Point of View

First up: X, formerly known as Twitter (but let’s be honest, still Twitter).
Rumour has it they’ve had a little “security incident.” A cyber gang allegedly slid into VX-Underground’s DMs with screenshots of an Okta account belonging to an X employee. The internet promptly split into two camps:
- Camp A: “Holy hell, they popped Twitter again!”
- Camp B: “That’s just Photoshop with a Red Bull problem.”

Was it a breach? Was it an AI-generated fever dream? Nobody knows. But one thing’s certain: if it was real, Elon is probably already drafting a tweet blaming the woke mind virus. Time will tell.

Then we have the BBC ransomware almost-caper. This one reads like a rejected Black Mirror script. The Medusa ransomware gang tried to recruit a BBC insider, except instead of targeting someone with actual admin access, they messaged… a cybersecurity reporter. Yes, a guy who literally writes articles about ransomware. Smooth, lads.

The reporter, being a journalist (and therefore contractually obligated to stay curious), played along. Medusa dangled 0.5 BTC as a down payment and promised him 15–25% of whatever ransom they squeezed out of Auntie Beeb. “You’ll never have to work again,” they bragged.

Cute pitch. Only slight snag: laundering millions in crypto isn’t exactly as easy as cashing in your Tesco Clubcard points. And their follow-up move? Spamming the poor reporter with MFA requests in an attempt to “test something.” I mean… come on. You can’t make this stuff up. In the end, the Beeb yanked the journo’s access, Medusa went back to the drawing board, and the reporter walked away with one hell of a story.

Meanwhile, in Manchester: VAAS (Violence-as-a-Service) reared its very ugly head. Yes, you read that right, violence is now available as a subscription model. Forget “Ransomware-as-a-Service.” We’re in the age of Uber with brass knuckles.

Case in point: thugs broke into the home of an elderly woman in her 80s, beat her up, and trashed her house, all because they were looking for someone else entirely. Horrific. And all because someone, somewhere, paid for a beatdown via the dark web’s new gig economy.

Now here’s the kicker: the actual target in this case was allegedly involved in producing CSAM and zoophilia content (yes, the worst of the worst). So, was the attack “justice” or just straight-up reckless brutality? Doesn’t matter. The granny should never have been caught in the crossfire. If VAAS really wants to market itself as the cyber underworld’s new ethical enforcement service, maybe step one should be: “don’t assault pensioners.” Just saying.

So, to recap the chaos:
- Twitter might have been breached… or maybe someone just had too much fun with MidJourney.
- A ransomware gang tried to bribe a journalist, proving that even criminals can’t be bothered to do proper LinkedIn recon.
- And VAAS reminded us that the dark web’s version of Deliveroo is just as messy and morally bankrupt as you’d expect.

Honestly, the underground economy keeps finding new ways to make late-stage capitalism look boring.

Smarter Protection Starts with Awareness
Data Breach Scan, Check Any Domain for Free https://breachaware.com/scan

This months cyber spotlight, vulnerability chat & privacy headlines.

Hackers Pay for Tattoos, Cloudflare Mocked, and Ransomware Cartel Dreams.
https://breachaware.com/research/hackers-pay-for-tattoos-cloudflare-mocked-and-ransomware-cartel-dreams
A total of 26 breach events were found and analysed resulting in 21,504,511 exposed accounts containing a total of 27 different data types of personal datum. The breaches found publicly and freely available included ULP Alien TxT File - Episode 22, Skyeng, LinkedIn [sample data], QQ Mail and Allianz Life.

Leaked LLM Chats, PomPompurin Sentenced, and LAPSUS$ Bows Out.
https://breachaware.com/research/leaked-llm-chats-pompompurin-sentenced-and-lapsuss-bows-out
A total of 22 breach events were found and analysed resulting in 10,974,592 exposed accounts containing a total of 31 different data types of personal datum. The breaches found publicly and freely available included ULP Alien TxT File - Episode 23, Slate and Tell, WoW Health, My Conan and Humanists Community in Silicon Valley (HCSV).

ShinyHunters’ Fake Retirement, Baphomet Returns, and New Mega-Flaws.
https://breachaware.com/research/shinyhunters-fake-retirement-baphomet-returns-and-new-mega-flaws
A total of 35 breach events were found and analysed resulting in 14,577,201 exposed accounts containing a total of 36 different data types of personal datum. The breaches found publicly and freely available included ULP Alien TxT File - Episode 24, ULP 0032, Stealer Log 0541, Yellowpages Directory and College Dekho.

Violence-as-a-Service Emerges, ShinyHunters Escalate, and New Mega-Flaws.
https://breachaware.com/research/violence-as-a-service-emerges-shinyhunters-escalate-and-new-mega-flaws
A total of 9 breach events were found and analysed resulting in 5,897,816 exposed accounts containing a total of 21 different data types of personal datum. The breaches found publicly and freely available included Bouygues Telecom, American Income Life, Wagner Technical Services, Coinbase (sample data) [2] and Chinese Adult Forum.

So, the internet has outdone itself again. A Reddit post went viral this month, and let me tell you: privacy advocates are crying into their Signal chats, while law enforcement officers are slamming their foreheads into their desks hard enough to reboot Windows 95.

Here’s the setup: some Redditor casually admits they’re being paid $250 a month by a “residential IP network provider” (read: dodgy-as-hell proxy company) to host devices in their home. And no, that’s not a typo, they’re literally renting out their internet connection to strangers.

They even bragged that the company pays their DSL bill. How generous! Nothing screams “definitely not shady” like free broadband from a company that slid into your DMs on social media. The poor soul seems dimly aware this is a bad idea (“It is stupid for me to do this” - no arguments there, champ), but still… the money was too good to pass up. Meanwhile, God only knows what’s being piped through their IP address. Could be Netflix. Could be ransomware. Could be both. Either way, if SWAT shows up at 3am, $250 a month suddenly feels like pocket change.

Meanwhile, over in the UK, OFCOM decided to pick a fight with 4Chan, yes, that 4Chan. The message-board that’s been proudly powered by chaos and spite since its inception. OFCOM wants them to comply with Britain’s shiny new Online Safety Act, and in response, 4Chan basically said: “LOL, no.”

And honestly, what did the British government expect? 4Chan is built on a foundation of flipping the bird to authority. Asking them nicely to follow the rules is like asking raccoons to politely leave your bins alone.

They’ve now lawyered up, claiming OFCOM is waging an “illegal campaign of harassment.” OFCOM, of course, is threatening fines of £20,000 plus daily penalties. But here’s the thing: 4Chan’s lawyers clapped back with “American businesses don’t lose their First Amendment rights because some British bureaucrat sends a strongly worded email.” Translation: “Pipe down, Westminster.”

And this all comes just weeks after Keir Starmer said the UK wouldn’t be interfering with US companies. That aged about as well as milk in the sun.

Finally, let’s talk about Meta, because what’s a month in tech without Zuck’s empire getting caught with its hand in someone else’s cookie jar?

A federal judge just ruled that Meta violated California’s wiretap law by harvesting private data from Flo Health, a period-tracker app. That’s right, the app people used to log something deeply personal was quietly piping that data to Meta and Google for targeted advertising.

Because obviously nothing says “respecting user privacy” like turning intimate health details into ad campaigns for scented candles and pregnancy vitamins.

The lawsuit dates back to 2021, and it’s finally been confirmed: Meta was eavesdropping, California law says that’s illegal, and now the fallout begins. Privacy advocates are furious. Meta, on the other hand, will probably just write a cheque with more zeros than most of us will ever see and move on. After all, if you’re going to break privacy laws, may as well do it at scale.

Final Thoughts...

So, to recap this month:
- A Redditor rented out their Wi-Fi to criminals for beer money.
- OFCOM tried to slap 4Chan, and 4Chan slapped back harder.
- And Meta was caught listening in on people’s reproductive cycles like a nosy neighbour with a stethoscope.

Honestly, if privacy were a play, this month would be a full-blown farce.

Smarter Protection Starts with Awareness
Data Breach Scan, Check Any Domain for Free https://breachaware.com/scan

This months cyber spotlight, vulnerability chat & privacy headlines.

Amazon Q gets punked, whilst the UK tries to ID-check the entire internet.
https://breachaware.com/research/amazon-q-gets-punked-whilst-the-uk-tries-to-id-check-the-entire-internet
A total of 14 breach events were found and analysed resulting in 7,953,345 exposed accounts containing a total of 36 different data types of personal datum. The breaches found publicly and freely available included MyQuran Edu, ULP 0029, TigerOne EU, Affinitiv and Stealer Log 0538.

UK MPs Get AI Fake IDs, Chaos Ransomware Loses Millions, and Dark Web Forums Eat Themselves.
https://breachaware.com/research/uk-mps-get-ai-fake-ids-chaos-ransomware-loses-millions-and-dark-web-forums-eat-themselves
A total of 31 breach events were found and analysed resulting in 14,232,366 exposed accounts containing a total of 46 different data types of personal datum. The breaches found publicly and freely available included ULP Alien TxT File - Episode 20, Conversion Media Group, BDV, ULP 0030 and College Search.

Dating App Disaster, Forum Chaos, and SwatWiki’s Dumb Demise.
https://breachaware.com/research/dating-app-disaster-forum-chaos-and-swatwikis-dumb-demise
A total of 14 breach events were found and analysed resulting in 30,062,800 exposed accounts containing a total of 32 different data types of personal datum. The breaches found publicly and freely available included Stealer Log 0539, Have I Been Drained Crypto Drainer, ULP Alien TxT File - Episode 21, Indian Business Owners and Le Surfaces.

Hackers Doxed, $82M Bitcoin Heist, and BreachForums’ Final Death.
https://breachaware.com/research/hackers-doxed-82m-bitcoin-heist-and-breachforums-final-death
A total of 21 breach events were found and analysed resulting in 363,354,424 exposed accounts containing a total of 22 different data types of personal datum. The breaches found publicly and freely available included !.1KKK USA, Moscow IT Department, Huntio, O2 - UK and Singapore Eye & Vision.

Right, let’s talk about the past month, because what the actual hell just happened?

Law enforcement either went shopping for a giant, fuzzy roll of wool to pull over the collective eyes of the cyber underground, or the dark web just slammed down a royal flush with a grin and a middle finger. Honestly, it’s hard to tell who’s bluffing anymore, but one thing’s for sure: July was chaos in all the best (and worst) ways.

First off, we saw one of the top-tier Russian-speaking hacking forums, the kind of place where ransomware groups get together and argue about encryption keys like it's poker night, bounce back from what looked like a full-blown takedown attempt by Europol and company.

Like a bad guy in a Bond film, it refused to stay dead. Their homepage gave us the usual “we’re restoring infrastructure” message (which is hacker forum-speak for “We’ve duct-taped the servers back together, please hold off on depositing crypto while we pray it doesn't catch fire again”). Also: “changing onion domains due to current events” - aka the universal sign for "someone got arrested and we don't want to talk about it."

Rumour had it the admin was in handcuffs somewhere in Eastern Europe, but clearly that wasn’t the case, unless he's running this thing from a surprisingly lenient prison cell with broadband. One staff member did get nicked by an international squad of cyber-cops featuring agents from Paris, Ukraine, and probably someone named Franz with a badge and a USB stick. I don't care how hardened you are, opening the door to that kind of surprise LAN party would make anyone soil their hoodie.

Now let’s talk about the real headline act: BreachForums is BACK, baby. Or it’s a honeypot so well executed even the regulars are shrugging and logging in anyway. Either way, welcome to the strangest sequel of the year.

You’ll remember this was the forum whose cast of characters included ShinyHunters, IntelBroker, and a few other cybercrime A-listers, most of whom recently got scooped up and perp-walked off stage. We all thought that was the final curtain. Flowers were laid. Shady tribute threads were posted. Forums fought over the digital ashes.

And then? Like Gandalf with a grudge, it returned. Full infrastructure. Onion domain. Users logging in like nothing happened. The same old leaks. And yes, the same terrible OPSEC from some of the usual suspects.

The new admin, going by the charmingly vague handle “N/A”, released a manifesto/press release/hardcore denial letter that basically boiled down to:
- “Nobody important got arrested, those guys were decoys.”
- “IntelBroker was a smokescreen. Plot twist!”
- “We shut down voluntarily because of a zero-day in MyBB.”
- “And no, it’s not a honeypot, now stop asking.”

Honestly, if I had a pound for every “we’re not a honeypot” claim made by someone who might absolutely be a honeypot, I’d have enough to buy Twitter and turn it into a place people actually enjoy again.

Still, people are back on the site like raccoons who’ve found their favourite trash can. There’s even a thread titled “What the f*ck is going on @N/A” - which, to be fair, might be the most honest piece of writing on the internet this month.

Meanwhile, threat actors are grumbling that the Escrow service is only running on clearnet. Because, you know, nothing screams "trust me, I'm a criminal" like sending your ransom payment through a web browser with Google Analytics installed.

My Final Thoughts (for now).

The forums are alive. The forums are weirdly alive. And honestly, the whole thing feels like either an elaborate sting operation or a really dark episode of Black Mirror. Law enforcement says one thing, admins say another, and the truth is probably somewhere in a Discord server nobody’s admitting to running.

Reputation still matters in the underground, which is why no one wants to be the first to say “nah, I don’t trust this” in case it’s legit. So the party continues, the dumps keep dumping, and we’re all just sitting here, watching this bizarre soap opera unfold.

Stay tuned. If July taught us anything, it’s that in cybercrime, the dead don’t stay dead, they just switch domains.

Smarter Protection Starts with Awareness
Data Breach Scan, Check Any Domain for Free https://breachaware.com/scan

This months cyber spotlight, vulnerability chat & privacy headlines.

Crypto Scandals, Insider Crimes & Global Cyber Threats.
https://breachaware.com/research/crypto-scandals-insider-crimes-and-global-cyber-threats
A total of 28 breach events were found and analysed resulting in 13,014,568 exposed accounts containing a total of 34 different data types of personal datum. The breaches found publicly and freely available included ACC Limited, Los Angeles Unified School District, Rhithm, Tracelo and Quantum Information Port (QIP).

Cyber heists, espionage malware, and eSIM exploits.
https://breachaware.com/research/cyber-heists-espionage-malware-and-esim-exploits
A total of 26 breach events were found and analysed resulting in 16,465,424 exposed accounts containing a total of 30 different data types of personal datum. The breaches found publicly and freely available included ULP Alien TxT File - Episode 18, Fibertel, ULP 0028, KFC China and 3S POS.

Insiders Flip, Ransomware Crews Implode, & Zero‑Days Rain Down.
https://breachaware.com/research/insiders-flip-ransomware-crews-implode-and-zerodays-rain-down
A total of 11 breach events were found and analysed resulting in 1,528,450 exposed accounts containing a total of 22 different data types of personal datum. The breaches found publicly and freely available included BitMart, La Diaria, Office of Alumni & Corporate Relations - IIT Madras, Naver and Misr Pharmacies Online.

Russian forums seized, BreachForums implodes & Microsoft blames China.
https://breachaware.com/research/russian-forums-seized-breachforums-implodes-and-microsoft-blames-china
A total of 23 breach events were found and analysed resulting in 28,161,553 exposed accounts containing a total of 28 different data types of personal datum. The breaches found publicly and freely available included Free, ULP Alien TxT File - Episode 19, Santa Lucia, Stealer Log 0537 and Stealer Log 0536.

In a plot twist that sounds suspiciously like the opening act of a tech-noir film, a federal judge has ordered OpenAI to preserve all user chat logs, including the ones you thought you deleted and mentally erased after oversharing a bit too much in a "temporary" chat. Yes, those chats. The ones where you dropped snippets of proprietary code, brainstormed with sensitive client info, or asked GPT to rewrite your performance review like Shakespeare with a grudge.

Now, these chats must be stored. Forever. Even though OpenAI’s privacy policy basically promised users they could “delete chats anytime.” Apparently, that policy now comes with an invisible asterisk that says: unless a federal judge has other ideas.

Naturally, this raises the sort of tiny concerns like massive GDPR violations, breaches of user consent, and the philosophical question of whether a deleted chat was ever really deleted at all. So, if your company jumped on the “AI-powered workplace” bandwagon and forgot to read the terms and conditions (spoiler: everyone did), it might be time for a little data hygiene, or at least a GDPR lawyer on speed dial.

Meanwhile, in what reads like a rejected Mission: Impossible script, a shadowy hacktivist group called Predatory Sparrow, which may or may not be backed by Mossad, depending on which cyber-gossip you trust, has declared digital jihad on Iran’s financial systems.

They publicly announced their attack on Bank Sepah (subtlety clearly not their forte), accusing it of violating sanctions and funding everything from nuclear programs to regional chaos. The result? ATMs shut down, branches closed, and Iran pulled the plug on its entire internet infrastructure like a parent yanking the Wi-Fi because their kid won’t stop playing Fortnite.

Before the lights went out, Predatory Sparrow also hit Nobitex, Iran’s biggest crypto exchange. Not content with a mere takedown, they dumped the source code to Telegram and reportedly absconded with over $90 million in cryptocurrency, only to yeet the funds into random, inaccessible wallets like some kind of blockchain Banksy.

Let that sink in: the largest burn of stolen crypto in history, and it was accompanied by a Telegram drop and some anonymous political sass. Somewhere, North Korean hackers are quietly slow-clapping.

And finally, the mainstream media is hyperventilating over the claim that 16 billion passwords have been leaked. Again. For what feels like the 14th time this decade. Let’s all take a deep breath.

Yes, the number sounds terrifying. No, it’s not a fresh breach of biblical proportions. What we’re looking at here is another charming casserole of ULPs (Username-Login-Passwords) scraped from years of stealer logs, data breaches, shady dark web forums, and malware-infected machines. Think of it like the cybersecurity version of a garage sale, some of it is junk, some of it’s already been leaked, and a tiny bit might still be valuable (to someone using the same Netflix password since 2012).

If you’re using the same login for your gym, your bank, and your “totally anonymous” fan fiction forum, maybe consider mixing it up. Otherwise, don’t panic. Just update your passwords, use a password manager, and try not to yell “THE SKY IS FALLING” every time someone finds a dusty old credential dump online.

TL;DR:

- Your "temporary" ChatGPT chats might outlive you.
- Mossad’s favourite sparrows have expensive taste in crypto.
- And unless your password is still “letmein” or “iloveyou,” you’re probably fine.

Sleep tight, digital citizens. The internet’s got jokes, and lawsuits.

Scan Any Domain for Free https://breachaware.com/scan

This months cyber spotlight, vulnerability chat & privacy headlines.

Crypto Kidnappings, DragonForce Ransomware, and Global Privacy Shakeups.
https://breachaware.com/research/crypto-kidnappings-dragonforce-ransomware-and-global-privacy-shakeups
A total of 22 breach events were found and analysed resulting in 6,199,513 exposed accounts containing a total of 39 different data types of personal datum. The breaches found publicly and freely available included ULP Alien TxT File - Episode 15, ULP 0022, Stealer Log 0529, Stealer Log 0530 and National Centre for Disaster Risk Assessment, Prevention, and Reduction - Peru.

Dark Web Cracks, Student Hacker Falls, and BreachForums Rises Again.
https://breachaware.com/research/dark-web-cracks-student-hacker-falls-and-breachforums-rises-again
A total of 16 breach events were found and analysed resulting in 1,917,577 exposed accounts containing a total of 28 different data types of personal datum. The breaches found publicly and freely available included ULP 0023, Stealer Log 0531, Aire de Fiesta, Brazilian Consumer Database and Silver Falls Capital.

Bidencash Seized, Brutecat’s Google Hack, Wazuh Exploited.
https://breachaware.com/research/bidencash-seized-brutecats-google-hack-wazuh-exploited
A total of 17 breach events were found and analysed resulting in 6,296,420 exposed accounts containing a total of 26 different data types of personal datum. The breaches found publicly and freely available included ULP 0025, ULP Alien TxT File - Episode 16, Instituto Nacional de Transporte Terrestre (INTT), Infusion Mobile and Epsilor.

Trickbot Kingpin Doxxed, Google Outage, BreachForums Sold.
https://breachaware.com/research/trickbot-kingpin-doxxed-google-outage-breachforums-sold
A total of 24 breach events were found and analysed resulting in 5,426,979 exposed accounts containing a total of 34 different data types of personal datum. The breaches found publicly and freely available included Darty, Stealer Log 0533, Shadow, Stealer Log 0532 and EloBuddy.

Dark Web Crackdowns, CVE Wave, Global Privacy Tensions Rise.
https://breachaware.com/research/dark-web-crackdowns-cve-wave-global-privacy-tensions-rise
A total of 12 breach events were found and analysed resulting in 14,927,673 exposed accounts containing a total of 33 different data types of personal datum. The breaches found publicly and freely available included Alien TxT File - Episode 17, Cetdigit, ULP 0026, Stealer Log 0534 and CarderPro.

Last month, a company that previously enjoyed the luxury of complete anonymity (and probably preferred it that way) has stumbled loudly back into the spotlight. Meet TeleMessage, the enterprise grade archiving software solution that cheerfully scoops up messages from Signal, Telegram, WhatsApp, WeChat, SMS, MMS, and even good old fashioned voice calls. Think of it as a digital hoover for your entire communications history, because compliance is sexy now.

The company made its first cameo appearance in the headlines when sharp-eyed members of the press caught U.S. national security adviser Mike Waltz casually launching the app on his phone. Turns out, since February 2023, U.S. authorities have been using TeleMessage not just as a toy, but as a mandatory workplace surveillance tool. According to its marketing, TeleMessage helps “protect data and ensure compliance,” which in this case translates loosely to: “We archive everything you say so your government boss doesn’t get fined.”

But while TeleMessage is great at compliance, its security posture appears to be held together with duct tape and optimism. A threat actor claims they broke in, and I wish I were kidding, within 15 to 20 minutes. That’s barely enough time to make a cup of tea, let alone compromise the inner sanctum of a supposedly secure government-adjacent comms archiver. The result? 415GB of juicy plain text dumps, complete with metadata like sender, recipient, timestamp, and all the breadcrumbs any aspiring cybercriminal could ever dream of.

Meanwhile, over in France, home of croissants, strikes, and now possibly compromised legislators, a threat actor has popped up on a dark web forum to announce they’ve been snooping on a French senator. This isn’t your usual "we found some leaked emails" post either. The hacker claims they had live access to sensitive communications, including pre-publication legislative drafts, internal coordination docs, media contacts, and private correspondence that, frankly, wasn’t meant for your eyes or mine.

The hacker ominously closes their message with: “This is not a leak. Not yet. This is a signal. A controlled detonation.”

Chilling stuff, though admittedly a bit theatrical. Ten points for style, I guess?

In other surveillance adjacent absurdity, Microsoft has unveiled its latest dystopian nightmare disguised as a feature: Recall, an AI-driven tool that takes periodic screenshots of your desktop “for your convenience.” You know, so you can search your screen history like a time travelling intern. Great idea. Nothing could possibly go wrong.

Except, of course, within days of this being announced, security researchers found ways to extract these screenshots from memory, because apparently no one at Microsoft has ever met a hacker before. And in what can only be described as a cyberpunk plot twist, Signal stepped in with the kind of elegant resistance we’d all hoped for. Their solution? DRM. Yes, the same annoying tech that prevents you from screen grabbing your favourite Netflix show now doubles as a privacy shield. If Recall tries to screenshot your Signal app window, it’ll get nothing but a blank space, and not the Taylor Swift kind.

Microsoft: "We want to improve productivity by logging your every move."
Security community: "We'd rather eat a firewall than let that fly."

So, to summarise:
- TeleMessage is unintentionally starring in its own zero-day soap opera,
- A hacker has turned a French senator’s inbox into a suspense novel,
- Microsoft invented a surveillance tool and called it a “feature,” and
- Signal decided to throw a digital pie in their face.

What a month. Back to you, compliance officers.

Scan Any Domain for Free https://breachaware.com/scan

This months spotlight, vulnerability chat & privacy headlines.

When CEOs Hack, xAI Fumbles, and Your iPhone Becomes a Brick.
https://breachaware.com/research/when-ceos-hack-xai-fumbles-and-your-iphone-becomes-a-brick
A total of 22 breach events were found and analysed resulting in 19,421,865 exposed accounts containing a total of 35 different data types of personal datum . The breaches found publicly and freely available included ULP Alien TxT File - Episode 11, Doxagram, Grayscale, Underworld Empire Forums and ULP 0017.

LockBit Gets Hacked (Again), $45M Vanishes from Coinbase, and Bootleg Signal Apps Blow Up.
https://breachaware.com/research/lockbit-gets-hacked-again-45m-vanishes-from-coinbase-and-bootleg-signal-apps-blow-up
A total of 19 breach events were found and analysed resulting in 34,462,844 exposed accounts containing a total of 28 different data types of personal datum . The breaches found publicly and freely available included VNG Corporation, Pluto TV, ULP Alien TxT File - Episode 12, NextGenUpdate and CNZZ.

VXU Threatened, Coinbase Whales Scammed, Google Fined Big, and Fresh Zero Days all Around.
https://breachaware.com/research/vxu-threatened-coinbase-whales-scammed-google-fined-big-and-fresh-0-days-all-around
A total of 26 breach events were found and analysed resulting in 28,611,135 exposed accounts containing a total of 30 different data types of personal datum . The breaches found publicly and freely available included ULP Alien TxT File - Episode 13, ULP 0019, Email Panther, ULP 0020 and Stealer Log 0526.

Lumma seized, CISA fumbles, scammy forums implode, and critical vulns keep stacking.
https://breachaware.com/research/lumma-seized-cisa-fumbles-scammy-forums-implode-and-critical-vulns-keep-stacking
A total of 22 breach events were found and analysed resulting in 10,356,354 exposed accounts containing a total of 30 different data types of personal datum. The breaches found publicly and freely available included ULP Alien TxT File - Episode 14, Amazon (Internal), Dow University of Health Sciences, Romano-American Mossad Political Networks and ULP 0021.

If you logged into your favourite cybercrime forum this week and found nothing but tumbleweeds and 404s, you’re not alone. A couple of well known underground hacking forums have either gone on holiday or been vaporised entirely. It's unclear if they’ve shut down for good or just doing the digital equivalent of pretending they’re not home when the FBI knocks.

One particularly loud mouthed Russian speaking hacking forum seems to be having clearnet issues which, in their line of work, is about as surprising as a crypto rug-pull. Meanwhile, the BreachForums drama is still going strong. Ever since it got Thanos snapped out of existence by activist group Dark Storm, new forums have been popping up like dodgy pop-ups on a torrent site. Some are clearly scams, others are actual contenders, and a few are probably honeypots with great UI.

The "new" BreachForums is apparently being run by several of the old moderators, but let’s just say the reunion tour hasn’t been warmly received. Former users have trust issues (shocking, I know) and aren’t quite rolling out the welcome mat. Oh, and ShinyHunters, the data breach supervillains behind attacks on Tokopedia, AT&T, and your local grandmother’s cookie blog, have vanished. No tweets. No leaks. Just silence. Either they’ve quit the game, or they’re watching from a cabana in a jurisdiction with no extradition.

And now, to the bureaucratic circus: The U.S. Department of Government Efficiency (DOGE, no, not a meme, it’s a real agency, tragically not funded by Elon Musk) recently decided to pull funding from MITRE. Yes, MITRE, the same folks responsible for the CVE Program, which helps the world not burn down every time someone writes insecure JavaScript.

Cue the collective meltdown from every corner of InfoSec Twitter and the more vocal corners of dark web chatrooms. Surprisingly, DOGE did a reverse Uno card and reinstated funding almost immediately, likely after realising that pulling the plug on the CVE database is like taking away a fire extinguisher during a grease fire. For context, MITRE has been handed around $1.5 billion since 2008. Pricey? Sure. But still cheaper than letting everything go full Equifax every week.

Now, here’s the part where Europol enters like a law enforcement John Wick. Teaming up with Bavarian State Police and 35(!) other countries, they helped shut down a truly horrific CSAM darknet site called "Kidflix" because apparently there's no bottom to the naming choices of depraved criminals.

From April 2022 to March 2025, this nightmare of a site hosted over 91,000 unique CSAM videos and attracted 1.8 million users. But here’s the good news:
- 1,400 users identified
- 79 arrests made
- And 39 children rescued

It’s a horrifying case, but it does show what can happen when law enforcement agencies put their heads together and decide to actually clean up the internet rather than just hold awkward press conferences about it.

So yes, the dark web is in disarray, bureaucrats are still confused by what the internet actually is, and law enforcement is finally making moves that actually matter. If nothing else, it’s been an eventful week and I, for one, am running low on popcorn.

Scan Any Domain for Free https://breachaware.com/scan

Data Breach, Vulnerability & Privacy Research this Month

Cybercrime Crackdowns, Cloud Denials, and Vanishing Professors.
https://breachaware.com/research/cybercrime-crackdowns-cloud-denials-and-vanishing-professors
A total of 18 breaches were found and analysed resulting in 22,619,144 leaked accounts containing a total of 34 different data types. The breaches found publicly and freely available included ULP Alien TxT File - Episode 8, ULP 0012, Hisense USA, Florida Department of State and Aiudo.

VPN Cracks, Dark Web Upgrades & Meta’s Make or Break Trial.
https://breachaware.com/research/vpn-cracks-dark-web-upgrades-and-metas-make-or-break-trial
A total of 28 breaches were found and analysed resulting in 27,088,911 leaked accounts containing a total of 29 different data types. The breaches found publicly and freely available included ULP Alien TxT File - Episode 9, ULP 0013, Breach.VIP, Boulanger and V-Tight Gel.

Patches, Psyops & Paranoia.
https://breachaware.com/research/patches-psyops-and-paranoia
A total of 14 breaches were found and analysed resulting in 5,870,230 leaked accounts containing a total of 23 different data types. The breaches found publicly and freely available included Alien TxT File - Episode 10, ULP 0014, Alshaya Group, Stealer Log 0522 and Puppy Finder.

Fine Wine, Fast Bugs, and Forum Drama.
https://breachaware.com/research/fine-wine-fast-bugs-and-forum-drama
A total of 30 breaches were found and analysed resulting in 15,193,862 leaked accounts containing a total of 29 different data types. The breaches found publicly and freely available included Quality Used Transmissions, ULP 0016, Telmex, ULP 0015 and AlfaStrakhovanie Group.

Britain’s new Online Safety Act just went live, and in its first week, it’s already caused a mass extinction event for small online communities. Thanks to the government's obsession with “safety”, running a simple forum now requires enough paperwork to make a tax auditor jealous.

If you own a website or forum and haven’t filed the right risk assessments, you could face:
- An £18 million fine (because that totally seems fair for a hobbyist forum)
- 10% of your turnover (if you even have one)
- Domain seizures and website takedowns

Basically, if one random user offends someone and you don’t delete it fast enough, congratulations! You’re now financially ruined.

It’s already taken out London Fixed Gear and Single Speed (LFGSS), a father’s rights forum, and even a hamster forum. Yes. A hamster forum. Apparently, discussing wheel sizes and seed mixes is now a national security risk.

And who’s enforcing this Orwellian nightmare? Ofcom. That’s right, the same regulatory body that spent years policing whether people on TV said the F-word before 9PM is now the internet’s judge, jury, and executioner.

At this rate, the only things left standing on the British internet will be government-approved news sites and Facebook groups about knitting.

The UK’s Crime and Policing Bill: Your Front Door is Now Optional
As if shutting down speech wasn’t enough, the UK government is also giving the police some fresh new powers that look like they were drafted by someone who read 1984 and thought, “Yeah, this sounds great.”

Let’s take a peek at some of the highlights:

Police can now suspend IPs and domain names, so not only can they shut down your website for failing to moderate someone’s spicy take, they can also wipe it off the internet entirely.

Confiscation of cash, vehicles, and assets, no conviction required. That’s right, folks! You don’t actually need to be guilty of anything anymore for the police to take your stuff. Just having the wrong vibes might be enough.

Clause 93: Search Without a Warrant Based on “Electronic Tracking Data.”
This one is a doozy. If the police think a stolen item has ever been near your house, they can now break down your door without a warrant. What’s that? You live in a block of flats? Sucks for you, good luck proving you weren’t involved when they come tearing through your place because a stolen laptop pinged a Wi-Fi network in the building.

Oh, and imagine if a malicious hacker sends you a parcel with a GPS tracker inside and then reports it as stolen. Congratulations! Enjoy your complimentary police raid.

Because nothing says justice like battering down doors based on dodgy Bluetooth signals.

TL;DR:
The UK has decided small websites are too dangerous to exist.
- A hamster forum is now a national security threat.
- The police can raid your home because a stolen phone once walked past it.
- Your bank account, car, and life savings can now disappear without a conviction.

At this rate, the British government will be installing CCTV in your kettle by next year. Welcome to the UK Firewall, comrades!

Scan Any Domain for Free https://breachaware.com/scan

Data Breach, Vulnerability & Privacy Research this Month

Lockbit Birthday Wishes, Russian Ransomware Celebs & Privacy Fails.
https://breachaware.com/research/lockbit-birthday-wishes-russian-ransomware-celebs-and-privacy-fails
A total of 22 breaches were found and analysed resulting in 92,498,711 leaked accounts containing a total of 32 different data types. The breaches found publicly and freely available included Special K, ULP 0005, TGBUS, ULP 0004 and DangDang.

Bybit’s $1.5B Crypto Fumble, Lazarus' Perfect Heist & Cybersecurity Madness.
https://breachaware.com/research/ybits-1b-crypto-fumble-lazarus-perfect-heist-and-cybersecurity-madness
A total of 20 breaches were found and analysed resulting in 38,793,636 leaked accounts containing a total of 30 different data types. The breaches found publicly and freely available included ULP Alien File - Episode 1, Angel One, ULP 0006, Stealer Log 0511 and Stealer Log 0512.

Deepfake Scam Targets YouTubers.
https://breachaware.com/research/deepfake-scam-targets-youtubers-and-lockbit-hacker-extradited
A total of 12 breaches were found and analysed resulting in 80,379,926 leaked accounts containing a total of 27 different data types. The breaches found publicly and freely available included ULP Alien File - Episode 2, Digitel, Kilts and Kilts, Mr Excel and Stealer Log 0513.

France Rejects Encryption Ban & North Korean Hackers Exposed
https://breachaware.com/research/france-rejects-encryption-ban-and-north-korean-hackers-exposed
A total of 17 breaches were found and analysed resulting in 103,560,038 leaked accounts containing a total of 34 different data types. The breaches found publicly and freely available included ULP Alien TxT File - Episode 3, ULP Alien TxT File - Episode 4, ULP Alien TxT File - Episode 5, Business Emails (CRM Database) and ULP 0007.