Microsoft Windows
Microsoft Windows Out-of-Bounds Read Vulnerability — Microsoft Windows Common Log File System Driver contains an out-of-bounds read vulnerability that could allow a threat actor for privileges escalation
2026 Data Breaches Year-to-Date (644 indexed)
Microsoft Windows
Microsoft Windows Link Following Vulnerability — Microsoft Windows contains a link following vulnerability that allows for privilege escalation
Adobe Acrobat and Reader
Adobe Acrobat and Reader Prototype Pollution Vulnerability — Adobe Acrobat and Reader contain a prototype pollution vulnerability that allows for arbitrary code execution.
New Booking.com data breach forces
Booking.com has confirmed via a statement to BleepingComputer that it has detected unauthorized access to its systems that has exposed sensitive reservation and user data. [...]
Microsoft Exchange Server
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability — Microsoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution.
OpenAI rotates macOS certs after Axios attack
OpenAI is rotating potentially exposed macOS code-signing certificates after a GitHub Actions workflow executed a malicious Axios package during a recent supply chain attack. [...]
Hackers claim breach of Rockstar
The ShinyHunters cybercrime group has claimed responsibility for breaching systems linked to video game developer Rockstar Games, threatening to release stolen data if a ransom is not paid.
Booking.com Says Hackers Accessed User
The online travel platform has not said how many customers’ booking information was exposed, but said the issue has been contained. The post Booking.com Says Hackers Accessed User Information appeared first on SecurityW
GTA-maker Rockstar Games
Joe Tidy reports: Grand Theft Auto developer Rockstar Games has been targeted for a second time in three years by hackers. The data breach affecting the gaming giant was reported by cybersecurity news outlets on Saturday
CISOs see gaps in their
A survey by Sygnia reveals that senior-level security leaders fear they are not prepared to respond to the next cyberattack.
MN: Spring Lake Park Schools
Spring Lake Park Today reports: Spring Lake Park Schools in Minnesota were forced to close on Monday due to a suspected ransomware attack that disrupted the district’s computer systems. Local authorities are invest
Microsoft Visual Basic for Applications (VBA)
Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability — Microsoft Visual Basic for Applications (VBA) contains an insecure library loading vulnerability that could allow for remote code execution
Stolen Rockstar Games analytics data
Rockstar Games has suffered a data breach linked to a recent security incident at Anodot, with the ShinyHunters extortion gang now leaking the stolen data on its data leak site. [...]
Security Affairs newsletter Round 572
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, incl
Hack at Dutch gym chain Basic-Fit
Unknown hackers breached the systems of European gym chain Basic-Fit and downloaded personal data belonging to members across several countries, the company has announced.
Hallmark
1,736,520 records exposed — Email addresses, Names, Phone numbers, Physical addresses and 1 more
Google Chrome Update Disrupts Infostealer
Google adds Device Bound Session Credentials (DBSC) to Chrome 146, using hardware keys to block infostealer use of stolen session cookies on Windows.
ShinyHunters Claims Rockstar Games Snowflake
ShinyHunters claims access to Rockstar Games Snowflake data via Anodot breach, threatening a data leak on April 14 if ransom demands are not met.
Brockton Hospital still dealing
Yesterday, Bryan Lambert reported: Health care providers at Brockton Hospital are preparing to work off paper, not computers, for the next two weeks as the health care hub deals with an ongoing cybersecurity incident. T
Censys finds 5,219 devices exposed
Censys researchers found 5,219 exposed Rockwell PLCs online, mostly in the U.S., urging defenders to secure or disconnect them. On April 7, 2026, U.S. agencies, including FBI, CISA, and NSA, warned of Iran-linked APTs ex
industrial control devices vulnerable to
A research firm tallied the internet-exposed devices Iran is targeting and recommended mitigations for any infrastructure operator using them.
EngageLab SDK flaw opens door
A flaw in EngageLab SDK exposed up to 50M Android users, including 30M crypto wallets, letting apps bypass security and access private data. Microsoft researchers found a critical flaw in EngageSDK that lets apps bypass
Silent Ransom Group
Jones Day wasn’t the only big law firm to recently fall prey to threat actors variously known as Silent Ransom Group, Luna Moth, Chatty Spider, or UNC3753. DataBreaches will refer to them as the Silent Ransom Group
UK says it
A Russian attack submarine and vessels from the country’s Main Directorate of Deep Sea Research (GUGI) were involved in what the UK Ministry of Defence called “nefarious activity over critical undersea infrastructure els