Live Latest activity →

Breaches·Canada Life Breach: 237K Records Exposed by ShinyHunters (2026)

May 2026

233 security articles published this month.

94

critical

25

high

5

medium

56

low

53

Advisory

57

Breaches

10

News

8

Intel

105

Learn

1

Research

0

Malware

52

Advisory

(57)

Joomla Forms Builder SQLi leaks data (CVE-2021-47930)

critical May 10

WordPress TheCartPress creates admin accounts (CVE-2021-47932)

critical May 10

WordPress MStore API unauth RCE (CVE-2021-47933)

critical May 10

OpenCATS unauthenticated RCE (CVE-2021-47936)

critical May 10

PHP SOAP unauthenticated RCE (CVE-2026-6722)

Beauty Parlour SQLi reads database (CVE-2026-37431)

openvpn-auth-oauth2 bypasses SSO auth (CVE-2026-41070)

PraisonAI RCE, no auth needed (CVE-2026-41497)

electerm unauth command injection (CVE-2026-41500)

electerm unauthenticated RCE (CVE-2026-41501)

ai-scanner RCE via JavaScript injection (CVE-2026-41512)

Nhost account takeover via OAuth (CVE-2026-41574)

LiteLLM SQL injection exploited in wild (CVE-2026-42208) [PoC]

Postiz unauthenticated RCE via PR build (CVE-2026-42298)

Termix server RCE via shell injection (CVE-2026-42454)

PraisonAI SSRF via URL bypass (CVE-2026-44335)

PraisonAI path traversal leads to RCE (CVE-2026-44336)

Zcash Zebra consensus split via sig (CVE-2026-44497)

Azure Cassandra RCE, low-privilege (CVE-2026-33109)

Open Notebook RCE via SSTI (CVE-2026-33587)

Microsoft Teams information disclosure (CVE-2026-33823)

Azure Cloud Shell network spoofing (CVE-2026-35428)

Snipe-IT unauth RCE via file upload (CVE-2026-37709)

FreeScout unauth takeover via expired invites (CVE-2026-41902)

Azure DevOps leaks credentials (CVE-2026-42826)

Argo CD secret data leak (CVE-2026-42880)

Ivanti EPMM admin RCE exploited (CVE-2026-6973)

PAN-OS unauth RCE exploited in the wild (CVE-2026-0300) [PoC]

Cisco Unity Connection arbitrary code execution (CVE-2026-20034)

Wicket session fixation, no patch yet (CVE-2026-40010)

Gotenberg unauth file overwrite (CVE-2026-40281)

Vvveb hard-coded credentials leak DB (CVE-2026-41930)

OpenClaw exposes CDP relay traffic (CVE-2026-43581)

Perl session IDs leak authentication (CVE-2026-5081)

Chrome heap corruption via crafted page (CVE-2026-7896)

Chrome Linux RCE via Chromoting (CVE-2026-7898)

Chrome V8 code execution in sandbox (CVE-2026-7899)

Google Chrome sandbox escape (CVE-2026-7908)

VM2 sandbox breakout, host RCE (CVE-2026-24118)

vm2 sandbox escape RCE (CVE-2026-24120)

vm2 sandbox escape RCE (CVE-2026-24781)

vm2 sandbox escape RCE (CVE-2026-26332)

vm2 sandbox full RCE escape (CVE-2026-26956)

Arelle unauthenticated RCE (CVE-2026-42796)

Polaris leaks broad cloud credentials (CVE-2026-42809)

Apache Polaris leaks S3 cross-table data (CVE-2026-42810)

Polaris bucket-wide credential leak (CVE-2026-42811)

Apache Polaris writes metadata to attacker-chosen path (CVE-2026-42812)

ArgoCD diff leaks K8s secret data (CVE-2026-43824)

Vanetza V2X denial of service (CVE-2026-37554)

Neethi denial of service via XML (CVE-2026-42402)

Apache Neethi stack overflow via circular refs (CVE-2026-42403)

MixPHP unauth RCE via deserialization (CVE-2026-42472)

MixPHP unauth RCE via deserialization (CVE-2026-42473)

hashcat heap overflow DoS or RCE (CVE-2026-42483)

Apache MINA IoBuffer RCE, patch bypass (CVE-2026-42778) [PoC]

MINA unauthenticated RCE via bad fix (CVE-2026-42779) [PoC]

Breaches

(10)

Canada Life Breach: 237K Records Exposed by ShinyHunters (2026)

Cushman & Wakefield Breach: 310K Records Exposed (2026)

Zara Data Breach: 197K Emails & Orders Exposed (2026)

Woflow Breach: 447K Records - Emails & Addresses Exposed (2026)

LegionProxy Data Breach: 10K Emails & Hashed Passwords (2026)

Vimeo Breach: 119K Emails & Names Exposed (2026)

Reborn Gaming Breach: 126 Accounts Exposed (2026)

Marcus & Millichap Breach: 1.8M Records Exposed (2026)

ZenBusiness Breach: 5.1M Records Exposed (2026)

Aman Data Breach: 215K Guest Records Leaked (2026)

News

(8)

critical May 10

Weekly Threat Roundup: Critical PAN-OS Flaw Exploited (May 4-10)

Ivanti EPMM CVE-2026-6973 admin RCE exploited

PAN-OS RCE CVE-2026-0300 exploited in the wild

CISA critical infrastructure initiative announced

MOVEit Automation auth bypass bug gets patch

Weekly Threat Roundup: Apache & cPanel Zero-Days (Apr 27 - May 3)

CISA Adds Actively Exploited Linux Root Bug CVE-2026-31

CISA: Secure agentic AI adoption guide released

Intel

(105)

critical May 13

Alpinion Ransomware Attack by coinbasecartel (May 2026)

critical May 13

Amstel Securities Ransomware Claim by thegentlemen (May 2026)

critical May 13

Bestat Pharmaservices Ransomware Claim by WorldLeaks (May 2026)

critical May 13

Shajarpak Securities Ransomware by thegentlemen (May 2026)

critical May 13

Value Exchange International Hit by thegentlemen (May 2026)

Casino Gaming Commission Ransomware Claim by Genesis (May 2026)

critical May 12

DDU Ransomware Attack by Lamashtu (May 2026)

ICE Ransomware Attack by BrainCipher (May 2026)

Jozef Stefan Institute Ransomware Attack by coinbasecartel (May 2026)

critical May 12

Park Dental Research Ransomware Claim by Interlock (May 2026)

critical May 11

Lifelong Access Ransomware Attack by Lynx (May 2026)

critical May 10

American Board of Preventive Medicine Ransomware Claim by Genesis (May 2026)

critical May 10

CarePoint Health Ransomware Attack by Genesis (May 2026)

critical May 10

DermaPharm Ransomware Attack by thegentlemen (May 2026)

HMH Ransomware Claim by ShinyHunters (May 2026)

critical May 10

Lindabury Ransomware Attack by Qilin (May 2026)

critical May 10

Marlborough Partners Ransomware Claim by LeakBazaar (May 2026)

critical May 10

Sibilla Capital Ransomware Attack by INC Ransom (May 2026)

Cazh.id Ransomware Attack by Icarus (May 2026)

CMC Expertise Comptable Ransomware by DragonForce (May 2026)

Colegio María Inmaculada Ransomware by Bavacai (May 2026)

Fogel Capital Ransomware Claim by Qilin (May 2026)

Greenwoods Dental Ransomware Claim by Akira (May 2026)

Neurotrials Research Ransomware Attack by sinobi (May 2026)

Réseau Radiologique Romand Hit by Akira (May 2026)

Académie de Montpellier Ransomware Claim by Bavacai (May 2026)

Aerodiagnostics Ransomware Claim by INC Ransom (May 2026)

Clinical Registry Solutions Ransomware by Akira (May 2026)

Laclinic-Montreux Ransomware Attack by Qilin (May 2026)

Le Maire de QUIBERON Ransomware Attack by Qilin (May 2026)

Norcal Training Center Hit by Qilin Ransomware (May 2026)

Panal Seguros Ransomware Attack by Qilin (May 2026)

Rehab Clinics Group Ransomware Attack by Everest (May 2026)

SDK Environmental Ransomware Attack by Akira (May 2026)

Soprolux Ransomware Attack by Bravox (May 2026)

Alge-Stop Ransomware Attack by m3rx (May 2026)

Datasavior Ransomware Attack by m3rx (May 2026)

Farella Braun + Martel Ransomware Claim by SilentRansomGroup (May 2026)

Gingerich Trucking Ransomware Claim by Safepay (May 2026)

id-s.de Ransomware Attack by Safepay (May 2026)

JMIGE Ransomware Claim by SafePay (May 2026)

KB Toys Australia Ransomware Attack by m3rx (May 2026)

Pemberton Valley Dyking District Hit by m3rx (May 2026)

Sandberg Phoenix Hit by SilentRansomGroup (May 2026)

smp.cat Ransomware Attack by Safepay (May 2026)

Atencio Engineering Ransomware Claim by Bavacai (May 2026)

Bandeirante Supermercados Ransomware by Bavacai (May 2026)

CourtSmart Ransomware Attack by Bavacai (May 2026)

Desert Christian Schools Ransomware Claim by Bavacai (May 2026)

Elken Sdn Bhd Ransomware Attack by Bavacai (May 2026)

Magnolia Jewelry Ransomware Attack by Bavacai (May 2026)

Ropers Majeski Ransomware Claim by SilentRansomGroup (May 2026)

SIT Group Ransomware Attack by Bavacai (May 2026)

Strategic Imports Ransomware Attack by Bavacai (May 2026)

WOHA Ransomware Attack by Lamashtu (May 2026)

Addi.com Ransomware Attack by ShinyHunters (May 2026)

Boots Transport Ransomware Claim by SafePay (May 2026)

Dahlgrens Cement Ransomware Claim by SafePay (May 2026)

fital-treppenlifte.de Ransomware by Safepay (May 2026)

Foodsmart Dominicana Ransomware by Krybit (May 2026)

Hokuyo2006 Ransomware Attack by Safepay (May 2026)

Instructure Breach by ShinyHunters (May 2026)

Maiadouro Ransomware Attack by Safepay (May 2026)

Studio Marchi Ransomware Claim by Everest (May 2026)

Zonaovest.to.it Ransomware Attack by Safepay (May 2026)

Beyond Measure Ransomware Claim by Pear (May 2026)

Instructure Ransomware Claim by ShinyHunters (May 2026)

JG Stewart Construction Ransomware by cmdorganization (May 2026)

LSM Lee Ransomware Attack by Qilin (May 2026)

North Star Signs Ransomware Claim by Qilin (May 2026)

Standard-Examiner Ransomware Claim by Qilin (May 2026)

Star Precision Ransomware Attack by Qilin (May 2026)

Tuopu Ransomware Attack by Blackwater (May 2026)

Wilkem Group Ransomware Claim by INC Ransom (May 2026)

Zampell Ransomware Claim by cmdorganization (May 2026)

Armstrong George Cohen Qilin Ransomware Attack (May 2026)

cgcsa.co.za Ransomware Attack by Stormous (May 2026)

Cushman & Wakefield Ransomware Claim by ShinyHunters (May 2026)

EMTCO Ransomware Attack by m3rx (May 2026)

FANASA.COM Ransomware Attack by Stormous (May 2026)

Fiserv Ransomware Claim by Everest (May 2026)

it-freitag.de Ransomware Attack by m3rx (May 2026)

Manatee Air Ransomware Claim by m3rx (May 2026)

OR-Technology Ransomware Claim by Stormous (May 2026)

Photonic Ransomware Attack by mnt6 (May 2026)

Avnet Ransomware Attack by Fulcrumsec (May 2026)

Bomu Hospital Ransomware Attack by Krybit (May 2026)

EnergyAction Ransomware Attack by Safepay (May 2026)

Epiq Global Ransomware Attack by Everest (May 2026)

HPK Hamburg Ransomware Claim by Safepay (May 2026)

INJURYLAWYERS.COM Ransomware Claim by Clop (May 2026)

Integra LifeSciences Ransomware Claim by Clop (May 2026)

Site Design Group Attack by AiLock (May 2026)

Symcor Ransomware Attack by Everest (May 2026)

TSYS Ransomware Attack by Everest (May 2026)

Apothebeauty Ransomware Attack by Qilin (April 2026)

Colorado Dental Wellness Ransomware by Anubis (May 2026)

Follett Software Ransomware Claim by ShinyHunters (May 2026)

Jayeff Construction Ransomware Attack by Qilin (Apr 2026)

MES Hybrid Document Systems Ransomware by Qilin (Apr 2026)

See's Candies Ransomware Attack by Qilin (Apr 2026)

Silfab Solar Ransomware Attack by mnt6 (April 2026)

The Switch Enterprises Hit by Qilin Ransomware (Apr 2026)

Towerpoint Wealth Ransomware by ShinyHunters (May 2026)

Zinkan & Barker Ransomware Claim by Qilin (Apr 2026)

Learn

(1)

SOC Analyst Interview Question Database (150+ Real Questions for 2026)

Malware

(52)

Agent Tesla Malware: 61 Samples, Stable Trend (May 2026)

AsyncRAT Malware: 42 Samples, Stable Trend (May 2026)

Formbook Malware: 95 Samples, Rising Trend (May 2026)

Mirai Malware: 100 Samples, Rising Trend (May 2026)

QuasarRAT Malware: 11 Samples, Rising Trend (May 2026)

Snake Keylogger Malware: 9 Samples, Rising Trend (May 2026)

Vidar Malware: 28 Samples, Stable Trend (May 2026)

Agent Tesla Malware: 36 Samples, Declining Trend (May 2026)

AsyncRAT Malware: 25 Samples, Declining Trend (May 2026)

Formbook Malware: 18 Samples, Declining Trend (May 2026)

Mirai Malware: 100 Samples, Rising Trend (May 2026)

QuasarRAT Malware: 10 Samples, Stable Trend (May 2026)

Vidar Malware: 24 Samples, Declining Trend (May 2026)

Agent Tesla Malware: 42 Samples, Declining Trend (May 2026)

AsyncRAT Malware: 27 Samples, Declining Trend (May 2026)

Formbook Malware: 16 Samples, Declining Trend (May 2026)

Mirai Malware: 100 Samples, Rising Trend (May 2026)

QuasarRAT Malware: 10 Samples, Stable Trend (May 2026)

Vidar Malware: 32 Samples, Stable Trend (May 2026)

Agent Tesla Malware: 42 Samples, Declining Trend (May 2026)

AsyncRAT Malware: 54 Samples, Stable Trend (May 2026)

Formbook Malware: 13 Samples, Declining Trend (May 2026)

QuasarRAT Malware: 11 Samples, Stable Trend (May 2026)

Snake Keylogger: 3 Samples — Declining (May 2026)

Vidar Malware: 33 Samples, Rising Trend (May 2026)

Agent Tesla Malware: 64 Samples, Stable Trend (May 2026)

AsyncRAT Malware: 60 Samples, Rising Trend (May 2026)

Formbook Malware: 12 Samples, Declining Trend (May 2026)

QuasarRAT Malware: 7 Samples, Declining Trend (May 2026)

Snake Keylogger: 6 Samples — Declining (May 2026)

Vidar Malware: 25 Samples, Stable Trend (May 2026)

Agent Tesla Malware: 60 Samples, Stable Trend (May 2026)

AsyncRAT Malware: 57 Samples, Rising Trend (May 2026)

Formbook Malware: 13 Samples, Declining Trend (May 2026)

Mirai Malware: 100 Samples, Rising Trend (May 2026)

QuasarRAT Malware: 5 Samples, Declining Trend (May 2026)

Snake Keylogger: 5 Samples — Declining (May 2026)

Vidar Malware: 28 Samples, Stable Trend (May 2026)

Agent Tesla Malware: 70 Samples, Stable Trend (May 2026)

AsyncRAT Malware: 55 Samples, Rising Trend (May 2026)

Formbook Malware: 38 Samples, Stable Trend (May 2026)

QuasarRAT Malware: 8 Samples, Declining Trend (May 2026)

Snake Keylogger: 7 Samples — Declining (May 2026)

Vidar Malware: 30 Samples, Stable Trend (May 2026)

Agent Tesla Malware: 80 Samples, Rising Trend (May 2026)

AsyncRAT Malware: 53 Samples, Rising Trend (May 2026)

Cobalt Strike Malware: 5 Samples, Rising Trend (May 2026)

Formbook Malware: 39 Samples, Rising Trend (May 2026)

Mirai Malware: 100 Samples, Rising Trend (May 2026)

QuasarRAT Malware: 14 Samples, Stable Trend (May 2026)

Snake Keylogger Malware: 8 Samples, Stable Trend (May 2026)

Vidar Malware: 29 Samples, Stable Trend (May 2026)

April 2026 All Threats