Live disclosure tracker · updated continuously

2026 Data Breaches Year-to-Date

2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.

98B+
Records Exposed
1188
Incidents
94+
Countries
+104%
Breach Velocity YoY
Browse by sector
All breaches Healthcare Finance Government Technology Retail Education Legal
Browse by year
2024 2025 2026 ★ Worst of 2026

2026 Data Breaches Year-to-Date (1188 indexed)

critical · tech · Jan 26, 2026

SmarterTools SmarterMail

SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability — SmarterTools SmarterMail contains an authentication bypass using an alternate path or channel vulnerability in the passwor

View incident → Original disclosure Indexed 5 months, 1 week ago
high · tech · Jan 26, 2026

Linux Kernel

Linux Kernel Integer Overflow Vulnerability — Linux Kernel contains an integer overflow vulnerability in the create_elf_tables() function which could allow an unprivileged local user with access to SUID (or otherwise pri

View incident → Original disclosure Indexed 5 months, 1 week ago
high · tech · Jan 26, 2026

GNU InetUtils

GNU InetUtils Argument Injection Vulnerability — GNU InetUtils contains an argument injection vulnerability in telnetd that could allow for remote authentication bypass via a "-f root" value for the USER environment vari

View incident → Original disclosure Indexed 5 months, 1 week ago
high · tech · Jan 26, 2026

Microsoft Office

Microsoft Office Security Feature Bypass Vulnerability — Microsoft Office contains a security feature bypass vulnerability in which reliance on untrusted inputs in a security decision in Microsoft Office could allow an u

View incident → Original disclosure Indexed 5 months, 1 week ago
high · tech · Jan 23, 2026

Broadcom VMware vCenter Server

Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability — Broadcom VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. This could allow a malicious a

View incident → Original disclosure Indexed 5 months, 1 week ago
high · tech · Jan 22, 2026

Versa Concerto

Versa Concerto Improper Authentication Vulnerability — Versa Concerto SD-WAN orchestration platform contains an improper authentication vulnerability in the Traefik reverse proxy configuration, allowing at attacker to ac

View incident → Original disclosure Indexed 5 months, 2 weeks ago
high · tech · Jan 22, 2026

Vite Vitejs

Vite Vitejs Improper Access Control Vulnerability — Vite Vitejs contains an improper access control vulnerability that exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposi

View incident → Original disclosure Indexed 5 months, 2 weeks ago
high · tech · Jan 22, 2026

Prettier eslint-config-prettier

Prettier eslint-config-prettier Embedded Malicious Code Vulnerability — Prettier eslint-config-prettier contains an embedded malicious code vulnerability. Installing an affected package executes an install.js file that l

View incident → Original disclosure Indexed 5 months, 2 weeks ago