Every confirmed data breach we've indexed across 4681+ incidents from healthcare, finance, technology, government, retail, and education. Sourced from Verizon DBIR, public disclosure feeds, and major security news outlets. Updated automatically.
Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability — Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that could allow attackers to execute arbitrary JavaScr
JetBrains TeamCity Relative Path Traversal Vulnerability — JetBrains TeamCity contains a relative path traversal vulnerability that could allow limited admin actions to be performed.
Long-term follow-ups are important, and DataBreaches is glad that Alexander Martin points out that at least one NHS Trust is still impacted by the Qilin ransomware attack on Synnovis in 2024. From his reporting: At South
Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems and are attempting to sell stolen data. [...]
There’s an update to a lawsuit involving Blue Cross Blue Shield of Montana’s parent company, HCSC, and Montana’s state auditor. As previously reported, after BCBSMT notified the state of the Conduent br
Cisco admins are scrambling to patch a critical flash memory overflow vulnerability in over 200 Cisco Systems IOS XE-based models of wireless access points (APs), caused by a recent flawed software update. If the issu
More than 18 months after a ransomware attack disrupted care at hospitals in South East London, documents show at least one NHS trust is still working without fully restored systems and managing large backlogs of delayed
Operation PowerOFF shut down 53 DDoS-for-hire domains, arrested four suspects, and exposed data on over 3 million criminal user accounts. Operation PowerOFF is an international law enforcement action that dismantled 53 d
A DraftKings hacker got 30 months in prison for selling stolen credentials and must pay over $1.4 million in fines and restitution. Kamerin Stokes, 23, from Memphis (aka TheMFNPlug), received a 30-month prison sentence f
Alexander Martin reports: A 16-year-old boy has been arrested in Northern Ireland after a cyberattack disrupted access to educational systems used by potentially hundreds of thousands of students. The boy, who has not be
An indirect prompt injection could be chained with a sandbox bypass and Cursor’s remote tunnel feature for shell access to machines. The post Cursor AI Vulnerability Exposed Developer Devices appeared first on SecurityWe
Hackers spread CGrabber and Direct-Sys malware through GitHub ZIP files, bypassing security tools to steal passwords, crypto wallets, and user data.
23-year-old Kamerin Stokes of Memphis, Tennessee, was sentenced to 30 months in prison for selling access to tens of thousands of hacked DraftKings accounts. [...]
Google this week announced a new set of Play policy updates to strengthen user privacy and protect businesses against fraud, even as it revealed it blocked or removed over 8.3 billion ads globally and suspended 24.9 mill
2,147,679 records exposed — Email addresses, Names, Physical addresses, Support tickets
Threat actors are exploiting three recently disclosed Windows security vulnerabilities in attacks aimed at gaining SYSTEM or elevated administrator permissions. [...]
DataBreaches missed this one, but The Daily Hodl didn’t. They reported on March 31: A US state tax agency has placed taxpayers’ personal info at risk by missing an extended data breach that lasted 18 months. The Ok
13,500,136 records exposed — Email addresses, Names, Phone numbers, Physical addresses
Ox Security claims as many as 200,000 servers are exposed by newly discovered MCP vulnerability
Cookeville Regional Medical Center was targeted last year by the Rhysida ransomware group, which stole 500GB of data. The post Data Breach at Tennessee Hospital Affects 337,000 appeared first on SecurityWeek.
Tennessee's CRMC notifies over 337,000 patients of Rhysida ransomware breach exposing sensitive data
Apache ActiveMQ Improper Input Validation Vulnerability — Apache ActiveMQ contains an improper input validation vulnerability that allows for code injection.
Sweden says a pro-Russian group attacked a heating plant in 2025. The failed cyberattack highlights growing threats to Europe’s energy infrastructure. Sweden has blamed a pro-Russian group linked to Russian intelligence
Kenna Hughes-Castleberry reports: Nine Mexican government agencies were hacked in an artificial intelligence (AI)-driven cyber campaign between December 2025 and mid-February 2026 in what researchers have said should