2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.
Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability — Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that could allow attackers to execute arbitrary JavaScr
Vercel confirmed suffering a breach after a hacker claiming to be part of ShinyHunters offered to sell stolen data for $2 million. The post Next.js Creator Vercel Hacked appeared first on SecurityWeek.
Stolen OAuth tokens, which are at the root of these breaches, "are the new attack surface, the new lateral movement," a researcher noted.
Alberto Payo reports: A cybersecurity company based in Mexico, BePrime, was reportedly the victim of a cyberattack that allegedly resulted in the leak of 12.6 GB of data and access to network infrastructure and video sur
PaperCut NG/MF Improper Authentication Vulnerability — PaperCut NG/MF contains an improper authentication vulnerability that could allow remote attackers to bypass authentication on affected installations via the Securit
A cyberattack targeting a French government website used to manage identity documents and driver’s licenses may have exposed users’ personal data, the Interior Ministry said.
Tyler Buchanan, linked to Scattered Spider, pleaded guilty in the US to hacking companies and stealing millions in cryptocurrency. Tyler Buchanan, a 24-year-old from Scotland linked to the Scattered Spider group, admitte
The Seiko USA website was defaced over the weekend, displaying a message from attackers claiming they stole its Shopify customer database and threatening to leak it unless a ransom is paid. [...]
Vercel suffered a breach after a hacked Context.ai tool exposed an employee account, letting attackers access limited internal systems and non-sensitive data. Vercel reported a security breach caused by the compromise of
Kentico Xperience Path Traversal Vulnerability — Kentico Xperience contains a path traversal vulnerability that could allow an authenticated user's Staging Sync Server to upload arbitrary data to path relative locations.
Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability — Cisco Catalyst SD-WAN Manager contains a storing passwords in a recoverable format vulnerability that allows an authenticated, local
Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability — Quest KACE Systems Management Appliance (SMA) contains an improper authentication vulnerability that could allow attackers to imperson
Dysruption Hub reports: Minidoka Memorial Hospital in Rupert, Idaho, said a cyber incident on Easter morning, April 5, limited imaging services and led to some emergency patient transfers, though the hospital and its cli
A SystemBC proxy malware botnet of more than 1,570 hosts, believed to be corporate victims, has been discovered following an investigation into a Gentlemen ransomware attack carried out by a gang affiliate. [...]
JetBrains TeamCity Relative Path Traversal Vulnerability — JetBrains TeamCity contains a relative path traversal vulnerability that could allow limited admin actions to be performed.
Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability — Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs vulnerability due to improper file handling on the API interface o
Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability — Cisco Catalyst SD-WAN Manager contains an exposure of sensitive information to an unauthorized actor vulnerability
Long-term follow-ups are important, and DataBreaches is glad that Alexander Martin points out that at least one NHS Trust is still impacted by the Qilin ransomware attack on Synnovis in 2024. From his reporting: At South
Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems and are attempting to sell stolen data. [...]
There’s an update to a lawsuit involving Blue Cross Blue Shield of Montana’s parent company, HCSC, and Montana’s state auditor. As previously reported, after BCBSMT notified the state of the Conduent br
2,147,679 records exposed — Email addresses, Names, Physical addresses, Support tickets
More than 18 months after a ransomware attack disrupted care at hospitals in South East London, documents show at least one NHS trust is still working without fully restored systems and managing large backlogs of delayed
Threat actors are exploiting three recently disclosed Windows security vulnerabilities in attacks aimed at gaining SYSTEM or elevated administrator permissions. [...]
23-year-old Kamerin Stokes of Memphis, Tennessee, was sentenced to 30 months in prison for selling access to tens of thousands of hacked DraftKings accounts. [...]