Low-Skilled Cybercriminals Use AI to
Unit 42 researchers observed a low-skilled threat actor using an LLM to script a professional extortion strategy, complete with deadlines and pressure tactics
2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.
Unit 42 researchers observed a low-skilled threat actor using an LLM to script a professional extortion strategy, complete with deadlines and pressure tactics
Hudson Rock has warned OpenClaw users that infostealers are targeting their configuration files
780K international health insurance member records exposed via insider data theft
450,764 records exposed — Email addresses, Names, Physical addresses
Dutch telco Odido has revealed a major data breach impacting over six million customers
623,750 records exposed — Charitable donations, Dates of birth, Email addresses, Genders and 7 more
740K customer records from Jean Coutu pharmacy division exposed in ransomware attack
1.8M taxpayer records exposed via compromised e-filing software vendor
1.2M SNKRS app user records exposed — sneaker purchase history and payment data stolen
740K enterprise customer metadata and colocation records exposed in Netscaler vulnerability exploit
900K patient research records exposed via compromised genomics analysis platform
780K enterprise meeting recordings and transcripts accessed via compromised admin portal
1.4M citizen records from provincial health and education systems compromised
780K customer records from wealth management division exposed via insider threat
480K investor records from Canadian asset manager exposed via compromised fund admin portal
BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability — BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Suc
Hundreds of thousands of users have downloaded malicious AI extensions masquerading as ChatGPT, Gemini, Grok and others, warn cybersecurity researchers at LayerX
Defense subcontractor breach exposes classified program metadata and personnel clearance records
6.2M customer records including passport and bank account numbers leaked by ShinyHunters
Microsoft Configuration Manager SQL Injection Vulnerability — Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially cra
890K unemployment claimant records exposed via compromised benefits administration portal
5.9M patient records exposed after legacy Cerner migration database left unsecured on Oracle Cloud
SolarWinds Web Help Desk Security Control Bypass Vulnerability — SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted
870K SkyMiles member records and passport data exposed via compromised CrowdStrike integration