Live disclosure tracker · updated continuously

Technology & Software Data Breaches

SaaS platforms, cloud providers, developer tooling, and app-layer infrastructure are concentrated attack surfaces. One tech vendor breach can expose thousands of downstream customers. Below is every tech-sector breach LeakTrace has indexed.

98B+
Records Exposed
1333
Incidents
94+
Countries
+104%
Breach Velocity YoY
Browse by sector
All breaches Healthcare Finance Government Technology Retail Education Legal
Browse by year
2024 2025 2026 ★ Worst of 2026

Technology & Software Data Breaches (1333 indexed)

high · tech · May 20, 2026

Microsoft Internet Explorer

Microsoft Internet Explorer Use-After-Free Vulnerability — Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code by accessing a pointer associate

View incident → Original disclosure Indexed 1 month, 2 weeks ago
high · tech · May 20, 2026

Microsoft Defender

Microsoft Defender Link Following Vulnerability — Microsoft Defender contains a link following vulnerability that allows an authorized attacker to elevate privileges locally.

View incident → Original disclosure Indexed 1 month, 2 weeks ago
high · tech · May 20, 2026

Microsoft DirectX

Microsoft DirectX NULL Byte Overwrite Vulnerability — Microsoft DirectX contains a NULL byte overwrite vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow which could allow remote attackers to

View incident → Original disclosure Indexed 1 month, 2 weeks ago
high · tech · May 20, 2026

Microsoft Windows

Microsoft Windows Buffer Overflow Vulnerability — Microsoft Windows contains a buffer overflow vulnerability in the Windows Server Service that allows remote attackers to execute arbitrary code via a crafted RPC request

View incident → Original disclosure Indexed 1 month, 2 weeks ago
high · tech · May 20, 2026

Adobe Acrobat and Reader

Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability — Adobe Acrobat and Reader contain a heap-based buffer overflow vulnerability which could allow remote attackers to execute arbitrary code via a crafted P

View incident → Original disclosure Indexed 1 month, 2 weeks ago
medium · tech · May 15, 2026

Expired domain leads to supply

A popular npm package called node-ipc has been compromised, with hackers publishing malicious versions that bundle credential stealing malware. The root cause of the compromise was an expired domain name that attackers m

View incident → Original disclosure Indexed 1 month, 2 weeks ago
high · tech · May 15, 2026

Microsoft Microsoft

Microsoft Exchange Server Cross-Site Scripting Vulnerability — Microsoft Exchange Server contains a cross-site scripting vulnerability during web page generation in Outlook Web Access and when certain interaction conditi

View incident → Original disclosure Indexed 1 month, 2 weeks ago
high · tech · May 14, 2026

Cisco Catalyst SD-WAN

Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability — Cisco Catalyst SD-WAN Controller & Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass a

View incident → Original disclosure Indexed 1 month, 2 weeks ago
medium · tech · May 12, 2026

Deal Reached With Hackers to

The company that operates online learning system Canvas said it struck a deal with hackers to delete the data they pilfered in a cyberattack that created chaos for students, many of them in the middle of finals. The post

View incident → Original disclosure Indexed 1 month, 3 weeks ago
medium · tech · May 12, 2026

Mistral AI SDK, TanStack Router

The TeamPCP threat group has pulled off another big supply chain attack which within a few hours this week was able to successfully compromise 170 Node Package Manager (npm) and PyPI packages. The attack affected the

View incident → Original disclosure Indexed 1 month, 3 weeks ago
high · tech · May 8, 2026

BerriAI LiteLLM

BerriAI LiteLLM SQL Injection Vulnerability — BerriAI LiteLLM contains a SQL injection vulnerability that allows an attacker to read data from the proxy's database and potentially modify it, leading to unauthorised acces

View incident → Original disclosure Indexed 1 month, 3 weeks ago
medium · tech · May 8, 2026

AI Firm Braintrust Prompts API

Hackers accessed one of the company’s AWS accounts and compromised AI provider secrets stored in Braintrust. The post AI Firm Braintrust Prompts API Key Rotation After Data Breach appeared first on SecurityWeek.

View incident → Original disclosure Indexed 1 month, 3 weeks ago
critical · tech · May 6, 2026

Vimeo data breach

Sergiu Gatlan reports: The ShinyHunters extortion gang stole personal information belonging to over 119,000 people after hacking the Vimeo online video platform in April, according to data breach notification service Hav

View incident → Original disclosure Indexed 1 month, 4 weeks ago
high · tech · May 6, 2026

Palo Alto Networks PAN-OS

Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability — Palo Alto Networks PAN-OS contains an out-of-bounds write vulnerability in the User-ID Authentication Portal (aka Captive Portal) service that can allow an un

View incident → Original disclosure Indexed 1 month, 4 weeks ago
critical · tech · May 5, 2026

We Scanned 1 Million Exposed

While the software industry has made genuine strides over the past few decades to deliver products securely, the furious pace of AI adoption is putting that progress at risk. Businesses are moving fast to self-host LLM i

View incident → Original disclosure Indexed 1 month, 4 weeks ago