Vibe-Coded Moltbook Exposes User Data,
Wiz Security claims Moltbook misconfiguration allowed full read and write access
2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.
Wiz Security claims Moltbook misconfiguration allowed full read and write access
SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability — SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could lead to remote code execution, which would allow a
6.5M client records from BPO division exposed via compromised McCamish Systems subsidiary
1.8M patient records exposed in supply chain attack
290K patient records stolen
3.3M employee records — background screening provider
450K resident records compromised in vendor breach
1.4M merchant records compromised in insider incident
1.5M postal banking records exposed
340K patient records compromised
5,112,502 records exposed — Email addresses, Names, Phone numbers, Physical addresses
1.8M customer records exfiltrated from subsidiary Optus-linked systems via shared infrastructure
1.4M member pharmacy and benefits records accessed via compromised business associate
210K employee records and joint venture data compromised via compromised collaboration platform
2.1M citizen records from drivers license and health card renewal system compromised
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability — Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code executi
620K patient medical device registration records exposed via compromised portal
890K customer credit applications and RedCard data exposed via compromised credit processor
1.8M customer records from private banking division exposed via compromised document management
860K Everyday Rewards member records exposed via supply chain software vulnerability
14M private repository metadata records exposed via OAuth app token leakage
29,815,722 records exposed — Avatars, Email addresses, Geographic locations, Names and 2 more
Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability — Fortinet FortiAnalyzer, FortiManager, FortiOS, and FortiProxy contain an authentication bypass using an alternate path o
SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability — SmarterTools SmarterMail contains an unrestricted upload of file with dangerous type vulnerability that could allow an unauthentica