Baydöner
1,266,822 records exposed — Dates of birth, Email addresses, Genders, Geographic locations and 5 more
Latest Disclosures
Divine Skins
105,814 records exposed — Email addresses, Purchases, Usernames
Norton Rose Fulbright (Canada)
85K client records from Canadian offices exposed via supply chain compromise
LabCorp (Quest Integration)
820K patient lab results exposed via misconfigured API following Quest Diagnostics merger
Suncorp Group (Australia)
1.4M insurance policyholder records exposed via compromised claims processing system
Toshiba (Japan)
430K employee and business partner records stolen in DarkAngels ransomware attack
Google Chromium V8
Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability — Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerabil
Google Skia
Google Skia Out-of-Bounds Write Vulnerability — Google Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerabil
California State University System
2.3M student records from 23 campuses exposed via compromised PeopleSoft instance
Adobe Inc. (Creative Cloud)
1.8M Creative Cloud subscriber records exposed via compromised customer success platform
n8n n8n
n8n Improper Control of Dynamically-Managed Code Resources Vulnerability — n8n contains an improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system that allows for
National Australia Bank
1.3M customer records stolen via compromised third-party data analytics platform
Sanofi (France)
1.2M clinical trial participant records exposed via compromised research data platform
TD Bank (Canada/US)
3.8M customer records exposed in cross-border data breach affecting Canadian and US operations
France
French small and medium businesses remained the organizations most targeted by ransomware in 2025
Compromised WordPress Sites Deliver ClickFix
Over 250 legitimate websites, including news outlets and a US Senate candidate’s official webpage, been compromised to infect visitors with infostealers, warn Rapid7 researchers
Palantir Technologies (Vendor)
Contractor laptop with cached Gotham deployment configs and access tokens compromised
ShinyHunters Targets Hundreds of Websites
Prolific ShinyHunters group claims to have stolen data from nearly 400 websites in Experience Cloud attacks
Ericsson Breach Exposes Data of
Ericsson data breach affects 15k employees/customers after third-party service provider compromise
Aon plc (Insurance)
620K policyholder records from cyber insurance division exposed in targeted attack
Omnissa Workspace One UEM
Omnissa Workspace ONE Server-Side Request Forgery — Omnissa Workspace One UEM formerly known as VMware Workspace One UEM contains a server-side request forgery (SSRF) vulnerability that could allow a malicious actor with
SolarWinds Web Help Desk
SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability — SolarWinds Web Help Desk contain a deserialization of untrusted data vulnerability in AjaxProxy that could allow an attacker to run commands on t
Ivanti Endpoint Manager (EPM)
Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability — Ivanti Endpoint Manager (EPM) contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticat
Affirm Holdings
470K buy-now-pay-later customer records including credit data exposed via vendor compromise