In June 2026, Meta resolved a significant security vulnerability within Instagram’s AI-powered account recovery system, known as High Touch Support. The breach, which began in mid-April and was discovered in late May, resulted in the hijacking of appr...
In May 2026, Community Bank, a subsidiary of CB Financial Services with operations in southwestern Pennsylvania, southeastern Ohio, and northwestern West Virginia, disclosed a data breach incident involving the unauthorized use of an artificial intell...
In April 2026, Vercel, a cloud deployment firm and web3 hosting backbone, experienced a significant security breach stemming from a compromised third-party AI tool. The breach led to unauthorized access to Vercel's internal systems and customer data, ...
In April 2026, Mercor, an AI recruiting startup valued at $10 billion, confirmed it was impacted by a supply chain cyberattack stemming from a compromise of the open-source LiteLLM project. This confirmation followed claims by the Lapsus$ extortion gr...
In November 2025, Salesforce confirmed it was investigating a security incident involving unusual activity within Gainsight-published applications connected to its platform. The investigation revealed that unauthorized access to certain customers' Sal...
In August 2025, Google confirmed that one of its corporate Salesforce instances was breached in June by the cybercriminal group ShinyHunters, also tracked as UNC6040, resulting in the theft of customer data. This incident is part of a larger wave of a...
In October 2025, security researcher Johann Rehberger discovered a vulnerability in Anthropic's Claude AI model that allows for the exfiltration of private data through indirect prompt injection. The attack involves injecting malicious instructions in...
In September 2025, Zscaler, along with numerous other organizations, disclosed a data breach stemming from a supply chain attack targeting Salesloft Drift, a marketing automation platform integrated with Salesforce. The threat actor, identified as UNC...
In August 2025, KLM Royal Dutch Airlines and Air France disclosed a data breach stemming from unauthorized access to a third-party platform used for customer service. The incident exposed personal data of customers who had previously contacted custome...
In July 2025, a series of significant cybersecurity incidents came to light, impacting various sectors globally. McDonald's faced a major data breach due to a glaring security lapse in its AI-powered hiring platform, McHire. Security researchers disco...
Cyber Security Case Studies has worked with a number of groups to develop these risk effect categories which represent a plain-english description of the impacts seen in public cyber events alongside their definition: