Microsoft SharePoint
Microsoft SharePoint Deserialization of Untrusted Data Vulnerability — Microsoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network.
2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.
Microsoft SharePoint Deserialization of Untrusted Data Vulnerability — Microsoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network.
Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability — Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability in the Classic UI where attackers could abuse Cascading
1.1M enterprise customer support records accessed via compromised Aruba Networks portal
ShieldGuard Chrome extension posed as a crypto security tool but stole wallets and drained user data
1.1M shipping records and customs declarations exposed via unsecured S3 bucket
950K address and package tracking records exposed via third-party logistics vendor breach
Wing FTP Server Information Disclosure Vulnerability — Wing FTP Server contains a generation of error message containing sensitive information vulnerability when using a long value in the UID cookie.
2.8M pharmacy customer records exposed via compromised drug distribution platform
1.5M merchant processing records exposed via compromised internal dashboard access
105,814 records exposed — Email addresses, Purchases, Usernames
1,266,822 records exposed — Dates of birth, Email addresses, Genders, Geographic locations and 5 more
890K employee and client records exposed via compromised email system in phishing campaign
85K client records from Canadian offices exposed via supply chain compromise
820K patient lab results exposed via misconfigured API following Quest Diagnostics merger
1.4M insurance policyholder records exposed via compromised claims processing system
Google Skia Out-of-Bounds Write Vulnerability — Google Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerabil
Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability — Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerabil
430K employee and business partner records stolen in DarkAngels ransomware attack
2.3M student records from 23 campuses exposed via compromised PeopleSoft instance
1.8M Creative Cloud subscriber records exposed via compromised customer success platform
1.3M customer records stolen via compromised third-party data analytics platform
Over 250 legitimate websites, including news outlets and a US Senate candidate’s official webpage, been compromised to infect visitors with infostealers, warn Rapid7 researchers
French small and medium businesses remained the organizations most targeted by ransomware in 2025
1.2M clinical trial participant records exposed via compromised research data platform