Live disclosure tracker · updated continuously

Technology & Software Data Breaches

SaaS platforms, cloud providers, developer tooling, and app-layer infrastructure are concentrated attack surfaces. One tech vendor breach can expose thousands of downstream customers. Below is every tech-sector breach LeakTrace has indexed.

98B+
Records Exposed
1333
Incidents
94+
Countries
+104%
Breach Velocity YoY
Browse by sector
All breaches Healthcare Finance Government Technology Retail Education Legal
Browse by year
2024 2025 2026 ★ Worst of 2026

Technology & Software Data Breaches (1333 indexed)

medium · tech · Jul 2, 2026

Argo CD flaw shows why

A newly disclosed vulnerability in Argo CD is drawing attention to the security risks of GitOps platforms, with researchers warning that the flaw could allow attackers who gain a foothold inside a Kubernetes cluster to e

high · tech · Jul 1, 2026

Microsoft SharePoint Server

Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability — Microsoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code ove

high · tech · Jun 29, 2026

SimpleHelp SimpleHelp

SimpleHelp Authentication Bypass Vulnerability — SimpleHelp contains an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login

critical · tech · Jun 28, 2026

KDDI Data Breach Impacts up

KDDI Corporation disclosed a breach affecting up to 14.2 million email accounts after attackers exploited a vulnerability in third-party software. KDDI Corporation disclosed a data breach that exposed up to 14.2 million

high · tech · Jun 25, 2026

PTC Windchill and FlexPLM

PTC Windchill and FlexPLM Improper Input Validation Vulnerability — PTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to execute arbitrary code by

View incident → Original disclosure Indexed 1 week, 1 day ago
high · tech · Jun 25, 2026

PTC Windchill and FlexPLM

PTC Windchill and FlexPLM Improper Input Validation Vulnerability — PTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to execute arbitrary code by

View incident → Original disclosure Indexed 1 week, 1 day ago
medium · tech · Jun 24, 2026

How a malicious AI agent

A fake AI agent skill that passed security checks reached over 26,000 users through Instagram, highlighting new risks as enterprises rely on AI-driven tools. Some of the agents involved were tied to corporate accounts

View incident → Original disclosure Indexed 1 week, 2 days ago
high · tech · Jun 23, 2026

Ubiquiti UniFi OS

Ubiquiti UniFi OS Path Traversal Vulnerability — Ubiquiti UniFi OS contains a path traversal vulnerability which could allow a malicious actor with access to the network to access files on the underlying system that coul

View incident → Original disclosure Indexed 1 week, 3 days ago
critical · tech · Jun 23, 2026

DifyTap

Four flaws in Dify exposed cross-tenant data, documents and AI conversations. Two critical bugs enabled unauthenticated access and data theft. Zafran Labs researchers disclosed four vulnerabilities in Dify, the open-sour

View incident → Original disclosure Indexed 1 week, 3 days ago
high · tech · Jun 23, 2026

Ubiquiti UniFi OS

Ubiquiti UniFi OS Improper Access Control Vulnerability — Ubiquiti UniFi OS contains an improper access control vulnerability which could allow a malicious actor with access to the network to make unauthorized changes to

View incident → Original disclosure Indexed 1 week, 3 days ago
high · tech · Jun 23, 2026

Ubiquiti UniFi OS

Ubiquiti UniFi OS Improper Input Validation Vulnerability — Ubiquiti UniFi OS contains an improper input validation vulnerability which could allow a malicious actor with access to the network to conduct command injectio

View incident → Original disclosure Indexed 1 week, 3 days ago
high · tech · Jun 23, 2026

Lantronix EDS5000

Lantronix EDS5000 Code Injection Vulnerability — Lantronix EDS5000 contains a code injection vulnerability that could allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are exe

View incident → Original disclosure Indexed 1 week, 3 days ago
medium · tech · Jun 21, 2026

Klue OAuth breach victim list

Lawrence Abrams reports: Market intelligence platform Klue has publicly confirmed a recent security incident that allowed threat actors to steal OAuth tokens used to connect to customers’ Salesforce environments, a

View incident → Original disclosure Indexed 1 week, 5 days ago
medium · tech · Jun 19, 2026

Klue OAuth breach victim list

Market intelligence platform Klue has publicly confirmed a recent security incident that allowed threat actors to steal OAuth tokens used to connect to customers' Salesforce environments, as the new "Icarus" extortion gr

medium · tech · Jun 19, 2026

Microsoft

Microsoft is warning of a novel remote code execution (RCE) path possible through web-enabled AI agents, demonstrating the technique against AutoGen Studio, its open-source interface for building and testing multi-agent