Live disclosure tracker · updated continuously

Technology & Software Data Breaches

SaaS platforms, cloud providers, developer tooling, and app-layer infrastructure are concentrated attack surfaces. One tech vendor breach can expose thousands of downstream customers. Below is every tech-sector breach LeakTrace has indexed.

98B+
Records Exposed
1333
Incidents
94+
Countries
+104%
Breach Velocity YoY
Browse by sector
All breaches Healthcare Finance Government Technology Retail Education Legal
Browse by year
2024 2025 2026 ★ Worst of 2026

Technology & Software Data Breaches (1333 indexed)

high · tech · Jun 5, 2026

SolarWinds Serv-U

SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability — SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: de

medium · tech · Jun 3, 2026

KR: Tving CEO Apologizes for

This is what incident response and accountability should look like in the U.S., too, but almost never does.  The Chosun Daily reports: OTT platform Tving, TVING, has faced controversy over leaking members’ personal

high · tech · Jun 2, 2026

Android Framework

Android Framework Integer Overflow Vulnerability — Android Framework contains an integer overflow vulnerability that allows for code execution that could allow for local privilege escalation.

high · tech · Jun 2, 2026

Linux Kernel

Linux Kernel Improper Authentication Vulnerability — Linux Kernel contains an improper authentication vulnerability which could allow for privilege escalation via the cgroups v1 release_agent feature.

medium · tech · Jun 2, 2026

Infected Red Hat npm packages

Developers who pulled packages from Red Hat’s @redhat-cloud-services npm namespace over the weekend got a secret-stealing worm instead. Security researchers from several cybersecurity outlets are warning of a new supp

high · tech · Jun 1, 2026

Oracle WebLogic Server

Oracle WebLogic Server Unspecified Vulnerability — Oracle WebLogic contains an unspecified vulnerability that could allow an unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server.

high · tech · May 29, 2026

Palo Alto Networks PAN-OS

Palo Alto Networks PAN-OS Authentication Bypass Vulnerability — Palo Alto Networks PAN-OS contains an authentication bypass vulnerability that allows attackers to bypass security restrictions and establish an unauthorize

medium · tech · May 28, 2026

GlassWorm falls, but the repo

Taking down a sprawling malware operation once signaled progress in securing the open-source ecosystem. Now, it barely registers. The GlassWorm campaign disruption comes at a moment when attackers can quickly reconstitut

critical · tech · May 28, 2026

19.6 Billion Files Are Sitting

19.6 Billion files are exposed in misconfigured cloud buckets, including 685K credential files and nearly 1M database dumps. There’s a comfortable myth most people carry around: that the data they hand to companies

high · tech · May 27, 2026

TanStack TanStack

TanStack Unspecified Vulnerability — TanStack contains an unspecified vulnerability that allowed malicious versions of the product to be published to the npm registry to publish credential-stealing malware under a truste

high · tech · May 27, 2026

Nx Nx Console

Nx Console Embedded Malicious Code Vulnerability — Nx Console contains an embedded malicious code vulnerability that allowed a malicious version of Nx Console to be published. The compromised extension fetched an obfusca

high · tech · May 26, 2026

LiteSpeed cPanel Plugin

LiteSpeed cPanel Plugin Privilege Escalation Vulnerability — LiteSpeed cPanel Plugin contains privilege escalation vulnerability that is exposed via the user-end cPanel plugin, which can be abused by any cPanel user acco

View incident → Original disclosure Indexed 1 month, 1 week ago
high · tech · May 22, 2026

Drupal Core

Drupal Core SQL Injection Vulnerability — Drupal Core contains a SQL injection vulnerability that could allow for privilege escalation and remote code execution via specially crafted requests sent with the database abstr

View incident → Original disclosure Indexed 1 month, 1 week ago
high · tech · May 21, 2026

Trend Micro Apex One

Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability — Trend Micro Apex One (on-premise) contains a directory traversal vulnerability that could allow a pre-authenticated local attacker to modify a key tab

View incident → Original disclosure Indexed 1 month, 1 week ago
high · tech · May 21, 2026

Langflow Langflow

Langflow Origin Validation Error Vulnerability — Langflow contains an origin validation error vulnerability in which an overly permissive CORS configuration combined with a refresh token cookie configured as SameSite=Non

View incident → Original disclosure Indexed 1 month, 1 week ago
high · tech · May 20, 2026

Microsoft Defender

Microsoft Defender Link Following Vulnerability — Microsoft Defender contains a link following vulnerability that allows an authorized attacker to elevate privileges locally.

View incident → Original disclosure Indexed 1 month, 1 week ago