Live disclosure tracker · updated continuously

Recent Data Breach Disclosures

Every confirmed data breach we've indexed across 5492+ incidents from healthcare, finance, technology, government, retail, and education. Sourced from Verizon DBIR, public disclosure feeds, and major security news outlets. Updated automatically.

98B+
Records Exposed
5492
Incidents
94+
Countries
+104%
Breach Velocity YoY
Browse by sector
All breaches Healthcare Finance Government Technology Retail Education Legal
Browse by year
2024 2025 2026 ★ Worst of 2026

Latest Disclosures

high · tech · May 20, 2026

Microsoft DirectX

Microsoft DirectX NULL Byte Overwrite Vulnerability — Microsoft DirectX contains a NULL byte overwrite vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow which could allow remote attackers to

View incident → Original disclosure Indexed 1 month, 2 weeks ago
critical · other · May 20, 2026

GitHub

Github, which hosts code for more than 100 million developers worldwide, confirmed the breach on social media after TeamPCP advertised stolen source code on a cybercrime forum.

View incident → Original disclosure Indexed 1 month, 2 weeks ago
medium · other · May 19, 2026

Verizon DBIR

Verizon's "2026 Data Breach Investigations Report" ("DBIR") finds that exploits are now involved in 31% of initial access for breaches, while patching lags too far behind the bad guys.

View incident → Original disclosure Indexed 1 month, 2 weeks ago
critical · retail · May 18, 2026

Public Amazon bucket

A hotel check-in system exposed over 1 million passports, IDs, and selfies online due to a misconfigured cloud storage bucket. A security lapse in the Reqrea’s Tabiq hotel check-in system exposed over 1 million pas

View incident → Original disclosure Indexed 1 month, 2 weeks ago
medium · finance · May 18, 2026

⚡ Weekly Recap: Exchange 0-Day,

Monday opens with a trust problem. A mail server flaw is under active use. A network control system was targeted. Trusted packages were poisoned. A fake model page pushed a stealer. Then came the familiar ransom claim: t

View incident → Original disclosure Indexed 1 month, 2 weeks ago
critical · government · May 18, 2026

CISA Admin Leaked AWS GovCloud

Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts a

View incident → Original disclosure Indexed 1 month, 2 weeks ago