Every confirmed data breach we've indexed across 4672+ incidents from healthcare, finance, technology, government, retail, and education. Sourced from Verizon DBIR, public disclosure feeds, and major security news outlets. Updated automatically.
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability — Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code executi
106,271 records exposed — Email addresses, Social media profiles
The newly disclosed cyberattack campaign is the latest evidence of the threat end-of-life routers pose to major organizations.
Attackers compromised Internet-facing OT devices and caused file and display manipulation, operational disruption, and financial losses across sectors.
Global sporting events have become a lucrative target for criminal actors and geopolitical statements.
Hackers linked to Russia's military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign
Researchers said the hackers are compromising business process outsourcers and targeting help desk support.
An active campaign has been observed targeting internet-exposed instances running ComfyUI, a popular stable diffusion platform, to enlist them into a cryptocurrency mining and proxy botnet. "A purpose-built Python s
A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day vulnerabilities to orchestrate "high-velocity" attacks and break into susc
When talking about credential security, the focus usually lands on breach prevention. This makes sense when IBM’s 2025 Cost of a Data Breach Report puts the average cost of a breach at $4.4 million. A
By hiding malicious instructions on an attacker-controlled Web page, AI could ingest orders that appear benign but return sensitive data to the attacker's server.
An emerging threat cluster tracked as UAT-10608 is exploiting vulnerable Web-exposed Next.js apps and using an automated tool to exfiltrate credentials, secrets, and other system data.
Fortinet FortiClient EMS Improper Access Control Vulnerability — Fortinet FortiClient EMS contains an improper access control vulnerability that may allow an unauthenticated attacker to execute unauthorized code or comma
An elusive hacker who went by the handle "UNKN" and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed
1,195,684 records exposed — Email addresses
291,739 records exposed — Auth tokens, Avatars, Email addresses, Names and 2 more
TrueConf Client Download of Code Without Integrity Check Vulnerability — TrueConf Client contains a download of code without integrity check vulnerability. An attacker who is able to influence the update delivery path ca
Halcyon says Akira is now capable of carrying out an entire ransomware attack in less than an hour
This modern infostealer adopted server-side decryption of stolen credentials to bypass security controls
Google Dawn Use-After-Free Vulnerability — Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML pag
A chief medical information officer describes what hospitals face when they inevitably suffer a ransomware attack—whether it leads to short- or long-term outages.
253,510 records exposed — Device information, Email addresses, IP addresses, Names and 4 more
Phantom Stealer .NET harvests browser credentials, cookies, cards, sessions, as stealer-as-a-service
144,250 records exposed — Avatars, Display names, Email addresses