Apple Multiple Products
Apple Multiple Buffer Overflow Vulnerability — Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker w
2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.
Apple Multiple Buffer Overflow Vulnerability — Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker w
890K unemployment claimant records exposed via compromised benefits administration portal
SolarWinds Web Help Desk Security Control Bypass Vulnerability — SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted
870K SkyMiles member records and passport data exposed via compromised CrowdStrike integration
5.9M patient records exposed after legacy Cerner migration database left unsecured on Oracle Cloud
2.1M pharmacy patient records exposed via compromised health services vendor
Campaign combines stolen Telegram accounts, fake Zoom calls and ClickFix attacks to deploy infostealer malware
680K European cardholder records exposed via compromised transaction processing node
Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability — Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized
Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability — Microsoft MSHTML Framework contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feat
340K customer utility records exposed via compromised billing system vendor
450K patient records exposed in POS breach
1,017 records exposed — Chat logs, Email addresses, IP addresses, Usernames
3.1M customer records accessed via compromised customer service platform
670K mining operational records exposed in targeted espionage
Picus Security warns of the increasingly sophisticated ways malicious activity is staying hidden
5,600 records exposed — Dates of birth, Email addresses, Names, Places of birth and 1 more
210K client records compromised via vendor
190K student records exposed
450K customer records exposed in credential harvesting
340K employee and supply records exposed
Microsoft Windows Type Confusion Vulnerability — Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
Microsoft Windows Improper Privilege Management Vulnerability — Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privile
Microsoft Windows Shell Protection Mechanism Failure Vulnerability — Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature ov