DATABREACH STATS & NEWS
28,433,149,823
STAY INFORMED
STAY SECURED
Cyber incidents continue to increase in frequency, scale, and business impact, driven by financially motivated threat actors targeting high-value data assets. Despite advancements in security technologies, many organizations remain underprepared to effectively prevent, detect, and respond to evolving threats.
Metrics
Key trends highlight escalating financial impact, expanding attack surfaces, and growing third-party risk exposure, reinforcing the need for enhanced investment, modernized controls, and mature incident response capabilities.
- Global average breach cost: ~US $4.44M / U.S. average breach cost: ~US $10.22M
- Multi-environment breaches (cloud + on-prem): ~US $5.05M average cost
- PII involved in ~53% of breaches
- AI-related risks emerging: ~16% attacker use; ~20% shadow AI exposure
- Average dwell time: ~241 days
- Third-party involvement in ~30% of breaches
ThreatScape
Cyber threat activity remains persistent and diverse, with widespread website compromise, insider involvement, financially driven attacks, ransomware prevalence, concentrated industry impact, and strong links to organized cybercrime groups.
- 4,800 websites/month are compromised with formjacking.
- 34% of breaches involve internal actors.
- 71% of breaches are financially motivated.
- 24% of malware incidents involve ransomware.
- 95% of breached records** come from government, retail, and technology.
- 36% of external actors** are linked to organized crime.
CyberPulse
Data breaches and website tracking technologies may seem like distinct privacy risks, but the California Supreme Court's recent decision in J.M. v ... On May 5, 2026, the parties in In re Doxim, Inc. Data Security Incident Litigation (E.D. Mich. June 13, 2024), filed a proposed $5.5 million class ... Miami-based Gastro Health, a GI practice with a network of 207 locations, has provided notice of a data security incident. Cybercrime gang FulcrumSec has begun leaking what it claims are samples from 1.3 terabytes of data stolen from pharmaceutical giant Novo Nordisk. Security teams deploy fake assets including decoy servers, AI chatbots, AI training data, and endpoints. · An attacker gains initial access. · The ... FulcrumSec says it spent more than two months inside Novo Nordisk's networks and is now exploring private sales of the data after the company ... Medtronic thwarts cyberattack on its IT systems in wake of data breach at Stryker. The company also said it has not identified evidence of ongoing ... Section 12 of the Justice and Security Act 2013, the statute which made 'closed material procedures' available in civil proceedings generally, ... The threat that arrived behaved differently. Most enterprise security stacks have the same architecture. Spending more on the same generic categories ... The company later confirmed the data breach from third-party-hosted business applications via a social engineering attack and deemed the incident ... A data leak has exposed private data on billionaire Peter Thiel's “Dialog,” an invitation-only network of high-profile figures. ... data breach, Higher Ed Dive reported. In an email to students, university officials said they were working to determine what data had been accessed. Nintendo issued an official statement following reports yesterday that the company was impacted by a data breach. Its SOC 2 Type II and HIPAA certifications meet the security requirements of regulated industries out of the box, and a free tier allows organizations ... FulcrumSec, a cyber extortion group, says it has hacked Novo Nordisk, the maker of Wegovy and Ozempic. The hackers say they may sell data after ... We have no knowledge of any recent legitimate data breach reports from either VRChat or Discord." To prevent similar abuse in the future, the Maine AG ... Novo Nordisk said the security incident affected patient data, including health information and birth year. Update [ Tue 16th Jun 2026, 11:15am ]: Nintendo of America has responded to the claimed data breach, confirming a loss "limited to internal survey ... Data breaches against phone carriers – and their third-party vendors – also expose phone numbers with associated accounts. More recently, a data ... Patients of Rochester Regional Health recently began receiving mailed notices of a data breach that only led to more confusion, as the letters ...on June 16, 2026 at 4:21 pm on June 16, 2026 at 2:35 pm on June 16, 2026 at 2:02 pm on June 16, 2026 at 1:47 pm on June 16, 2026 at 1:21 pm on June 16, 2026 at 1:13 pm on June 16, 2026 at 1:04 pm on June 16, 2026 at 1:01 pm on June 16, 2026 at 12:52 pm on June 16, 2026 at 12:31 pm on June 16, 2026 at 12:23 pm on June 16, 2026 at 12:07 pm on June 16, 2026 at 12:05 pm on June 16, 2026 at 11:47 am on June 16, 2026 at 11:39 am on June 16, 2026 at 11:36 am on June 16, 2026 at 11:16 am on June 16, 2026 at 11:15 am on June 16, 2026 at 11:01 am on June 16, 2026 at 10:41 am
A flaw in the Google Cloud Vertex AI SDK for Python let an attacker with no access to a victim's project hijack the victim's machine learning model upload and run code inside Google's serving […] Cybersecurity researchers have flagged multiple ClickFix campaigns that deliver three malware loaders called BabaDeda Loader, Lorem Ipsum Loader, and Potemkin, per independent reports from Morphisec, […] Security researchers at Zimperium's zLabs have documented a new Android banking trojan, Rokarolla, that targets 217 banking and cryptocurrency apps and packs 137 remote commands.
Together, they […] Security teams have never had more IP data at their disposal. Every day, analysts ingest enrichment feeds, geolocation data, reputation scores, telemetry, and threat intelligence from a growing […] Bad actors are exploiting multiple security vulnerabilities in Fortinet FortiSandbox, according to threat intelligence firm Defused Cyber.
In a post shared on X, the company said it has observed […] Cybersecurity researchers have flagged two previously undocumented Windows variants of what was believed to be a Linux-only backdoor called SprySOCKS.
"The Windows variants discovered are internally […] The North Korean state-sponsored hacking group known as ScarCruft (aka APT37) has been observed using spear-phishing messages impersonating Microsoft Account security notifications to deliver malware […] Cisco has released security updates for a medium-severity security flaw in Catalyst SD-WAN Manager that has come under active exploitation in the wild.
The vulnerability, tracked as CVE-2026-20262, […] The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting LiteSpeed cPanel Plugin to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal […] A China-linked espionage group hid inside North American medical, academic, and military research networks for more than a year, quietly stealing sensitive research and defense email.
The way in was […] Cybersecurity researchers have flagged two malicious cyber campaigns that exhibit similarities with a persistent North Korean threat cluster known as Contagious Interview (aka Famous Chollima, […] A default low-privilege account on a LiteLLM proxy can climb to full admin and run code on the server by chaining three vulnerabilities, researchers at Obsidian Security disclosed
LiteLLM is a […] A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search.
Researchers at Varonis Threat […] Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod.
This week is the same lesson in a new form: […] Employee onboarding is a busy time for IT teams. New starters need devices, accounts, access permissions, and passwords, all delivered within a tight timeframe.
That usually means sharing a […] Cybersecurity researchers have discovered a network of 152 Google Chrome extensions that act as new tab live wallpaper add-ons to distribute a potentially unwanted program (PUP) family.
The cluster […] An attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage, OptinMonster, and TrustPulse, turning those files into a way to break into the sites.
When a site […] Cybersecurity researchers have disclosed details of fraudulent activity targeting users across the Middle East and North Africa by employing various fraudulent Facebook accounts impersonating […] Palo Alto Networks has revealed that it has observed "active exploitation" of a recently disclosed PAN-OS vulnerability by an unknown threat actor to obtain unauthorized access to GlobalProtect […] Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution.
The […] Anthropic said on Friday it will "abruptly disable" its most advanced artificial intelligence (AI) models, Claude Fable 5 and Mythos 5, for all users after the U.S. government ordered it to suspend […] Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them.
The malware is […] Google on Friday said it's pursuing legal action against a Chinese cybercrime network, accusing it of using its Gemini artificial intelligence (AI) agent to send phishing text messages targeting […] Instead of hiding on the laptops and servers defenders watch most closely, a China-nexus group spent close to a decade hidden inside the Linux login system itself.
Sygnia, which tracks the group as […] Cybersecurity researchers have described what they say is a new class of attack that can trick artificial intelligence (AI) coding agents into running arbitrary code on developer machines.
Called […] For most of the past decade, managed detection and response was the answer to a real problem. Security teams couldn't staff around the clock, couldn't hire enough analysts, and needed someone else to […] Cybersecurity researchers have disclosed details of three now-patched security flaws impacting LangGraph, including a critical vulnerability chain that could result in remote code execution. […] An INTERPOL-led operation last month resulted in the disruption of Sniper Dz, a decade-long phishing-as-a-service (PhaaS) platform, Group-IB said Thursday.
The effort, codenamed Operation Ramz, took […] Authorities in Europe have disrupted AudiA6, a cryptocurrency laundering service used by ransomware gangs and cybercriminal networks.
Europol, in a statement issued Thursday, said the dismantling of […] The ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep it private. The campaign hit universities […]on June 16, 2026 at 12:05 pm on June 16, 2026 at 10:41 am on June 16, 2026 at 6:10 am on June 16, 2026 at 4:30 am on June 16, 2026 at 3:30 am on June 16, 2026 at 2:44 am on June 16, 2026 at 1:14 am on June 15, 2026 at 11:05 pm on June 15, 2026 at 10:41 pm on June 15, 2026 at 12:44 pm on June 15, 2026 at 12:32 pm on June 15, 2026 at 9:39 am on June 15, 2026 at 8:09 am on June 15, 2026 at 6:49 am on June 15, 2026 at 4:30 am on June 15, 2026 at 4:07 am on June 15, 2026 at 2:59 am on June 14, 2026 at 11:30 pm on June 14, 2026 at 11:17 pm on June 13, 2026 at 6:23 am on June 12, 2026 at 10:42 pm on June 12, 2026 at 12:33 pm on June 12, 2026 at 11:59 am on June 12, 2026 at 11:17 am on June 12, 2026 at 5:04 am on June 12, 2026 at 4:00 am on June 12, 2026 at 2:50 am on June 12, 2026 at 1:52 am on June 11, 2026 at 11:38 pm on June 11, 2026 at 1:29 pm
In addition to executing entirely in memory, the malware's infection chain incorporates other anti-analysis techniques designed to frustrate detection. An open letter signed by dozens of security experts asked the government to reverse export restrictions on Anthropic's Claude Fable 5 and Mythos 5 models. FishMonger, a China-nexus threat group, has deployed an undocumented version of the Linux backdoor against government targets in Honduras, Taiwan, Thailand, and Pakistan. The emerging malware, spread via fake TikTok and Chrome downloads, demonstrates an evolution by combining banking fraud with extensive device surveillance and remote control. New analysis shows the campaign, which uses compromised WordPress sites, may be linked to the ransomware and data extortion group Vice Society. The denial-of-service (DoS) exploit takes advantage of two features in HTTP/2 that were designed to save Internet bandwith, not power massive amplification attacks. The critical, three-stage attack is now patched, but it's part of a new group of AI prompt-injection issues that use hidden URLs and other variables. Google discovered and disrupted the sprawling campaign, which stole RedCAP credentials to breach numerous institutions and exfiltrate sensitive data. Executive leaders may not be saying it aloud, but business objectives and priorities don't always promote timely disclosures. AI-native operating systems are shifting the responsibility to stay vigilant against social engineering cyberattacks from the user onto the system itself. Anthropic abruptly suspended all access to Fable 5 and Mythos 5 after receiving an export control directive that banned foreign nationals from using the technology. A major bug in Oracle's ERP software disproportionately affected American universities, and hackers have capitalized by stealing gobs of data. Stay cool: Mythos 5 is an upgrade over Mythos Preview while Fable 5 is Mythos "made safe for general use," Anthropic explains. Hackers are valuing quality over quantity, using AI to upgrade their phishing attacks rather than multiply them. Initial methods suggest attackers had likely mapped out Ivanti's asset landscape upfront and acted quickly once the exploit became public. Even the best segmentation strategy will fall apart without constant oversight and disciplined operations. North Korea's gross domestic product (GDP) has grown, in part because of the nation's state-sponsored cybercrime groups, which target financial firms and other businesses. The new directive gives federal agencies three days to fix the most dangerous flaws, while less severe issues can be deferred. Security research inadvertently led organizations to believe they were being breached through their ServiceNow instances. As companies adopt AI, many insurance firms are explicitly excluding AI risks, while others are forging ahead to create the right framework. What risks can firms reasonably manage? The disgruntled researcher released yet another PoC for a Windows Defender bug that allows for system takeover, showing no signs of abandoning their ongoing feud with Microsoft. Former National Cyber Director Chris Inglis warns that cyberattacks threaten hospitals, utilities, and essential services. Voluminous patch updates could soon be the norm, as artificial intelligence accelerates the speed and scale of vulnerability discovery. “Ghost-Sender" is the result of a widespread misconfiguration, according to researchers, and evidence indicates it's being actively abused in the wild. The attacks stemmed from a GitHub account that was also compromised in a previous Miasma attack on Microsoft last month. Two separate campaigns target CVE-2025-8088, fixed last July, to conduct data theft and cyberespionage against military and government targets in Ukraine. AI-generated content threatens credibility in cybersecurity. This "Ask the Expert" column explores why human oversight matters and how to maintain authentic narratives. The financially motivated group is combining vishing, IT impersonation, and in-person office intrusions to steal data and extort victims. A newly discovered, critical zero-day vulnerability is under attack; a Qilin ransomware affiliate has been blamed for at least one incident. An extension of the Geneva Conventions could impose restrictions on cyberwarfare under ceasefire conditions and close a major loophole in international conflict. The latest attacks, which hit 37 PyPI wheels and 19 code packages, show a continued evolution of the persistent software supply chain threat. Threat actors are taking advantage of Internet-exposed tank gauges by breaching gas stations, opening the door to disruption. AI worms, or "viruses with wings and brains," adapt to new environments, seek out vulnerabilities, and will likely strike within a year, researchers say. The White House's executive order establishes voluntary framework for early government access to frontier models while investing in federal security. Like Shai-Hulud, the campaign targets developers to steal credentials and reuses them to propagate across the software supply channel. One of the world's most diverse, least-focused cybercrime groups is enlarging its footprint beyond East Asia. Gartner analysts issued a call to action to bolster defenses against several emerging critical threats, such as deepfakes and prompt injections. Organizations are growing serious about which nation's rules apply to their data. Experts point to geopolitical tensions as a main contributing factor. Despite broadly connected digital infrastructure, standard fare TTPs are enough to cause trouble for Afghanistan's porous cybersecurity. Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Windows Defender. China-linked espionage groups have attacked at least a dozen nations in the region, gathering information on maritime shipping, oil production, and other geopolitical interests. Cyber insurance coverage is slowly changing, and some policies may not provide coverage for social engineering attacks like ClickFix. A disabled security setting meant to protect authentication across Android versions of key apps like Word, PowerPoint, and Excel paved the way for attackers to steal logins and data. A prompt injection flaw in Google Gemini's voice assistant let attackers hide malicious commands in notifications, enabling social engineering and more. A threat actor got a near-continuous view into an influential finance executive's email inbox, thanks to clever use of legitimate, native Windows tools. Zoom CISO Sandra McLeod discusses the challenges of securing a global communication platform, the promise of AI-driven security workflows, and her advice for aspiring cybersecurity leaders. Once targeting just Microsoft 365, the phishing-as-a-service platform now aims at AWS, Okta, and Russian platforms, while relying on device code phishing. A sneaky, wide-scale IAB operation uses a malicious traffic distribution system (TDS) to redirect visitors of trusted websites to ones that deliver malware. China is stealing data from high-value targets via a sneaky, double-layer spear-phishing campaign that includes the Azureveil malware. High-autonomy agents with broad permissions and unfettered access are a recipe for disaster, and enterprises need to act now before they become the next horror story.on June 16, 2026 at 3:26 pm on June 16, 2026 at 3:00 pm on June 16, 2026 at 1:11 pm on June 16, 2026 at 10:32 am on June 16, 2026 at 8:10 am on June 15, 2026 at 12:31 pm on June 15, 2026 at 12:27 pm on June 15, 2026 at 10:00 am on June 15, 2026 at 9:45 am on June 15, 2026 at 8:08 am on June 15, 2026 at 5:17 am on June 12, 2026 at 1:26 pm on June 12, 2026 at 6:01 am on June 11, 2026 at 5:58 pm on June 11, 2026 at 11:43 am on June 11, 2026 at 7:51 am on June 10, 2026 at 5:01 pm on June 10, 2026 at 2:17 pm on June 10, 2026 at 1:07 pm on June 10, 2026 at 12:34 pm on June 10, 2026 at 9:31 am on June 9, 2026 at 2:57 pm on June 9, 2026 at 2:42 pm on June 9, 2026 at 1:20 pm on June 9, 2026 at 12:33 pm on June 9, 2026 at 8:37 am on June 8, 2026 at 3:05 pm on June 8, 2026 at 1:59 pm on June 8, 2026 at 1:28 pm on June 8, 2026 at 12:07 pm on June 8, 2026 at 9:13 am on June 5, 2026 at 12:04 pm on June 5, 2026 at 7:40 am on June 5, 2026 at 6:00 am on June 4, 2026 at 2:47 pm on June 4, 2026 at 2:23 pm on June 4, 2026 at 2:08 pm on June 4, 2026 at 7:22 am on June 3, 2026 at 9:01 pm on June 3, 2026 at 2:34 pm on June 3, 2026 at 12:52 pm on June 3, 2026 at 12:10 pm on June 3, 2026 at 12:00 pm on June 3, 2026 at 5:01 am on June 3, 2026 at 3:01 am on June 2, 2026 at 2:51 pm on June 2, 2026 at 2:32 pm on June 2, 2026 at 1:11 pm on June 2, 2026 at 12:50 pm on June 2, 2026 at 12:10 pm
