GitLab GitLab
GitLab Server-Side Request Forgery (SSRF) Vulnerability — GitLab contains a server-side request forgery (SSRF) vulnerability when requests to the internal network for webhooks are enabled.
Latest Disclosures
Dell RecoverPoint for Virtual Machines (RP4VMs)
Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability — Dell RecoverPoint for Virtual Machines (RP4VMs) contains an use of hard-coded credentials vulnerability that could allow an un
CIBC (Canada)
1.2M customer records compromised via third-party mortgage processing vendor
Adidas (Third-Party Breach)
815K customer records stolen from third-party licensing partner — second breach in a year
Figure
967,178 records exposed — Dates of birth, Email addresses, Names, Phone numbers and 1 more
Microsoft Windows
Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability — Microsoft Windows Video ActiveX Control contains a remote code execution vulnerability. An attacker could exploit the vulnerability by constr
Low-Skilled Cybercriminals Use AI to
Unit 42 researchers observed a low-skilled threat actor using an LLM to script a professional extortion strategy, complete with deadlines and pressure tactics
Rolls-Royce Holdings
280K employee and defense contract records from engine division exposed in supply chain attack
Canada Goose
581,877 records exposed — Device information, Email addresses, IP addresses, Names and 4 more
NEC Corporation (Japan)
540K defense contractor employee records and project data accessed over multi-year intrusion
Synacor Zimbra Collaboration Suite
Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability — Synacor Zimbra Collaboration Suite (ZCS) contains a server-side request forgery vulnerability if WebEx zimlet installed and zimlet JSP
Infostealer Targets OpenClaw to Loot
Hudson Rock has warned OpenClaw users that infostealers are targeting their configuration files
TeamT5 ThreatSonar Anti-Ransomware
TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability — TeamT5 ThreatSonar Anti-Ransomware contains an unrestricted upload of file with dangerous type vulnerability. ThreatSonar
Google Chromium
Google Chromium CSS Use-After-Free Vulnerability — Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulne
Bupa (UK/Global)
780K international health insurance member records exposed via insider data theft
Metro Inc. (Canada)
740K customer records from Jean Coutu pharmacy division exposed in ransomware attack
University of Pennsylvania
623,750 records exposed — Charitable donations, Dates of birth, Email addresses, Genders and 7 more
APOIA.se
450,764 records exposed — Email addresses, Names, Physical addresses
Odido Breach Impacts Millions of
Dutch telco Odido has revealed a major data breach impacting over six million customers
Nike Inc.
1.2M SNKRS app user records exposed — sneaker purchase history and payment data stolen
Mayo Clinic
900K patient research records exposed via compromised genomics analysis platform
Equinix Data Centers
740K enterprise customer metadata and colocation records exposed in Netscaler vulnerability exploit
IRS (Tax Vendor Breach)
1.8M taxpayer records exposed via compromised e-filing software vendor
Province of British Columbia
1.4M citizen records from provincial health and education systems compromised