The emergence of the bootkit "Blacklotus" marks a chilling development in the realm of cyber threats. Originally offered for sale on various hacking forums last year for a modest $5,000, this bootkit's capabilities have proven to be as formidable as advertised. It's a game-changer, being the first of its kind to bypass even the most secure UEFI boot configurations, effortlessly slipping past a fully updated Windows 11 system with UEFI secure boot enabled. With the finesse of a digital ninja, Blacklotus sidesteps antivirus scanners and renders OS security software like Windows Defender powerless.

Once nestled in a victim's system, Blacklotus goes into stealth mode, hiding its files on the EFI system partition and operating as an HTTP downloader, ready to fetch additional payloads at the beck and call of the threat actor. The laundry list of its capabilities reads like a cyber dystopian nightmare – it's a sobering reminder of the ever-evolving sophistication of cyber threats lurking in the digital shadows.

Meanwhile, the demise of the underground forum BreachForums has sent shockwaves through the cyber underworld, leaving threat actors and script kiddies alike in a state of mourning. Led by the enigmatic admin Pompompurin, BreachForums was a digital haven for nefarious activities, boasting a bustling community of 300 thousand accounts in its short lifespan. Pompompurin took the operation seriously, even pulling off a brazen hack of the FBI in 2021 for a bit of trollish fun.

But alas, the long arm of the law caught up with Pompompurin, who was apprehended by the FBI in New York State. In a bid to preserve the forum's legacy, Pompompurin had arranged with their second-in-command, Baphoment, for a seamless transition in case of arrest. However, with Pompompurin behind bars, Baphoment made the tough call to shutter the forum, citing the newfound uncertainty of safety in the digital underworld.

Yet, amidst the chaos, Baphoment remains a beacon of resilience, hinting at the possibility of a new community rising from the ashes of BreachForums. With a vow to learn from past mistakes and fortify against future threats, Baphoment's vision for a safer, more resilient digital haven offers a glimmer of hope in an otherwise turbulent cyber landscape.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan

THIS MONTHS SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES

Bank categorically denied the breach and investigation.
https://breachaware.com/research/bank-categorically-denied-the-breach-and-investigation
A total of 32 breaches were found and analysed resulting in 13,280,831 leaked accounts containing a total of 19 different data types. The breaches found publicly and freely available included Gemo Test, Stealer - Mixed Logs 0272, Stealer - Mixed Logs 0268, Stealer - Mixed Logs 0265 and Foodora.

Threat actors exfiltrate a large SQL database of COVID records.
https://breachaware.com/research/threat-actors-exfiltrate-a-large-sql-database-of-covid-records
A total of 20 breaches were found and analysed resulting in 6,204,700 leaked accounts containing a total of 19 different data types. The breaches found publicly and freely available included SberSpasibo, HDFC Bank, Stealer - Mixed Logs 0253, Okanagan College and Stealer - RedLine 0260.

Bank customers complain of phishing attacks via Twitter.
https://breachaware.com/research/bank-customers-complain-of-phishing-attacks-via-witter
A total of 11 breaches were found and analysed resulting in 9,356,800 leaked accounts containing a total of 17 different data types. The breaches found publicly and freely available included US Gamblers, Zen Mobile, Arteza, Stealer - Mixed Logs 0250 and Mobile Legends: Bang Bang.

Video game publisher based in the US suffered a data leak.
https://breachaware.com/research/video-game-publisher-based-in-the-us-suffered-a-data-leak
A total of 33 breaches were found and analysed resulting in 2,068,944 leaked accounts containing a total of 25 different data types. The breaches found publicly and freely available included Kiwi Taxi [2], TaxNet USA, Athletics Federation of India, Stealer - Meta 0239 and B Tech.