Every confirmed data breach we've indexed across 4672+ incidents from healthcare, finance, technology, government, retail, and education. Sourced from Verizon DBIR, public disclosure feeds, and major security news outlets. Updated automatically.
Hackers accessed some Booking.com user data, including names, emails, phone numbers, and booking details. The issue is now contained. Booking.com warned that hackers may have accessed customer data linked to travel reser
The ShinyHunters cybercrime group has claimed responsibility for breaching systems linked to video game developer Rockstar Games, threatening to release stolen data if a ransom is not paid.
The online travel platform has not said how many customers’ booking information was exposed, but said the issue has been contained. The post Booking.com Says Hackers Accessed User Information appeared first on SecurityW
A survey by Sygnia reveals that senior-level security leaders fear they are not prepared to respond to the next cyberattack.
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability — Microsoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution.
OpenAI is rotating potentially exposed macOS code-signing certificates after a GitHub Actions workflow executed a malicious Axios package during a recent supply chain attack. [...]
Adobe Acrobat Use-After-Free Vulnerability — Adobe Acrobat contains a use-after-free vulnerability that allows for code execution
New "Storm" infostealer skips local decryption, sending browser data to attacker servers. Varonis shows how server-side decryption enables session hijacking, bypassing passwords and MFA. [...]
Fortinet SQL Injection Vulnerability — Fortinet FortiClient EMS contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP req
Joe Tidy reports: Grand Theft Auto developer Rockstar Games has been targeted for a second time in three years by hackers. The data breach affecting the gaming giant was reported by cybersecurity news outlets on Saturday
Rockstar Games has suffered a data breach linked to a recent security incident at Anodot, with the ShinyHunters extortion gang now leaking the stolen data on its data leak site. [...]
Spring Lake Park Today reports: Spring Lake Park Schools in Minnesota were forced to close on Monday due to a suspected ransomware attack that disrupted the district’s computer systems. Local authorities are invest
Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability — Microsoft Visual Basic for Applications (VBA) contains an insecure library loading vulnerability that could allow for remote code execution
1,736,520 records exposed — Email addresses, Names, Phone numbers, Physical addresses and 1 more
Unknown hackers breached the systems of European gym chain Basic-Fit and downloaded personal data belonging to members across several countries, the company has announced.
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, incl
Google adds Device Bound Session Credentials (DBSC) to Chrome 146, using hardware keys to block infostealer use of stolen session cookies on Windows.
ShinyHunters claims access to Rockstar Games Snowflake data via Anodot breach, threatening a data leak on April 14 if ransom demands are not met.
Censys researchers found 5,219 exposed Rockwell PLCs online, mostly in the U.S., urging defenders to secure or disconnect them. On April 7, 2026, U.S. agencies, including FBI, CISA, and NSA, warned of Iran-linked APTs ex
Yesterday, Bryan Lambert reported: Health care providers at Brockton Hospital are preparing to work off paper, not computers, for the next two weeks as the health care hub deals with an ongoing cybersecurity incident. T
Google has made a big step forward by extending end-to-end encryption to Android and iOS devices for Gmail client-side encryption (CSE) users, says an expert. “All in all, this is a welcome update, especially in light
A flaw in EngageLab SDK exposed up to 50M Android users, including 30M crypto wallets, letting apps bypass security and access private data. Microsoft researchers found a critical flaw in EngageSDK that lets apps bypass
A research firm tallied the internet-exposed devices Iran is targeting and recommended mitigations for any infrastructure operator using them.
Jones Day wasn’t the only big law firm to recently fall prey to threat actors variously known as Silent Ransom Group, Luna Moth, Chatty Spider, or UNC3753. DataBreaches will refer to them as the Silent Ransom Group