Lyft Inc.
290K driver and rider records exposed via compromised third-party background check vendor
Technology & Software Data Breaches (1145 indexed)
SolarWinds Web Help Desk
SolarWinds Web Help Desk Security Control Bypass Vulnerability — SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted
Apple Multiple Products
Apple Multiple Buffer Overflow Vulnerability — Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker w
Microsoft Windows
Microsoft Windows Shell Protection Mechanism Failure Vulnerability — Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature ov
Microsoft Windows
Microsoft Windows NULL Pointer Dereference Vulnerability — Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
Microsoft Windows
Microsoft Windows Type Confusion Vulnerability — Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
Deutsche Telekom (Germany)
3.1M customer records accessed via compromised customer service platform
Microsoft Windows
Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability — Microsoft MSHTML Framework contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feat
Microsoft Windows
Microsoft Windows Improper Privilege Management Vulnerability — Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privile
Microsoft Office
Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability — Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized
Toy Battles
1,017 records exposed — Chat logs, Email addresses, IP addresses, Usernames
BridgePay Confirms Ransomware Attack, No
The services of Florida-based payments platform BridgePay are offline due to a ransomware attack
ServiceNow ITSM Platform
620K enterprise workflow configurations exposed via compromised instance admin accounts
Fortinet (Security Vendor)
440K customer records from FortiGate management portal exposed via zero-day authentication bypass
Substack
697K subscriber records exposed — email addresses, phone numbers, internal metadata
Kinaxis (Ottawa)
210K enterprise supply chain records exposed
React Native Community CLI
React Native Community CLI OS Command Injection Vulnerability — React Native Community CLI contains an OS command injection vulnerability which could allow unauthenticated network attackers to send POST requests to the M
Confluent
180K streaming platform records exposed
SmarterTools SmarterMail
SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability — SmarterTools SmarterMail contains a missing authentication for critical function vulnerability in the ConnectToHub API method. This co
ServiceNow
1.7M ITSM records from enterprise customers exposed via zero-day in Washington DC instance
Vibe-Coded Moltbook Exposes User Data,
Wiz Security claims Moltbook misconfiguration allowed full read and write access
SolarWinds Web Help Desk
SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability — SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could lead to remote code execution, which would allow a
Sangoma FreePBX
Sangoma FreePBX Improper Authentication Vulnerability — Sangoma FreePBX contains an improper authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access services
GitLab Community and Enterprise Editions
GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability — GitLab Community and Enterprise Editions contain a server-side request forgery vulnerability which could allow unauthorized exte