City of Toronto
890K resident records from municipal services portal exposed in CL0P supply chain attack
Latest Disclosures
Synacor Zimbra Collaboration Suite (ZCS)
Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability — Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability in the Classic UI where attackers could abuse Cascading
Aura
903,080 records exposed — Customer service comments, Email addresses, IP addresses, Names and 2 more
FedEx Corporation
1.1M shipping records and customs declarations exposed via unsecured S3 bucket
McKesson Corporation
2.8M pharmacy customer records exposed via compromised drug distribution platform
Canada Post
950K address and package tracking records exposed via third-party logistics vendor breach
Wing FTP Server Wing FTP Server
Wing FTP Server Information Disclosure Vulnerability — Wing FTP Server contains a generation of error message containing sensitive information vulnerability when using a long value in the UID cookie.
Wipro Technologies (India)
890K employee and client records exposed via compromised email system in phishing campaign
Stripe Inc. (Merchant Data)
1.5M merchant processing records exposed via compromised internal dashboard access
Baydöner
1,266,822 records exposed — Dates of birth, Email addresses, Genders, Geographic locations and 5 more
Divine Skins
105,814 records exposed — Email addresses, Purchases, Usernames
Norton Rose Fulbright (Canada)
85K client records from Canadian offices exposed via supply chain compromise
LabCorp (Quest Integration)
820K patient lab results exposed via misconfigured API following Quest Diagnostics merger
Suncorp Group (Australia)
1.4M insurance policyholder records exposed via compromised claims processing system
Toshiba (Japan)
430K employee and business partner records stolen in DarkAngels ransomware attack
Google Chromium V8
Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability — Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerabil
Google Skia
Google Skia Out-of-Bounds Write Vulnerability — Google Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerabil
California State University System
2.3M student records from 23 campuses exposed via compromised PeopleSoft instance
Adobe Inc. (Creative Cloud)
1.8M Creative Cloud subscriber records exposed via compromised customer success platform
n8n n8n
n8n Improper Control of Dynamically-Managed Code Resources Vulnerability — n8n contains an improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system that allows for
National Australia Bank
1.3M customer records stolen via compromised third-party data analytics platform
Sanofi (France)
1.2M clinical trial participant records exposed via compromised research data platform
TD Bank (Canada/US)
3.8M customer records exposed in cross-border data breach affecting Canadian and US operations
France
French small and medium businesses remained the organizations most targeted by ransomware in 2025