An OAuth vulnerability in the Klue platform allowed attackers to gain access to Salesforce CRM data from enterprise customers and exploit it for extortion purposes.
A publicly accessible Elasticsearch server stored 24 billion credentials from infostealer malware collections, placing millions of accounts without MFA at acute risk.
A current data breach of 4.9 million Wise customers containing names, birth dates, and Spanish tax identification numbers is being traded on the darknet and poses significant risks for identity theft and fraud.
Meta suffers multiple security incidents simultaneously — Instagram account hacks, data leaks exposing personal information, and renewed NSO Group activity targeting WhatsApp.
The traded dataset is likely a combolist compiled from older password breaches, which attackers can use via credential stuffing and targeted phishing to access Instagram accounts.
Anthropic is investigating allegations of a data breach following Claude’s outage on June 5, 2026, but has so far only confirmed infrastructure problems and no additional data incidents.
Cyberattack on external billing service provider leads to data breach of health and personal data of nearly 2,800 patients at Mainz University Hospital.
Lapsus$ stole source code from Vodafone and published it, demonstrating the gang’s operationalization and highlighting the critical need to secure source code and developer assets within zero-trust infrastructure.