TP-Link: Cheap or Suspicious?

TP-Link routers are so cheap you’d think they’re running a “Buy One, Get the FBI’s Attention Free” sale. With the U.S. government considering an outright ban, the company is in hot water over alleged national security risks. A quick glance at the CVE database for these routers reveals more holes than Swiss cheese, with vulnerabilities like buffer overflows and remote code executions popping up year after year. Coincidence? Maybe. Suspicious? Absolutely.

And then there’s the pricing. U.S. laws prohibit selling products at a loss, but TP-Link’s rock-bottom prices have lawmakers wondering if the routers are subsidised by… let’s call it “alternative motives.” If they’re banned, brace yourself: router chaos will ensue, with small businesses and penny-pinching consumers storming Best Buy in search of a budget-friendly replacement.

The DHS Social Media Keyword List

The Department of Homeland Security’s recently released list of monitored social media keywords is a real rollercoaster. Some are obvious, like "dirty bomb" or "Al Qaeda" (even with the creative misspellings). But others, like "storm," "help," and "sick," seem plucked from the Word of the Day calendar.

Let’s be real: if bad actors are plotting something nefarious, they’re not going to post, "Planning to use a DIRTY BOMB tomorrow!" They’ll probably use emojis, code words, or just good old-fashioned subtweeting. Meanwhile, innocent posts like, "Help, I’m sick from the storm," might send DHS analysts on a wild goose chase to Grandma’s house.

Hydra-Market: From Dead Drops to Dead Ends

Hydra-Market was the Amazon of Illicit Goods, with 17 million customers, 19,000 vendors, and a “dead drop” service that made hiding drugs under park benches feel like a national pastime. They didn’t just sell drugs; they mastered the supply chain, from manufacturing to delivery, and even diversified into hacking tools and money laundering. Basically, Hydra-Market was Breaking Bad meets DoorDash.

But after a seven-year game of cat and mouse, law enforcement finally took it down with Operation Hydra-Squash (probably not its real name). They seized 1 tonne of drugs, $25 million in Bitcoin, and a cache of cars and properties. Stanislav Moiseyev and his 15 merry employees are now facing sentences ranging from 8 to 23 years, which leaves plenty of time to think about how “creative entrepreneurship” doesn’t always pay off.

One former customer reminisced about Hydra’s dead-drop service: "They’d hide packages under benches and text you the GPS coordinates." Imagine geocaching, but instead of finding a cute trinket, you find… well, let’s just say not family-friendly items.

The Takeaway

Whether it’s routers that double as digital sieves, keyword confusion that could make Grandma suspicious, or darknet dealers getting their comeuppance, this month's news has something for everyone. It’s a wild world out there—stay secure, keep your routers updated, and maybe think twice before geocaching near that sketchy bench in the park.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan


THIS MONTHS SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES

Europol and Eurojust take down gang running IPTV service.
https://breachaware.com/research/europol-and-eurojust-take-down-gang-running-iptv-service
A total of 36 breaches were found and analysed resulting in 10,069,922 leaked accounts containing a total of 33 different data types. The breaches found publicly and freely available included Stealer Log 0498, Amazon, diet.com, My Sex Shop and The Real World - Hustlers University.

At its peak Hydra-Market had 17 million customers and 19K vendors.
https://breachaware.com/research/at-its-peak-hydra-market-had-17-million-customers-and-19k-vendors
A total of 28 breaches were found and analysed resulting in 17,207,079 leaked accounts containing a total of 24 different data types. The breaches found publicly and freely available included Mathway [2], Huntstand, Dennis Kirk, Farmapatria and SIAPE.

File hosting service that allegedly allowed CSAM and loli porn knocked offline.
https://breachaware.com/research/file-hosting-service-that-allegedly-allowed-csam-and-loli-porn-knocked-offline
A total of 24 breaches were found and analysed resulting in 5,663,215 leaked accounts containing a total of 33 different data types. The breaches found publicly and freely available included Metro Cash & Carry, Blue Ocean Gaming, Golem Network, Stealer Log 0500 and Grey Star Jewellery.

Operation 'power off' seize 27 stressor services.
https://breachaware.com/research/operation-power-off-seize-27-stressor-services
A total of 24 breaches were found and analysed resulting in 14,282,547 leaked accounts containing a total of 28 different data types. The breaches found publicly and freely available included White Pages [2], Wife Lovers, Qraved, Stealer Log 0501 and CentraCare.

The exodus from Telegram feels like the digital equivalent of rats fleeing a sinking ship, but in this case, the captain invited the water onboard. Once hailed as the free-speech messiah, Pavel Durov has now gone full 180, swapping his halo for a "Please Comply with Authorities" sign. Telegram’s latest Terms of Service updates allow your IP address and phone number to be handed over faster than a hot potato if you so much as sneeze near a legal investigation.

And if you’re looking for an “anonymous” number through Telegram, you’d better be ready to hand over everything short of your blood type and your grandma’s maiden name. They’re asking for your passport, selfie video, and probably a cute childhood story for good measure. At this point, the term "anonymous" is as meaningful as a politician’s promise during an election year. No wonder users are migrating faster than influencers to the next viral app.

Meanwhile, Andrew Tate’s website, The Real World, just learned the hard way that cybersecurity isn’t optional. A 14 GB data breach exposed everything from course material (which users paid $50/month for) to chat logs that can only be described as a toxic Call of Duty lobby fused with 4chan on steroids. Seriously, if Shakespeare were alive today, he’d have written sonnets about how unhinged these messages are.

To anyone caught in this breach: If you haven’t already, delete your LinkedIn account before HR stumbles across the searchable chat logs someone’s inevitably working on. It’s only a matter of time before recruiters start rejecting candidates because they were spotted in Tate's "broetry" forums. Moral of the story? Invest as much in security as you do in your ego—or end up a meme.

Now onto some justice, because Operation Magnus just served up cybercrime’s version of a five-star beatdown. Redline and Meta Infostealers, the digital equivalents of mosquitoes in a swamp, have been wreaking havoc by stealing over 170 million plaintext passwords in just six months. (That’s one stolen password for every three people on Earth. Bravo, scumbags.)

But thanks to the combined efforts of Dutch Police, the FBI, and an international coalition, key servers were seized, and Russian suspect Maxdim Rudometov has been named. Unfortunately, extraditing him from Russia is like asking your cat to stop knocking things off the counter—possible, but unlikely without serious bribery.

In the meantime, the shutdown has caused major disruption in the cybercriminal world. Word on the dark web is that hackers are “considering other career options”, like data-entry jobs, where they can use their stolen credentials for good instead of evil. To stay safe, though, remember: Use strong passwords, enable 2FA, and maybe don’t re-use "Password123" for your bank login. Let’s not make the criminals’ jobs any easier than it already is.

In short, it’s a big month for cybersecurity, with plenty of drama, data dumps, and criminals learning that karma has a killer sense of humour.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan


THIS MONTHS SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES

Doxing spree of members that dwell in the cybercrime underworld.
https://breachaware.com/research/doxing-spree-of-members-that-dwell-in-the-cybercrime-underworld
A total of 41 breaches were found and analysed resulting in 10,337,245 leaked accounts containing a total of 33 different data types. The breaches found publicly and freely available included UUU9, SWVL, Superhry, Pankhuri and Bibo Mart.

Attackers strive to destroy the Tor network.
https://breachaware.com/research/attackers-strive-to-destroy-the-tor-network
A total of 17 breaches were found and analysed resulting in 101,638,201 leaked accounts containing a total of 22 different data types. The breaches found publicly and freely available included 1Win - Part 2, Lalafo, Creditcard Consortium, Tibber and Thuocsi.

Alleged snowflake hacker arrested sparking retaliation from threat actor community.
https://breachaware.com/research/alleged-snowflake-hacker-arrested-sparking-retaliation-from-threat-actor-community
A total of 29 breaches were found and analysed resulting in 78,149,373 leaked accounts containing a total of 39 different data types. The breaches found publicly and freely available included JD, InterBank, Topitop, 1Win and Stealer Log 0494.

One of the largest banks in Peru is reeling after massive security breach.
https://breachaware.com/research/one-of-the-largest-banks-in-peru-is-reeling-after-massive-security-breach
A total of 30 breaches were found and analysed resulting in 9,386,518 leaked accounts containing a total of 32 different data types. The breaches found publicly and freely available included Burger King - Russia, Wongnai, ExVagos 2, LionsCredit and Griffin Capital.

The notorious threat actor known as USDOD, a 31-year-old Brazilian named Luan, has finally been arrested in Brazil. With a track record of breaches that read like a cybersecurity thriller, Luan’s exploits include his infamous hack of InfraGard—a public-private partnership between the FBI and key industry players that works to protect U.S. critical infrastructure. By impersonating a finance CEO, he gained access to the site, downloaded a treasure trove of sensitive data, and then dumped it all on the dark web. As expected, this was like slapping a giant “wanted” sign on his forehead. But things didn’t truly spiral until he took on cybersecurity heavyweight CrowdStrike.

After leaking a list of threat actors CrowdStrike was monitoring, USDOD’s victory was short-lived. CrowdStrike rapidly pieced together his identity and leaked his details to a Brazilian tech news outlet. Remarkably, he took it in stride, even congratulating CrowdStrike and stating he was ready to face the consequences. Whether that sentiment came from humility or resignation, it didn’t matter—Luan has now officially been “nicked.”

Meanwhile, Microsoft’s latest AI feature, *Recall* (or as some critics are calling it, "Rec-All"), has stirred up fresh privacy concerns. Initially intended only for high-end Copilot Plus devices, which come equipped with NPUs to handle AI tasks, Recall is now available for most Windows 10 and 11 users. This feature takes periodic screenshots, creating a searchable timeline of computer activity—think browser history, but for everything you do on your machine. Despite Microsoft's best intentions, privacy advocates see it as another backdoor to sensitive information, particularly if unauthorised access is gained. It's got shades of spyware, and many are questioning whether this feature is genuinely necessary.

In other under-the-radar news, the British government is quietly preparing to transfer control of the Chagos Islands, a group of atolls in the Indian Ocean, to Mauritius. The shift has more than a few tech companies raising an eyebrow, given that it means the British Indian Ocean Territory will no longer exist—and with it, the much-loved *.io* domain may be on the chopping block. Once the transition is official, the IANA is likely to cease new registrations for .io domains, which could ultimately signal the end of an era for the tech industry’s favourite top-level domain. So, if you’ve got a .io domain you love, hang onto it; this domain may soon be the stuff of digital nostalgia.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan

THIS MONTHS SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES

Call of Duty gamers targeted with anti-cheat exploit.
https://breachaware.com/research/call-of-duty-gamers-targeted-with-anti-cheat-exploit
A total of 22 breaches were found and analysed resulting in 5,145,008 leaked accounts containing a total of 24 different data types. The breaches found publicly and freely available included Le Slip Francais, Detmir, Illuvium, Stealer Log 0490 and Wine Style.

The beginning of the end for .io websites
https://breachaware.com/research/the-beginning-of-the-end-for-io-websites
A total of 15 breaches were found and analysed resulting in 25,581,512 leaked accounts containing a total of 22 different data types. The breaches found publicly and freely available included TEG, OpenSea, Stealer log 0489, Maksavit and SPIM.

100 domains seized following 120-page court order.
https://breachaware.com/research/100-domains-seized-following-120-page-court-order
A total of 22 breaches were found and analysed resulting in 13,158,059 leaked accounts containing a total of 22 different data types. The breaches found publicly and freely available included Kleinanzeigen, Boutiqaat, Nexo, Netherlands FOREX Consumer Leads and DigiDirect.

Debt and credit information exposed in recent Bank breach.
https://breachaware.com/research/debt-and-credit-information-exposed-in-recent-bank-breach
A total of 21 breaches were found and analysed resulting in 30,573,656 leaked accounts containing a total of 30 different data types. The breaches found publicly and freely available included Tianya Club, Stealer log 0487, Stealer Log 0488, Stealer log 0486 and GetCarrier.

This month we dove into the headline-grabbing theft of $243 million in crypto, a case solved by blockchain sleuth ZachXBT, who handed the intel to the Feds. But, in a move that proves cybercriminals never miss an opportunity for drama, another amusing episode has popped up. This time, photos circulated on social media show a rival hacker commandeering the screens of an exclusive club, broadcasting the message “Back to the lobby, Malone,” and—just for kicks—displaying what appeared to be Malone’s Social Security number on a neighbouring screen. No word on whether Malone is rethinking his life choices yet, but it's safe to say his day was ruined.

Meanwhile, the saga of Telegram has taken yet another sharp turn. Following the questionable arrest of CEO Pavel Durov earlier this month, Telegram's stance on working with law enforcement has been, well, fluid. To recap: Durov's private jet stopped to refuel in France, where he found himself scooped up by French authorities. Despite being in that odd legal grey area of international airspace (where customs checks don’t typically apply), someone tipped off the authorities. Durov was detained without formal charges, and after a few days of "investigation," he was released on a 5-million-euro bail under the condition he can’t leave France.

In the wake of this, Telegram made a controversial statement about cooperating with law enforcement, claiming they’d only share user data for terrorism-related cases. Fast forward a couple of weeks, and they've walked it back again. Their new Terms & Conditions now state:

“If Telegram receives a valid order from the relevant judicial authorities that confirms you're a suspect in a case involving criminal activities that violate the Telegram Terms of Service, we will perform a legal analysis of the request and may disclose your IP address and phone number to the relevant authorities. If any data is shared, we will include such occurrences in a quarterly transparency report published at: https://t.me/transparency.”

Why is Telegram suddenly playing ball with the powers that be? Well, it’s likely the platform’s long-standing role as a haven for free speech (and, let’s be real, cybercriminals) is rubbing big governments the wrong way. Now, with other social media platforms neatly falling in line, Telegram is feeling the pressure. Naturally, this has sparked a "great migration" to the next digital safe haven, as users and cybercriminals alike begin seeking refuge from prying eyes.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan

THIS MONTHS SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES

Threat actor merges 3.3 billion unique email addresses from public data breaches.
https://breachaware.com/research/threat-actor-merges-3-billion-unique-email-addresses-from-public-data-breaches
A total of 29 breaches were found and analysed resulting in 3,822,233 leaked accounts containing a total of 34 different data types. The breaches found publicly and freely available included Central Tickets, Anonymous Spanish Data Archive, 2 Invoice, Tiendup and YPOK.

Blockchain detective speeds up arrest of two crypto thieves.
https://breachaware.com/research/blockchain-detective-speeds-up-arrest-of-two-crypto-thieves
A total of 35 breaches were found and analysed resulting in 7,110,820 leaked accounts containing a total of 29 different data types. The breaches found publicly and freely available included Sport 2000, Legendas.TV [2], Cash To You, Parking Pay and Brand New Tube [3]

We would rather “eat poop than pay a ransom.”
https://breachaware.com/research/we-would-rather-eat-poop-than-pay-a-ransom
A total of 23 breaches were found and analysed resulting in 10,466,698 leaked accounts containing a total of 30 different data types. The breaches found publicly and freely available included Lookiero, Tigo, DOJO, Grastin and OnlineGIBDD.

AI-powered property tech breach impacts US bank customers.
https://breachaware.com/research/ai-powered-property-tech-breach-impacts-us-bank-customers
A total of 27 breaches were found and analysed resulting in 36,605,520 leaked accounts containing a total of 32 different data types. The breaches found publicly and freely available included MindJolt, MyKukun, Factual, Passions Network and Dominos - Belgium.

Cuban Mobile Operator Data Breach Exposes Sensitive User Information
https://breachaware.com/research/cuban-mobile-operator-has-suffered-a-data-breach
A total of 26 breaches were found and analysed resulting in 33,301,424 leaked accounts containing a total of 29 different data types. The breaches found publicly and freely available included ShopBack, JKAmaret, Allegedly Habibs, Talent Smart EQ [URL redirected] and Stealer Log 0480.

Kim Dotcom, the mastermind behind MegaUpload, is finally getting extradited to the U.S. from his New Zealand hideaway. For those who don’t know, Kim ran MegaUpload, the notorious file-sharing site, from 2005 until 2012—right up until the FBI decided to crash the party. They shut down the site, seized the servers, and probably threw a few hard drives into the ocean for good measure. But Kim's been playing a game of international "hide and seek" ever since. Well, the game might be up because just 15 days ago, a New Zealand judge decided that Kim can finally be shipped off to the U.S. for his alleged piracy shenanigans.

The U.S. authorities claim that Mr. Dotcom and his three trusty sidekicks cost the film and music industry a whopping $500 million. Now, $500 million sounds like a lot—because it is—but to put it in Hollywood terms, that’s about one and a half Star Wars movies. Seriously, the 2015 "Star Wars: The Force Awakens" had a budget of $432 million! So, what’s a few hundred million between friends?

If Kim is indeed extradited, he’ll be facing three charges: money laundering, racketeering, and copyright infringement. Or as they call it in the underworld, the “hat trick.”

In a twist that no one saw coming, infamous hacker USDod has been doxed! Apparently, he got "crowd struck" and decided it was time to hang up his virtual hoodie for good. The 33-year-old, whose real name is Luan Goncalves, is now calling it quits and plans to surrender himself to the Brazilian authorities. Yes, you read that right—a hacker voluntarily turning himself in. What’s next, cats and dogs living together?

Luan’s no stranger to being doxed, but this time it seems he's finally had enough. Before you think he's going out with a whimper, let’s not forget he’s the brains behind some pretty serious data breaches, including the Infragard hack—a network of professionals who work with the FBI to protect U.S. critical infrastructure. Yeah, that kind of serious.

Other hackers in the community are wishing him luck and patting him on the back for his illustrious (if illegal) career. USDod, always one for dramatic exits, left a parting note on hackread.com: “This is not my end. Thank you; see you around. Don’t worry, Brazilian authorities, I’m coming to meet you; I’m not a threat; in fact, I can do much for my country.” Now, if that’s not a retirement speech, I don’t know what is.

In the latest episode of “Who Got Arrested Today?”, Pavel Durov, the enigmatic founder of Telegram, has reportedly been taken into custody. Naturally, this has caused quite the uproar online. If Telegram gets back-doored by the FBI, expect a mass exodus of threat actors, drug dealers, and privacy enthusiasts alike to the next best end-to-end encrypted (E2EE) platform.

Of course, it’s not like crime isn’t happening on other social media platforms. Instagram, Facebook, and Snapchat have their fair share of dodgy dealings, but those are all nicely under the control of Western authorities. But Telegram? That’s a whole different ball game. If the rumours are true, it's time to grab your usernames and get ready to migrate!

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan

THIS MONTHS SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES

Finance company breached revealing 850 million records.
https://breachaware.com/research/finance-company-breached-revealing-850-million-records
A total of 15 breaches were found and analysed resulting in 65,131,591 leaked accounts containing a total of 24 different data types. The breaches found publicly and freely available included Pure Incubation Ventures, Eye4Fraud, APK, AvaTrade and Writers and Artists.

Health supplement maker failed to alert their three million customers of the breach.
https://breachaware.com/research/health-supplement-maker-failed-to-alert-their-three-million-customers-of-the-breach
A total of 31 breaches were found and analysed resulting in 8,514,163 leaked accounts containing a total of 24 different data types. The breaches found publicly and freely available included Piping Rock, Locally, Havenly, Bodog and Ragazzo Delivery.

DefCon conference gives local Las Vegas resort the jitters.
https://breachaware.com/research/defcon-conference-gives-local-las-vegas-resort-the-jitters
A total of 30 breaches were found and analysed resulting in 340,885,509 leaked accounts containing a total of 22 different data types. The breaches found publicly and freely available included Allegedly SOCRadar [USDoD], Rail Yatri, Wanelo [Update], Yatra and Youth Manual.

Previously trashed cybercrime forum is reopening.
https://breachaware.com/research/previously-trashed-cybercrime-forum-is-reopening
A total of 19 breaches were found and analysed resulting in 86,112,651 leaked accounts containing a total of 35 different data types. The breaches found publicly and freely available included Neiman Marcus, Zoosk 2020, Bukalapak, Heroes of Newerth and Zhenai

In our most recent weekly insight, we delved into the escalating drama within the underground cybercrime community, particularly focusing on a feud between two threat actors and the administrators of Breach Forums. The rift began when the threat actors were banned for doxing, a clear violation of the forum’s rules. One of the disgruntled hackers responded by leaking the entire official data leaks page of the forum.

Breach Forums features a marketplace where users buy credits to purchase data breaches. These credits are usually accumulated by selling breaches, leading to substantial collections for dedicated hackers. The banned threat actors, having amassed a significant number of breaches, decided to upload all the data for free on a file hosting site, undermining the forum’s revenue model which relies on credit purchases with cryptocurrencies. This move has set the stage for what promises to be a contentious and chaotic few weeks.

On the corporate front, AT&T recently disclosed a breach in an 8K report filed with the SEC, revealing a compromise initiated by the Shiny Hunters malware campaign. The breach originated from a data leak involving Snowflake, a cloud-based data platform, and affected over 150 companies. The breach first came to light when data from Ticketmaster appeared for sale on a notorious cybercrime forum. Despite SEC regulations mandating prompt disclosure, the FBI and DOJ granted AT&T two extensions due to potential national security risks.

In another twist, the FBI’s recent seizure of the Baphchat Telegram group has backfired. The group, associated with Baphomet and previously taken over during the FBI’s takedown of the OneBreach forum, has been reclaimed by a threat actor. A prominent threat actor and forum moderator celebrated the recovery, stating, "This is truly a heroic day for all of us and a shameful day for the FBI, who fumbled the seizure." The group’s link now proclaims, "This Telegram chat is under the control of Breachforums," and the chat is buzzing with threat actors rejoicing over the FBI’s blunder.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan

THIS MONTHS SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES

It's kicking off in the underground cyber crime community.
https://breachaware.com/research/its-kicking-off-in-the-underground-cyber-crime-community
A total of 25 breaches were found and analysed resulting in 29,695,958 leaked accounts containing a total of 25 different data types. The breaches found publicly and freely available included Trello, 7k7k, Sword Fantasy, Zaimer and Xiaomi.

Kaspersky is being booted out of the USA.
https://breachaware.com/research/kaspersky-is-being-booted-out-of-the-usa
A total of 9 breaches were found and analysed resulting in 2,948,750 leaked accounts containing a total of 14 different data types. The breaches found publicly and freely available included Avito, Lulu Hypermarket, The Cellula, Boutique Curly and NATO Wiki.

Husky owners breach spreads like wildfire.
https://breachaware.com/research/husky-owners-breach-spreads-like-wildfire
A total of 18 breaches were found and analysed resulting in 5,935,927 leaked accounts containing a total of 28 different data types. The breaches found publicly and freely available included Giant Tiger, Telegram Base 2019-2023, Stealer Log 0475, Stealer Log 0474 and Tattletale.

Doctors and physicians exposed, prime for phishing attacks.
https://breachaware.com/research/doctors-and-physicians-exposed-prime-for-phishing-attacks
A total of 32 breaches were found and analysed resulting in 32,522,728 leaked accounts containing a total of 35 different data types. The breaches found publicly and freely available included IndiHome, LenDenClub, USA Business Men & Investor Database, US Doctor's Database 2024 and Stealer log 0473.

"This is not white-hat hacking; it is extortion."
https://breachaware.com/research/this-is-not-white-hat-hacking-it-is-extortion
A total of 22 breaches were found and analysed resulting in 20,007,669 leaked accounts containing a total of 25 different data types. The breaches found publicly and freely available included Russian Electronic School, Stealer Log 0470, piZap, USA Mobile Device Management Software (MDM) User Database and Ticketmaster.

In the ever-dramatic world of cybercrime, a small dark-web forum has found itself in a downward spiral, now up for sale. As covered in our weekly insight, the forum was breached by an unknown threat actor, prompting the admin to panic and shut it down. This came just days after the admin had taken to Telegram to badmouth the threat actor community and insult Shiny Hunters, the admin of Breach Forums. It seems the forum’s admin couldn’t handle the backlash and is now throwing in the towel.

The admin has put the entire forum's database, Telegram channel, and domain up for sale. The database is priced at $8,000, the domain at $600, and the Telegram channel at $2,000. In a somewhat surprising move, users can request the removal of their details from the database for free. There are also unsettling rumours that a former admin or prominent member of the community has tragically committed suicide, casting a somber shadow over an already chaotic situation.

In a moment of schadenfreude for both the online community and law enforcement, the Lockbit ransomware group recently claimed to have breached the United States Federal Reserve. This audacious claim naturally raised eyebrows, but as the countdown timer for the authenticity of the documents hit zero, it turned out to be a misdirection. The actual target was Evolve Bank & Trust, not the Federal Reserve. The confusion likely stemmed from a document mentioning the "United States Federal Reserve," which the affiliate, probably not fluent in English, misinterpreted. VX Underground humorously summed up the situation, pointing out the likely language barrier issue.

Meanwhile, Europol’s "End Game" operation, their largest offensive against botnets, has resulted in the arrest of four individuals—one from Armenia and three from Ukraine. This crackdown has seen law enforcement seize control of 2,000 domains and 100 servers across Europe and the Americas. Although the market for stealer logs remains active, there has been a noticeable dip in availability. One of the main suspects is believed to have raked in over 69 million euros in cryptocurrency, illustrating the scale and profitability of these operations.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan

THIS MONTHS SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES

Administrators of $430 million dark web market have been arrested.
https://breachaware.com/research/administrators-of-430-million-dollar-dark-web-market-have-been-arrested
A total of 25 breaches were found and analysed resulting in 3,151,505 leaked accounts containing a total of 29 different data types. The breaches found publicly and freely available included mSpy, Stealer Log 0468, Kladzdor, Facebook [3] and Fit5.

Disgruntled employee wiped 180 virtual servers.
https://breachaware.com/research/disgruntled-employee-wiped-180-virtual-servers
A total of 20 breaches were found and analysed resulting in 19,990,155 leaked accounts containing a total of 23 different data types. The breaches found publicly and freely available included Lumin [2], Scentbird [2], Stealer Log 0467, Respect-Shoes and Tecnova Group.

Company backed by Facebook co-founder suffers large data breach.
https://breachaware.com/research/company-backed-by-facebook-co-founder-suffers-large-data-breach
A total of 30 breaches were found and analysed resulting in 7,203,587 leaked accounts containing a total of 29 different data types. The breaches found publicly and freely available included 51, Zadig and Voltaire, Stealer Log 0465, T Bank and Danto.

Threat actor group expose data relating to Mexican cartels.
https://breachaware.com/research/threat-actor-group-expose-data-relating-to-mexican-cartels
A total of 31 breaches were found and analysed resulting in 2,177,382 leaked accounts containing a total of 32 different data types. The breaches found publicly and freely available included Unigame, One Vers, National Association of Judicial Sales Institutes, Stealer Log 0463 and THConnect.