Province of Nova Scotia
580K citizen records from health and education systems exposed via MOVEit successor exploit
Latest Disclosures
Government of Alberta
920K citizen records from provincial MyAlberta Digital ID system exposed
Apple Multiple Products
Apple Multiple Products Buffer Overflow Vulnerability — Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted web con
Air Canada (2026)
1.4M Aeroplan member records compromised including travel history and passport data
Apple Multiple Products
Apple Multiple Products Improper Locking Vulnerability — Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability that could allow a malicious application to cause unexpected change
Feds Disrupt IoT Botnets Behind
The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million hacked Internet of Things (IoT)
Craft CMS Craft CMS
Craft CMS Code Injection Vulnerability — Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code.
Laravel Livewire
Laravel Livewire Code Injection Vulnerability — Laravel Livewire contain a code injection vulnerability that could allow unauthenticated attackers to achieve remote command execution in specific scenarios.
Apple Multiple Products
Apple Multiple Products Classic Buffer Overflow Vulnerability — Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain a classic buffer overflow vulnerability which could allow a malicious application to cause une
Cisco Secure Firewall Management Center (FMC)
Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability — Cisco Secure Firewall Management Center (FMC) Software a
Cleveland Clinic (Vendor)
950K patient appointment and billing records exposed via compromised scheduling vendor
Palo Alto Networks (Vendor)
Customer firewall configurations and 280K support records exposed via compromised support portal
Microsoft SharePoint
Microsoft SharePoint Deserialization of Untrusted Data Vulnerability — Microsoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network.
Hewlett Packard Enterprise
1.1M enterprise customer support records accessed via compromised Aruba Networks portal
Aura
903,080 records exposed — Customer service comments, Email addresses, IP addresses, Names and 2 more
Crypto Scam "ShieldGuard" Dismantled After
ShieldGuard Chrome extension posed as a crypto security tool but stole wallets and drained user data
City of Toronto
890K resident records from municipal services portal exposed in CL0P supply chain attack
Synacor Zimbra Collaboration Suite (ZCS)
Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability — Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability in the Classic UI where attackers could abuse Cascading
FedEx Corporation
1.1M shipping records and customs declarations exposed via unsecured S3 bucket
McKesson Corporation
2.8M pharmacy customer records exposed via compromised drug distribution platform
Canada Post
950K address and package tracking records exposed via third-party logistics vendor breach
Wing FTP Server Wing FTP Server
Wing FTP Server Information Disclosure Vulnerability — Wing FTP Server contains a generation of error message containing sensitive information vulnerability when using a long value in the UID cookie.
Wipro Technologies (India)
890K employee and client records exposed via compromised email system in phishing campaign
Stripe Inc. (Merchant Data)
1.5M merchant processing records exposed via compromised internal dashboard access