files as system authority.
SimpleHelp SimpleHelp
SimpleHelp Path Traversal Vulnerability — SimpleHelp contains a path traversal vulnerability that allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip).
SimpleHelp SimpleHelp
SimpleHelp Missing Authorization Vulnerability — SimpleHelp contains a missing authorization vulnerability that could allow low-privileged technicians to create API keys with excessive permissions. These API keys can be
D-Link DIR-823X
D-Link DIR-823X Command Injection Vulnerability — D-Link DIR-823X contains a command injection vulnerability that allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to
Zimbra servers vulnerable to ongoing
Over 10,000 Zimbra Collaboration Suite (ZCS) instances exposed online are vulnerable to ongoing attacks exploiting a cross-site scripting (XSS) security flaw. [...]
UK Biobank Data Breach: Health
UK government Minister confirms that breached health records of UK Biobank volunteers were up for sale on Chinese ecommerce platforms before being removed