LexisNexis Legal & Professional
Customer metadata and business information accessed
View incident → Indexed 1 month ago
2026 Data Breaches Year-to-Date (645 indexed)
F5 BIG-IP
F5 BIG-IP Stack-Based Buffer Overflow Vulnerability — F5 BIG-IP APM contains a stack-based buffer overflow vulnerability that could allow a threat actor to achieve remote code execution.
HungerRush
Restaurant POS system breach, customer emails exposed
View incident → Indexed 1 month ago
CIRO (Canadian Investment)
750K Canadian investors' SINs and financial information
View incident → Indexed 1 month ago
BreachForums Version 5
339,778 records exposed — Email addresses, Passwords, Usernames
Infutor (US Data Broker)
676.8M US citizens' personal records including SSNs, names, addresses, birth dates
View incident → Indexed 1 month ago
North Texas Behavioral Health Authority
284,525 patient records with clinical information
View incident → Indexed 1 month ago
Kaplan North America
192K+ student records with SSNs, birth dates, driver licenses
View incident → Indexed 1 month ago
Figure Technology Solutions
967K user accounts with names, birth dates, addresses, phone numbers
View incident → Indexed 1 month ago
Sears Home Services
3.7M chat logs and 1.4M audio files exposed containing PII from AI chatbot
View incident → Indexed 1 month ago
Aquasecurity Trivy
Aquasecurity Trivy Embedded Malicious Code Vulnerability — Aquasecurity Trivy contains an embedded malicious code vulnerability that could allow an attacker to gain access to everything in the CI/CD environment, includin
Sound Radix
292,993 records exposed — Email addresses, Names, Passwords
Scuf Gaming
128,683 records exposed — Display names, Email addresses, IP addresses, Passwords and 1 more
Langflow Langflow
Langflow Code Injection Vulnerability — Langflow contains a code injection vulnerability that could allow building public flows without requiring authentication.
Northrop Grumman (Vendor)
Defense program documents and 180K employee records exposed via subcontractor email compromise
CGI Group (Canada)
420K government contract records from Canadian IT services firm exposed in supply chain attack
‘CanisterWorm’ Springs Wiper Attack Targeting
A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Ir
Lululemon Athletica
340K customer records from loyalty program and online orders exposed via web app vulnerability
Trivy Supply Chain Attack Expands
New Trivy Docker images 0.69.5 and 0.69.6 compromised with TeamPCP infostealer, impacting CI/CD scans
RuneScape Boards
222,762 records exposed — Email addresses, IP addresses, Passwords, Usernames
SAP SE (Cloud)
1.6M enterprise customer records from S/4HANA Cloud exposed via authentication bypass
UK Ministry of Defence
272K armed forces personnel payroll records exposed via compromised third-party payroll system
Oracle Cloud (Customer Tenants)
6M records from 140K+ tenants allegedly accessed via authentication bypass in legacy systems