The threat actor claiming responsibility
The threat actor claiming responsibility says they stole source code, encryption keys and more.
Every confirmed data breach we've indexed across 74935+ incidents from healthcare, finance, technology, government, retail, and education. Sourced from Verizon DBIR, public disclosure feeds, and major security news outlets. Updated automatically.
The threat actor claiming responsibility says they stole source code, encryption keys and more.
KIRO7 reports: The Washington Department of Social and Health Services (DSHS) is issuing a notice of a massive data breach that happened in March, potentially compromising the personal data of around 8,600 people. An int
Adobe ColdFusion Path Traversal Vulnerability — Adobe ColdFusion contains a path traversal vulnerability that could lead to arbitrary code execution in the context of the current user.
Joomlack Page Builder Improper Access Control Vulnerability — Joomlack Page Builder contains an improper access control vulnerability that could allow for remote code execution via unauthenticated arbitrary file upload.
Langflow Authorization Bypass Through User-Controlled Key Vulnerability — Langflow contains an authorization bypass through user-controlled key vulnerability which allows an authenticated attacker to execute any flow bel
JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability — JoomShaper SP Page Builder contains an unrestricted upload of file with dangerous type vulnerability that allows unauthenticated
IT services giant Accenture has confirmed it suffered a security breach after a threat actor claimed to have stolen 35 GB of source code and other data from the company. [...]
Chase Jordan reports an update in the litigation stemming from a 2024 breach by Hunters International. This case has raised a number of issues about standing and negligence and has been up and down in the courts, with pl
The Gentlemen ransomware underscores a challenge many CISOs face: stopping attackers after they gain an initial foothold. Researchers say the malware can spread across enterprise networks using legitimate Windows managem
The alleged victim, believed to be a small Ohio county, reportedly paid the extortion group to prevent the public release of sensitive stolen data. The post County Government Reportedly Paid $1 Million to Cyber Extortion
Carrie Tait reports: A retired lawyer is suing Alberta, its Chief Electoral Officer and two organizations that support secession for their respective roles in an alleged data breach affecting 2.9 million residents in the
A threat group researchers call "Armored Likho" has gained access to government agencies and electrical power entities in Russia, Brazil, and Kazakhstan.
Higher education has consolidated its entire academic operation into a handful of massive SaaS platforms. The LMS manages instruction, grading and communication. The SIS owns enrollment, records and financial aid. Identi
An "agentic threat actor" successfully exploited a Langflow flaw to steal data from a production database server and encrypt other systems.
A cyber risk assessment helps security teams identify, estimate, and prioritize potential threats and vulnerabilities to key enterprise digital and physical assets. Yet, despite its importance, many CISOs fall victim to
Connor Jones reports: AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing. The medical equipment company disclo
2,303,416 records exposed — Dates of birth, Email addresses, Genders, Marital statuses and 3 more
A new report from the Citizen Lab has revealed that former Member of the European Parliament Stelios Kouloglou had his mobile device repeatedly hacked with the notorious Pegasus spyware while serving on a committee that
Security firm Sysdig says it has found what it believes is the first ransomware attack run from start to finish by an AI agent. Its Threat Research Team calls the operator JADEPUFFER and says a large language
Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability — Microsoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code ove
Securonix said the Veil#Drop campaign abuses Google Blogspot to deliver PureLog Stealer in memory
Aflac Japan has notified regulators that policy details and personal and banking information have been compromised
Nissan says employees' data was stolen via the Oracle PeopleSoft zero-day campaign
Threat actors don't need any special authentication to reach a target endpoint — they just need to know where it is.