Point of View

In a plot twist that sounds suspiciously like the opening act of a tech-noir film, a federal judge has ordered OpenAI to preserve all user chat logs, including the ones you thought you deleted and mentally erased after oversharing a bit too much in a "temporary" chat. Yes, those chats. The ones where you dropped snippets of proprietary code, brainstormed with sensitive client info, or asked GPT to rewrite your performance review like Shakespeare with a grudge.

Now, these chats must be stored. Forever. Even though OpenAI’s privacy policy basically promised users they could “delete chats anytime.” Apparently, that policy now comes with an invisible asterisk that says: unless a federal judge has other ideas.

Naturally, this raises the sort of tiny concerns like massive GDPR violations, breaches of user consent, and the philosophical question of whether a deleted chat was ever really deleted at all. So, if your company jumped on the “AI-powered workplace” bandwagon and forgot to read the terms and conditions (spoiler: everyone did), it might be time for a little data hygiene, or at least a GDPR lawyer on speed dial.

Meanwhile, in what reads like a rejected Mission: Impossible script, a shadowy hacktivist group called Predatory Sparrow, which may or may not be backed by Mossad, depending on which cyber-gossip you trust, has declared digital jihad on Iran’s financial systems.

They publicly announced their attack on Bank Sepah (subtlety clearly not their forte), accusing it of violating sanctions and funding everything from nuclear programs to regional chaos. The result? ATMs shut down, branches closed, and Iran pulled the plug on its entire internet infrastructure like a parent yanking the Wi-Fi because their kid won’t stop playing Fortnite.

Before the lights went out, Predatory Sparrow also hit Nobitex, Iran’s biggest crypto exchange. Not content with a mere takedown, they dumped the source code to Telegram and reportedly absconded with over $90 million in cryptocurrency, only to yeet the funds into random, inaccessible wallets like some kind of blockchain Banksy.

Let that sink in: the largest burn of stolen crypto in history, and it was accompanied by a Telegram drop and some anonymous political sass. Somewhere, North Korean hackers are quietly slow-clapping.

And finally, the mainstream media is hyperventilating over the claim that 16 billion passwords have been leaked. Again. For what feels like the 14th time this decade. Let’s all take a deep breath.

Yes, the number sounds terrifying. No, it’s not a fresh breach of biblical proportions. What we’re looking at here is another charming casserole of ULPs (Username-Login-Passwords) scraped from years of stealer logs, data breaches, shady dark web forums, and malware-infected machines. Think of it like the cybersecurity version of a garage sale, some of it is junk, some of it’s already been leaked, and a tiny bit might still be valuable (to someone using the same Netflix password since 2012).

If you’re using the same login for your gym, your bank, and your “totally anonymous” fan fiction forum, maybe consider mixing it up. Otherwise, don’t panic. Just update your passwords, use a password manager, and try not to yell “THE SKY IS FALLING” every time someone finds a dusty old credential dump online.

TL;DR:

- Your "temporary" ChatGPT chats might outlive you.
- Mossad’s favourite sparrows have expensive taste in crypto.
- And unless your password is still “letmein” or “iloveyou,” you’re probably fine.

Sleep tight, digital citizens. The internet’s got jokes, and lawsuits.

Scan Any Domain for Free https://breachaware.com/scan

This months cyber spotlight, vulnerability chat & privacy headlines.

Crypto Kidnappings, DragonForce Ransomware, and Global Privacy Shakeups.
https://breachaware.com/research/crypto-kidnappings-dragonforce-ransomware-and-global-privacy-shakeups
A total of 22 breach events were found and analysed resulting in 6,199,513 exposed accounts containing a total of 39 different data types of personal datum. The breaches found publicly and freely available included ULP Alien TxT File - Episode 15, ULP 0022, Stealer Log 0529, Stealer Log 0530 and National Centre for Disaster Risk Assessment, Prevention, and Reduction - Peru.

Dark Web Cracks, Student Hacker Falls, and BreachForums Rises Again.
https://breachaware.com/research/dark-web-cracks-student-hacker-falls-and-breachforums-rises-again
A total of 16 breach events were found and analysed resulting in 1,917,577 exposed accounts containing a total of 28 different data types of personal datum. The breaches found publicly and freely available included ULP 0023, Stealer Log 0531, Aire de Fiesta, Brazilian Consumer Database and Silver Falls Capital.

Bidencash Seized, Brutecat’s Google Hack, Wazuh Exploited.
https://breachaware.com/research/bidencash-seized-brutecats-google-hack-wazuh-exploited
A total of 17 breach events were found and analysed resulting in 6,296,420 exposed accounts containing a total of 26 different data types of personal datum. The breaches found publicly and freely available included ULP 0025, ULP Alien TxT File - Episode 16, Instituto Nacional de Transporte Terrestre (INTT), Infusion Mobile and Epsilor.

Trickbot Kingpin Doxxed, Google Outage, BreachForums Sold.
https://breachaware.com/research/trickbot-kingpin-doxxed-google-outage-breachforums-sold
A total of 24 breach events were found and analysed resulting in 5,426,979 exposed accounts containing a total of 34 different data types of personal datum. The breaches found publicly and freely available included Darty, Stealer Log 0533, Shadow, Stealer Log 0532 and EloBuddy.

Dark Web Crackdowns, CVE Wave, Global Privacy Tensions Rise.
https://breachaware.com/research/dark-web-crackdowns-cve-wave-global-privacy-tensions-rise
A total of 12 breach events were found and analysed resulting in 14,927,673 exposed accounts containing a total of 33 different data types of personal datum. The breaches found publicly and freely available included Alien TxT File - Episode 17, Cetdigit, ULP 0026, Stealer Log 0534 and CarderPro.

Last month, a company that previously enjoyed the luxury of complete anonymity (and probably preferred it that way) has stumbled loudly back into the spotlight. Meet TeleMessage, the enterprise grade archiving software solution that cheerfully scoops up messages from Signal, Telegram, WhatsApp, WeChat, SMS, MMS, and even good old fashioned voice calls. Think of it as a digital hoover for your entire communications history, because compliance is sexy now.

The company made its first cameo appearance in the headlines when sharp-eyed members of the press caught U.S. national security adviser Mike Waltz casually launching the app on his phone. Turns out, since February 2023, U.S. authorities have been using TeleMessage not just as a toy, but as a mandatory workplace surveillance tool. According to its marketing, TeleMessage helps “protect data and ensure compliance,” which in this case translates loosely to: “We archive everything you say so your government boss doesn’t get fined.”

But while TeleMessage is great at compliance, its security posture appears to be held together with duct tape and optimism. A threat actor claims they broke in, and I wish I were kidding, within 15 to 20 minutes. That’s barely enough time to make a cup of tea, let alone compromise the inner sanctum of a supposedly secure government-adjacent comms archiver. The result? 415GB of juicy plain text dumps, complete with metadata like sender, recipient, timestamp, and all the breadcrumbs any aspiring cybercriminal could ever dream of.

Meanwhile, over in France, home of croissants, strikes, and now possibly compromised legislators, a threat actor has popped up on a dark web forum to announce they’ve been snooping on a French senator. This isn’t your usual "we found some leaked emails" post either. The hacker claims they had live access to sensitive communications, including pre-publication legislative drafts, internal coordination docs, media contacts, and private correspondence that, frankly, wasn’t meant for your eyes or mine.

The hacker ominously closes their message with: “This is not a leak. Not yet. This is a signal. A controlled detonation.”

Chilling stuff, though admittedly a bit theatrical. Ten points for style, I guess?

In other surveillance adjacent absurdity, Microsoft has unveiled its latest dystopian nightmare disguised as a feature: Recall, an AI-driven tool that takes periodic screenshots of your desktop “for your convenience.” You know, so you can search your screen history like a time travelling intern. Great idea. Nothing could possibly go wrong.

Except, of course, within days of this being announced, security researchers found ways to extract these screenshots from memory, because apparently no one at Microsoft has ever met a hacker before. And in what can only be described as a cyberpunk plot twist, Signal stepped in with the kind of elegant resistance we’d all hoped for. Their solution? DRM. Yes, the same annoying tech that prevents you from screen grabbing your favourite Netflix show now doubles as a privacy shield. If Recall tries to screenshot your Signal app window, it’ll get nothing but a blank space, and not the Taylor Swift kind.

Microsoft: "We want to improve productivity by logging your every move."
Security community: "We'd rather eat a firewall than let that fly."

So, to summarise:
- TeleMessage is unintentionally starring in its own zero-day soap opera,
- A hacker has turned a French senator’s inbox into a suspense novel,
- Microsoft invented a surveillance tool and called it a “feature,” and
- Signal decided to throw a digital pie in their face.

What a month. Back to you, compliance officers.

Scan Any Domain for Free https://breachaware.com/scan

This months spotlight, vulnerability chat & privacy headlines.

When CEOs Hack, xAI Fumbles, and Your iPhone Becomes a Brick.
https://breachaware.com/research/when-ceos-hack-xai-fumbles-and-your-iphone-becomes-a-brick
A total of 22 breach events were found and analysed resulting in 19,421,865 exposed accounts containing a total of 35 different data types of personal datum . The breaches found publicly and freely available included ULP Alien TxT File - Episode 11, Doxagram, Grayscale, Underworld Empire Forums and ULP 0017.

LockBit Gets Hacked (Again), $45M Vanishes from Coinbase, and Bootleg Signal Apps Blow Up.
https://breachaware.com/research/lockbit-gets-hacked-again-45m-vanishes-from-coinbase-and-bootleg-signal-apps-blow-up
A total of 19 breach events were found and analysed resulting in 34,462,844 exposed accounts containing a total of 28 different data types of personal datum . The breaches found publicly and freely available included VNG Corporation, Pluto TV, ULP Alien TxT File - Episode 12, NextGenUpdate and CNZZ.

VXU Threatened, Coinbase Whales Scammed, Google Fined Big, and Fresh Zero Days all Around.
https://breachaware.com/research/vxu-threatened-coinbase-whales-scammed-google-fined-big-and-fresh-0-days-all-around
A total of 26 breach events were found and analysed resulting in 28,611,135 exposed accounts containing a total of 30 different data types of personal datum . The breaches found publicly and freely available included ULP Alien TxT File - Episode 13, ULP 0019, Email Panther, ULP 0020 and Stealer Log 0526.

Lumma seized, CISA fumbles, scammy forums implode, and critical vulns keep stacking.
https://breachaware.com/research/lumma-seized-cisa-fumbles-scammy-forums-implode-and-critical-vulns-keep-stacking
A total of 22 breach events were found and analysed resulting in 10,356,354 exposed accounts containing a total of 30 different data types of personal datum. The breaches found publicly and freely available included ULP Alien TxT File - Episode 14, Amazon (Internal), Dow University of Health Sciences, Romano-American Mossad Political Networks and ULP 0021.

If you logged into your favourite cybercrime forum this week and found nothing but tumbleweeds and 404s, you’re not alone. A couple of well known underground hacking forums have either gone on holiday or been vaporised entirely. It's unclear if they’ve shut down for good or just doing the digital equivalent of pretending they’re not home when the FBI knocks.

One particularly loud mouthed Russian speaking hacking forum seems to be having clearnet issues which, in their line of work, is about as surprising as a crypto rug-pull. Meanwhile, the BreachForums drama is still going strong. Ever since it got Thanos snapped out of existence by activist group Dark Storm, new forums have been popping up like dodgy pop-ups on a torrent site. Some are clearly scams, others are actual contenders, and a few are probably honeypots with great UI.

The "new" BreachForums is apparently being run by several of the old moderators, but let’s just say the reunion tour hasn’t been warmly received. Former users have trust issues (shocking, I know) and aren’t quite rolling out the welcome mat. Oh, and ShinyHunters, the data breach supervillains behind attacks on Tokopedia, AT&T, and your local grandmother’s cookie blog, have vanished. No tweets. No leaks. Just silence. Either they’ve quit the game, or they’re watching from a cabana in a jurisdiction with no extradition.

And now, to the bureaucratic circus: The U.S. Department of Government Efficiency (DOGE, no, not a meme, it’s a real agency, tragically not funded by Elon Musk) recently decided to pull funding from MITRE. Yes, MITRE, the same folks responsible for the CVE Program, which helps the world not burn down every time someone writes insecure JavaScript.

Cue the collective meltdown from every corner of InfoSec Twitter and the more vocal corners of dark web chatrooms. Surprisingly, DOGE did a reverse Uno card and reinstated funding almost immediately, likely after realising that pulling the plug on the CVE database is like taking away a fire extinguisher during a grease fire. For context, MITRE has been handed around $1.5 billion since 2008. Pricey? Sure. But still cheaper than letting everything go full Equifax every week.

Now, here’s the part where Europol enters like a law enforcement John Wick. Teaming up with Bavarian State Police and 35(!) other countries, they helped shut down a truly horrific CSAM darknet site called "Kidflix" because apparently there's no bottom to the naming choices of depraved criminals.

From April 2022 to March 2025, this nightmare of a site hosted over 91,000 unique CSAM videos and attracted 1.8 million users. But here’s the good news:
- 1,400 users identified
- 79 arrests made
- And 39 children rescued

It’s a horrifying case, but it does show what can happen when law enforcement agencies put their heads together and decide to actually clean up the internet rather than just hold awkward press conferences about it.

So yes, the dark web is in disarray, bureaucrats are still confused by what the internet actually is, and law enforcement is finally making moves that actually matter. If nothing else, it’s been an eventful week and I, for one, am running low on popcorn.

Scan Any Domain for Free https://breachaware.com/scan

Data Breach, Vulnerability & Privacy Research this Month

Cybercrime Crackdowns, Cloud Denials, and Vanishing Professors.
https://breachaware.com/research/cybercrime-crackdowns-cloud-denials-and-vanishing-professors
A total of 18 breaches were found and analysed resulting in 22,619,144 leaked accounts containing a total of 34 different data types. The breaches found publicly and freely available included ULP Alien TxT File - Episode 8, ULP 0012, Hisense USA, Florida Department of State and Aiudo.

VPN Cracks, Dark Web Upgrades & Meta’s Make or Break Trial.
https://breachaware.com/research/vpn-cracks-dark-web-upgrades-and-metas-make-or-break-trial
A total of 28 breaches were found and analysed resulting in 27,088,911 leaked accounts containing a total of 29 different data types. The breaches found publicly and freely available included ULP Alien TxT File - Episode 9, ULP 0013, Breach.VIP, Boulanger and V-Tight Gel.

Patches, Psyops & Paranoia.
https://breachaware.com/research/patches-psyops-and-paranoia
A total of 14 breaches were found and analysed resulting in 5,870,230 leaked accounts containing a total of 23 different data types. The breaches found publicly and freely available included Alien TxT File - Episode 10, ULP 0014, Alshaya Group, Stealer Log 0522 and Puppy Finder.

Fine Wine, Fast Bugs, and Forum Drama.
https://breachaware.com/research/fine-wine-fast-bugs-and-forum-drama
A total of 30 breaches were found and analysed resulting in 15,193,862 leaked accounts containing a total of 29 different data types. The breaches found publicly and freely available included Quality Used Transmissions, ULP 0016, Telmex, ULP 0015 and AlfaStrakhovanie Group.

Britain’s new Online Safety Act just went live, and in its first week, it’s already caused a mass extinction event for small online communities. Thanks to the government's obsession with “safety”, running a simple forum now requires enough paperwork to make a tax auditor jealous.

If you own a website or forum and haven’t filed the right risk assessments, you could face:
- An £18 million fine (because that totally seems fair for a hobbyist forum)
- 10% of your turnover (if you even have one)
- Domain seizures and website takedowns

Basically, if one random user offends someone and you don’t delete it fast enough, congratulations! You’re now financially ruined.

It’s already taken out London Fixed Gear and Single Speed (LFGSS), a father’s rights forum, and even a hamster forum. Yes. A hamster forum. Apparently, discussing wheel sizes and seed mixes is now a national security risk.

And who’s enforcing this Orwellian nightmare? Ofcom. That’s right, the same regulatory body that spent years policing whether people on TV said the F-word before 9PM is now the internet’s judge, jury, and executioner.

At this rate, the only things left standing on the British internet will be government-approved news sites and Facebook groups about knitting.

The UK’s Crime and Policing Bill: Your Front Door is Now Optional
As if shutting down speech wasn’t enough, the UK government is also giving the police some fresh new powers that look like they were drafted by someone who read 1984 and thought, “Yeah, this sounds great.”

Let’s take a peek at some of the highlights:

Police can now suspend IPs and domain names, so not only can they shut down your website for failing to moderate someone’s spicy take, they can also wipe it off the internet entirely.

Confiscation of cash, vehicles, and assets, no conviction required. That’s right, folks! You don’t actually need to be guilty of anything anymore for the police to take your stuff. Just having the wrong vibes might be enough.

Clause 93: Search Without a Warrant Based on “Electronic Tracking Data.”
This one is a doozy. If the police think a stolen item has ever been near your house, they can now break down your door without a warrant. What’s that? You live in a block of flats? Sucks for you, good luck proving you weren’t involved when they come tearing through your place because a stolen laptop pinged a Wi-Fi network in the building.

Oh, and imagine if a malicious hacker sends you a parcel with a GPS tracker inside and then reports it as stolen. Congratulations! Enjoy your complimentary police raid.

Because nothing says justice like battering down doors based on dodgy Bluetooth signals.

TL;DR:
The UK has decided small websites are too dangerous to exist.
- A hamster forum is now a national security threat.
- The police can raid your home because a stolen phone once walked past it.
- Your bank account, car, and life savings can now disappear without a conviction.

At this rate, the British government will be installing CCTV in your kettle by next year. Welcome to the UK Firewall, comrades!

Scan Any Domain for Free https://breachaware.com/scan

Data Breach, Vulnerability & Privacy Research this Month

Lockbit Birthday Wishes, Russian Ransomware Celebs & Privacy Fails.
https://breachaware.com/research/lockbit-birthday-wishes-russian-ransomware-celebs-and-privacy-fails
A total of 22 breaches were found and analysed resulting in 92,498,711 leaked accounts containing a total of 32 different data types. The breaches found publicly and freely available included Special K, ULP 0005, TGBUS, ULP 0004 and DangDang.

Bybit’s $1.5B Crypto Fumble, Lazarus' Perfect Heist & Cybersecurity Madness.
https://breachaware.com/research/ybits-1b-crypto-fumble-lazarus-perfect-heist-and-cybersecurity-madness
A total of 20 breaches were found and analysed resulting in 38,793,636 leaked accounts containing a total of 30 different data types. The breaches found publicly and freely available included ULP Alien File - Episode 1, Angel One, ULP 0006, Stealer Log 0511 and Stealer Log 0512.

Deepfake Scam Targets YouTubers.
https://breachaware.com/research/deepfake-scam-targets-youtubers-and-lockbit-hacker-extradited
A total of 12 breaches were found and analysed resulting in 80,379,926 leaked accounts containing a total of 27 different data types. The breaches found publicly and freely available included ULP Alien File - Episode 2, Digitel, Kilts and Kilts, Mr Excel and Stealer Log 0513.

France Rejects Encryption Ban & North Korean Hackers Exposed
https://breachaware.com/research/france-rejects-encryption-ban-and-north-korean-hackers-exposed
A total of 17 breaches were found and analysed resulting in 103,560,038 leaked accounts containing a total of 34 different data types. The breaches found publicly and freely available included ULP Alien TxT File - Episode 3, ULP Alien TxT File - Episode 4, ULP Alien TxT File - Episode 5, Business Emails (CRM Database) and ULP 0007.

Following up on this month’s eyebrow raising transaction from Bybit, the world’s second largest crypto exchange, we now have confirmation from blockchain Sherlock Holmes himself, ZachXBT. Yes, folks, it was a "security incident." (And by "incident," we mean the biggest crypto heist in history.)

Turns out our old friends from North Korea’s Lapsus$ crew, yes, the same folks keeping Rocket Man’s missile budget healthy, managed to swipe $1.5 billion in Ethereum. How? Simple. They finessed a phishing site so convincing, the CEO probably thought he was just doing his usual cold to hot wallet shuffle. Except this time, instead of transferring funds to the actual exchange, he generously wired them to a wallet owned by Kim Jong-un’s piggy bank.

You really have to admire the craft. This wasn’t your run of the mill phishing email saying, “Dear sir, urgent action required.” Nope. This was months of prep, insider level details, and a portal so identical even his password manager probably applauded.

Biggest crypto heist ever. And honestly? At this point, North Korea might as well list “professional crypto thief” as its top GDP contributor.

UK vs. Apple ADP: The Fight to Make Everyone Less Safe.

The British government, in its ongoing quest to protect literally no one, has been demanding Apple disable Advanced Data Protection (ADP), because, you know, “think of the children.”

Of course, if you have even a speck of common sense, you'll realise that criminals, spies, and hackers aren’t exactly sitting around using iCloud backups. No, the only people this really affects are regular folks who want their family photos, private messages, and embarrassing karaoke videos kept under wraps without having to earn a PhD in encryption.

Meanwhile, journalists in war zones, activists under oppressive regimes, and basically anyone doing something important with sensitive data? Yeah, they're the ones getting hung out to dry. But hey, who needs privacy when you’ve got performative legislation that makes no one safer?

Cheers to the UK government for protecting democracy by undermining it.

Amazon’s "Just Walk Out" Stores: Surprise! It’s Just People.

Ah yes, Amazon’s “Just Walk Out” stores, the tech marvel where AI magically tracks your every move so you can grab your snacks and leave without fuss. Except… plot twist! The "AI" was actually 1,000 humans in India watching us like we’re contestants on Big Brother: Grocery Edition.

That’s right, behind the scenes of what you thought was cutting edge machine learning, there were real people manually tagging videos and making sure Karen didn’t "accidentally" leave with five unpaid rotisserie chickens.

Amazon, of course, denied it. “They’re just helping train the AI!” they claimed. Sure. And I’m just helping my dog “learn” by doing his taxes.

Either way, Amazon’s now ditching the whole operation in favour of the classic barcode scanners, which beep with all the joy of a 2003 checkout lane. So the dream of a robot-run grocery utopia has officially been downgraded to humans with price guns.

Progress.

TL;DR of the Month:
- North Korea’s got $1.5 billion of Ethereum and probably a new theme park on the way.
- The UK wants to fight crime by making sure your private data is up for grabs.
- Amazon’s AI is actually just Dave from Delhi watching you buy Doritos.

Catch you next month, where I’m sure someone else will accidentally wire their life savings to North Korea and Facebook will declare Python a biohazard.

Scan Any Domain for Free https://breachaware.com/scan

Data Breach, Vulnerability & Privacy Research this Month

Feds Take Down Major Cybercrime Hubs.
https://breachaware.com/research/feds-take-down-major-cybercrime-hubs
A total of 15 breaches were found and analysed resulting in 3,010,005 leaked accounts containing a total of 26 different data types. The breaches found publicly and freely available included Strong Current, Email Data Pro, Stealer Log 0506, Lapor GO and International Olympiad Foundation.

OpenAI Hack? Hacker Claims Access to 20M Accounts
https://breachaware.com/research/hacker-claims-20m-openai-stolen-credentials
A total of 12 breaches were found and analysed resulting in 18,201,867 leaked accounts containing a total of 27 different data types. The breaches found publicly and freely available included ULP 0001, Corporation.de, Buddy Loan, ULP 0002 and Stealer Log 0507.

Doxbin Drama, Another Day, Another Leak
https://breachaware.com/research/doxbin-drama-another-day-another-leak
A total of 24 breaches were found and analysed resulting in 23,332,681 leaked accounts containing a total of 36 different data types. The breaches found publicly and freely available included Indian DataBase Package, Stealer Log 0508, Chess, LinkedIn (Executive Profiles) and Traderie.

UK’s Snooper’s Charter Strikes Again, Apple Backs Down.
https://breachaware.com/research/uk-snoopers-charter-strikes-again-apple-backs-down
A total of 15 breaches were found and analysed resulting in 2,096,737 leaked accounts containing a total of 29 different data types. The breaches found publicly and freely available included Mexican Citzen Database, Tout, SweClockers, Q-Depot and Autogedal.

The FBI has been playing whack-a-mole with cybercrime websites, seizing four notable forums and marketplaces last week. Cracked.io and Nulled.to, which range from “wannabe ethical hackers” to “full-on cybercriminal central,” have been taken offline. StarkRDP.io, an RDP hosting service with a suspiciously sketchy clientele, was also snatched up. And finally, MySellix.io, the Amazon for stolen goods, was supposedly seized… except it’s still up and running like nothing happened.

Why? Honeypot theory. The best way to catch cybercriminals is to let them log in as if nothing’s wrong and quietly collect their credentials. Picture a hacker entering their stolen login details only to realise they’ve just handed the FBI their entire criminal resume. Oops.

Facebook Declares Linux is Malware

The Dumbest Thing This Week

In a mind-blowing display of tech illiteracy, Facebook’s internal policy makers have decided that Linux is malware. That’s right, the operating system that powers 96.6% of the top web servers, 70% of all global infrastructure, and Facebook’s own data centres has been flagged as a security risk.

Linux discussion groups? Banned.
Posts about Linux? Removed.
Facebook engineers trying to fix this nonsense… probably banned too.

This isn’t just dumb, it’s so dumb that it loops back around to being impressive. The best part? As of writing, some Linux links and posts are still flagged, so either Facebook’s AI has gone rogue, or Zuckerberg’s been tricked into thinking Windows XP is the future.

We can only hope they fix this soon, or that Facebook admits it’s actually the real malware.

Fire Scam Malware

When Free Telegram Premium Costs You Everything

If you're the kind of person who sees "Free Telegram Premium" and thinks "Oh sweet, free stuff!", congratulations, you’re exactly the target for Fire Scam, a nasty new Android malware.

Here’s the scam:
1. You visit a phishing site or even the RU Store, a Russian Android app store.
2. You download what you think is Telegram Premium, but surprise, it’s malware!
3. Fire Scam installs an infostealer, scanning for passwords, private keys, and session tokens.
4. Your sensitive data is exfiltrated faster than a crypto rug pull.

What makes Fire Scam particularly evil is its use of DexGuard, a tool normally used by game developers to prevent cheating. But in this case, it's being used to bypass antivirus detection, making it harder to detect than a government spy at a hacker convention.

So, lesson of the day: if something premium is offered for free, assume the only thing you’ll be getting is a virus and a very bad day.

Final Thoughts

This week’s cybersecurity news has it all the FBI setting honeypots, Facebook embarrassing itself on a global scale, and Android users getting owned for being cheap. If this trend keeps up, next week we might find out that Microsoft Word has been classified as a terrorist organisation or that Windows 11 is secretly mining Bitcoin for the NSA.

Stay safe out there, and remember:
- Don’t log into seized cybercrime sites.
- Linux is NOT malware (but Facebook’s brain might be).
- If it’s “too good to be true,” it’s probably stealing your data.

Scan Any Domain for Free https://breachaware.com/scan

Data Breach, Vulnerability & Privacy Research this Month

Ransomware incidents increased by 10% in 2024.
https://breachaware.com/research/ransomware-incidents-increased-by-10-percent-in-2024
A total of 13 breaches were found and analysed resulting in 9,885,988 leaked accounts containing a total of 23 different data types. The breaches found publicly and freely available included Job and Talent [2], XP Game Plus, Prixet Technology, Stealer Log 0502 and Maxxecom.

Fire scam malware masquerading as a Telegram premium app.
https://breachaware.com/research/fire-scam-malware-masquerading-as-a-telegram-premium-app
A total of 21 breaches were found and analysed resulting in 3,896,922 leaked accounts containing a total of 29 different data types. The breaches found publicly and freely available included Amai, Gift Flora, Religare Broking, Stealer Log 0503 and PnP.

Insurance company being sued for violating privacy of 45 million Americans.
https://breachaware.com/research/insurance-company-being-sued-for-violating-privacy-of-45-million-americans
A total of 36 breaches were found and analysed resulting in 9,251,596 leaked accounts containing a total of 37 different data types. The breaches found publicly and freely available included Guardian Industries, Ptt HGS, PPL Electric Utilities, Emias and Excellanto.

Your Router Might Be a Hacker’s Playground
https://breachaware.com/research/your-router-might-be-a-hackers-playground
A total of 26 breaches were found and analysed resulting in 10,232,404 leaked accounts containing a total of 34 different data types. The breaches found publicly and freely available included Chinese Software Developer Network (CSDN), Club Penguin Rewritten, Doxbin Paste, Stealer Log 0505 and bombuj.

TP-Link routers are so cheap you’d think they’re running a “Buy One, Get the FBI’s Attention Free” sale. With the U.S. government considering an outright ban, the company is in hot water over alleged national security risks. A quick glance at the CVE database for these routers reveals more holes than Swiss cheese, with vulnerabilities like buffer overflows and remote code executions popping up year after year. Coincidence? Maybe. Suspicious? Absolutely.

And then there’s the pricing. U.S. laws prohibit selling products at a loss, but TP-Link’s rock-bottom prices have lawmakers wondering if the routers are subsidised by… let’s call it “alternative motives.” If they’re banned, brace yourself: router chaos will ensue, with small businesses and penny-pinching consumers storming Best Buy in search of a budget-friendly replacement.

The DHS Social Media Keyword List

The Department of Homeland Security’s recently released list of monitored social media keywords is a real rollercoaster. Some are obvious, like "dirty bomb" or "Al Qaeda" (even with the creative misspellings). But others, like "storm," "help," and "sick," seem plucked from the Word of the Day calendar.

Let’s be real: if bad actors are plotting something nefarious, they’re not going to post, "Planning to use a DIRTY BOMB tomorrow!" They’ll probably use emojis, code words, or just good old-fashioned subtweeting. Meanwhile, innocent posts like, "Help, I’m sick from the storm," might send DHS analysts on a wild goose chase to Grandma’s house.

Hydra Market: From Dead Drops to Dead Ends

Hydra Market was the Amazon of Illicit Goods, with 17 million customers, 19,000 vendors, and a “dead drop” service that made hiding drugs under park benches feel like a national pastime. They didn’t just sell drugs; they mastered the supply chain, from manufacturing to delivery, and even diversified into hacking tools and money laundering. Basically, Hydra Market was Breaking Bad meets DoorDash.

But after a seven year game of cat and mouse, law enforcement finally took it down with Operation Hydra Squash (probably not its real name). They seized 1 tonne of drugs, $25 million in Bitcoin, and a cache of cars and properties. Stanislav Moiseyev and his 15 merry employees are now facing sentences ranging from 8 to 23 years, which leaves plenty of time to think about how “creative entrepreneurship” doesn’t always pay off.

One former customer reminisced about Hydra’s dead-drop service: "They’d hide packages under benches and text you the GPS coordinates." Imagine geocaching, but instead of finding a cute trinket, you find… well, let’s just say not family friendly items.

The Takeaway

Whether it’s routers that double as digital sieves, keyword confusion that could make Grandma suspicious, or darknet dealers getting their comeuppance, this month's news has something for everyone. It’s a wild world out there, stay secure, keep your routers updated, and maybe think twice before geocaching near that sketchy bench in the park.

Scan Any Domain for Free https://breachaware.com/scan

Data Breach, Vulnerability & Privacy Research this Month

Europol and Eurojust take down gang running IPTV service.
https://breachaware.com/research/europol-and-eurojust-take-down-gang-running-iptv-service
A total of 36 breaches were found and analysed resulting in 10,069,922 leaked accounts containing a total of 33 different data types. The breaches found publicly and freely available included Stealer Log 0498, Amazon, diet.com, My Sex Shop and The Real World - Hustlers University.

At its peak Hydra-Market had 17 million customers and 19K vendors.
https://breachaware.com/research/at-its-peak-hydra-market-had-17-million-customers-and-19k-vendors
A total of 28 breaches were found and analysed resulting in 17,207,079 leaked accounts containing a total of 24 different data types. The breaches found publicly and freely available included Mathway [2], Huntstand, Dennis Kirk, Farmapatria and SIAPE.

File hosting service that allegedly allowed CSAM and loli porn knocked offline.
https://breachaware.com/research/file-hosting-service-that-allegedly-allowed-csam-and-loli-porn-knocked-offline
A total of 24 breaches were found and analysed resulting in 5,663,215 leaked accounts containing a total of 33 different data types. The breaches found publicly and freely available included Metro Cash & Carry, Blue Ocean Gaming, Golem Network, Stealer Log 0500 and Grey Star Jewellery.

Operation 'power off' seize 27 stressor services.
https://breachaware.com/research/operation-power-off-seize-27-stressor-services
A total of 24 breaches were found and analysed resulting in 14,282,547 leaked accounts containing a total of 28 different data types. The breaches found publicly and freely available included White Pages [2], Wife Lovers, Qraved, Stealer Log 0501 and CentraCare.