Microsoft Windows
Microsoft Windows Information Disclosure Vulnerability — Microsoft Windows Desktop Windows Manager contains an information disclosure vulnerability that allows an authorized attacker to disclose information locally.
2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.
Microsoft Windows Information Disclosure Vulnerability — Microsoft Windows Desktop Windows Manager contains an information disclosure vulnerability that allows an authorized attacker to disclose information locally.
1.9M customer records stolen from payment processing system via skimming malware at warehouses
1.8M employee benefits records from Canadian health benefits platform compromised
890K patient vaccination records exposed via misconfigured COVID-era data sharing portal
Gogs Path Traversal Vulnerability — Gogs contains a path traversal vulnerability affecting improper Symbolic link handling in the PutContents API that could allow for code execution.
Client M&A deal documents and litigation files exposed via compromised document management system
6,215,150 records exposed — Display names, Email addresses, Geographic locations, Phone numbers and 1 more
75K employee records leaked by former staff to German newspaper — payroll, SSNs, complaints
APM and logging data from 340 enterprise customers exposed via compromised CI/CD pipeline
420K resident records stolen in targeted attack
450K customer records exposed in targeted attack
672,247 records exposed — Email addresses, Forum posts, Passwords, Private messages and 1 more
450K mining records compromised
450K passenger records exposed
560K automation records exposed
670K citizen records exposed
670K patient records exposed in vendor breach
2.1M patient records stolen in second cyberattack
780K banking records stolen
17.5M account records posted to BreachForums
2.3M guest records compromised in phishing campaign targeting hotels
2.1M customer records from Caribbean and Central American operations exposed
750K Canadian investors exposed — SINs, income, account statements via phishing attack
1.5M customer records compromised in second incident