'%3e%3cg id='Final-Copy-2_2_' transform='translate(1275.000000, 200.000000)'%3e%3cpath class='st0' d='M7.4,12.8h6.8l3.1-11.6H7.4C4.2,1.2,1.6,3.8,1.6,7S4.2,12.8,7.4,12.8z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg id='final---dec.11-2020'%3e%3cg id='_x30_208-our-toggle' transform='translate(-1275.000000, -200.000000)'%3e%3cg id='Final-Copy-2' transform='translate(1275.000000, 200.000000)'%3e%3cpath class='st1' d='M22.6,0H7.4c-3.9,0-7,3.1-7,7s3.1,7,7,7h15.2c3.9,0,7-3.1,7-7S26.4,0,22.6,0z M1.6,7c0-3.2,2.6-5.8,5.8-5.8 h9.9l-3.1,11.6H7.4C4.2,12.8,1.6,10.2,1.6,7z'/%3e%3cpath id='x' class='st2' d='M24.6,4c0.2,0.2,0.2,0.6,0,0.8l0,0L22.5,7l2.2,2.2c0.2,0.2,0.2,0.6,0,0.8c-0.2,0.2-0.6,0.2-0.8,0 l0,0l-2.2-2.2L19.5,10c-0.2,0.2-0.6,0.2-0.8,0c-0.2-0.2-0.2-0.6,0-0.8l0,0L20.8,7l-2.2-2.2c-0.2-0.2-0.2-0.6,0-0.8 c0.2-0.2,0.6-0.2,0.8,0l0,0l2.2,2.2L23.8,4C24,3.8,24.4,3.8,24.6,4z'/%3e%3cpath id='y' class='st3' d='M12.7,4.1c0.2,0.2,0.3,0.6,0.1,0.8l0,0L8.6,9.8C8.5,9.9,8.4,10,8.3,10c-0.2,0.1-0.5,0.1-0.7-0.1l0,0 L5.4,7.7c-0.2-0.2-0.2-0.6,0-0.8c0.2-0.2,0.6-0.2,0.8,0l0,0L8,8.6l3.8-4.5C12,3.9,12.4,3.9,12.7,4.1z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
If you logged into your favourite cybercrime forum this week and found nothing but tumbleweeds and 404s, you’re not alone. A couple of well known underground hacking forums have either gone on holiday or been vaporised entirely. It's unclear if they’ve shut down for good or just doing the digital equivalent of pretending they’re not home when the FBI knocks.
One particularly loud mouthed Russian speaking hacking forum seems to be having clearnet issues which, in their line of work, is about as surprising as a crypto rug-pull. Meanwhile, the BreachForums drama is still going strong. Ever since it got Thanos snapped out of existence by activist group Dark Storm, new forums have been popping up like dodgy pop-ups on a torrent site. Some are clearly scams, others are actual contenders, and a few are probably honeypots with great UI.
The "new" BreachForums is apparently being run by several of the old moderators, but let’s just say the reunion tour hasn’t been warmly received. Former users have trust issues (shocking, I know) and aren’t quite rolling out the welcome mat. Oh, and ShinyHunters, the data breach supervillains behind attacks on Tokopedia, AT&T, and your local grandmother’s cookie blog, have vanished. No tweets. No leaks. Just silence. Either they’ve quit the game, or they’re watching from a cabana in a jurisdiction with no extradition.
And now, to the bureaucratic circus: The U.S. Department of Government Efficiency (DOGE, no, not a meme, it’s a real agency, tragically not funded by Elon Musk) recently decided to pull funding from MITRE. Yes, MITRE, the same folks responsible for the CVE Program, which helps the world not burn down every time someone writes insecure JavaScript.
Cue the collective meltdown from every corner of InfoSec Twitter and the more vocal corners of dark web chatrooms. Surprisingly, DOGE did a reverse Uno card and reinstated funding almost immediately, likely after realising that pulling the plug on the CVE database is like taking away a fire extinguisher during a grease fire. For context, MITRE has been handed around $1.5 billion since 2008. Pricey? Sure. But still cheaper than letting everything go full Equifax every week.
Now, here’s the part where Europol enters like a law enforcement John Wick. Teaming up with Bavarian State Police and 35(!) other countries, they helped shut down a truly horrific CSAM darknet site called "Kidflix" because apparently there's no bottom to the naming choices of depraved criminals.
From April 2022 to March 2025, this nightmare of a site hosted over 91,000 unique CSAM videos and attracted 1.8 million users. But here’s the good news:
- 1,400 users identified
- 79 arrests made
- And 39 children rescued
It’s a horrifying case, but it does show what can happen when law enforcement agencies put their heads together and decide to actually clean up the internet rather than just hold awkward press conferences about it.
So yes, the dark web is in disarray, bureaucrats are still confused by what the internet actually is, and law enforcement is finally making moves that actually matter. If nothing else, it’s been an eventful week and I, for one, am running low on popcorn.
Scan Any Domain for Free https://breachaware.com/scan
https://breachaware.com/research/cybercrime-crackdowns-cloud-denials-and-vanishing-professors
A total of 18 breaches were found and analysed resulting in 22,619,144 leaked accounts containing a total of 34 different data types. The breaches found publicly and freely available included ULP Alien TxT File - Episode 8, ULP 0012, Hisense USA, Florida Department of State and Aiudo.
VPN Cracks, Dark Web Upgrades & Meta’s Make or Break Trial.
https://breachaware.com/research/vpn-cracks-dark-web-upgrades-and-metas-make-or-break-trial
A total of 28 breaches were found and analysed resulting in 27,088,911 leaked accounts containing a total of 29 different data types. The breaches found publicly and freely available included ULP Alien TxT File - Episode 9, ULP 0013, Breach.VIP, Boulanger and V-Tight Gel.
Patches, Psyops & Paranoia.
https://breachaware.com/research/patches-psyops-and-paranoia
A total of 14 breaches were found and analysed resulting in 5,870,230 leaked accounts containing a total of 23 different data types. The breaches found publicly and freely available included Alien TxT File - Episode 10, ULP 0014, Alshaya Group, Stealer Log 0522 and Puppy Finder.
Fine Wine, Fast Bugs, and Forum Drama.
https://breachaware.com/research/fine-wine-fast-bugs-and-forum-drama
A total of 30 breaches were found and analysed resulting in 15,193,862 leaked accounts containing a total of 29 different data types. The breaches found publicly and freely available included Quality Used Transmissions, ULP 0016, Telmex, ULP 0015 and AlfaStrakhovanie Group.
One particularly loud mouthed Russian speaking hacking forum seems to be having clearnet issues which, in their line of work, is about as surprising as a crypto rug-pull. Meanwhile, the BreachForums drama is still going strong. Ever since it got Thanos snapped out of existence by activist group Dark Storm, new forums have been popping up like dodgy pop-ups on a torrent site. Some are clearly scams, others are actual contenders, and a few are probably honeypots with great UI.
The "new" BreachForums is apparently being run by several of the old moderators, but let’s just say the reunion tour hasn’t been warmly received. Former users have trust issues (shocking, I know) and aren’t quite rolling out the welcome mat. Oh, and ShinyHunters, the data breach supervillains behind attacks on Tokopedia, AT&T, and your local grandmother’s cookie blog, have vanished. No tweets. No leaks. Just silence. Either they’ve quit the game, or they’re watching from a cabana in a jurisdiction with no extradition.
And now, to the bureaucratic circus: The U.S. Department of Government Efficiency (DOGE, no, not a meme, it’s a real agency, tragically not funded by Elon Musk) recently decided to pull funding from MITRE. Yes, MITRE, the same folks responsible for the CVE Program, which helps the world not burn down every time someone writes insecure JavaScript.
Cue the collective meltdown from every corner of InfoSec Twitter and the more vocal corners of dark web chatrooms. Surprisingly, DOGE did a reverse Uno card and reinstated funding almost immediately, likely after realising that pulling the plug on the CVE database is like taking away a fire extinguisher during a grease fire. For context, MITRE has been handed around $1.5 billion since 2008. Pricey? Sure. But still cheaper than letting everything go full Equifax every week.
Now, here’s the part where Europol enters like a law enforcement John Wick. Teaming up with Bavarian State Police and 35(!) other countries, they helped shut down a truly horrific CSAM darknet site called "Kidflix" because apparently there's no bottom to the naming choices of depraved criminals.
From April 2022 to March 2025, this nightmare of a site hosted over 91,000 unique CSAM videos and attracted 1.8 million users. But here’s the good news:
- 1,400 users identified
- 79 arrests made
- And 39 children rescued
It’s a horrifying case, but it does show what can happen when law enforcement agencies put their heads together and decide to actually clean up the internet rather than just hold awkward press conferences about it.
So yes, the dark web is in disarray, bureaucrats are still confused by what the internet actually is, and law enforcement is finally making moves that actually matter. If nothing else, it’s been an eventful week and I, for one, am running low on popcorn.
Scan Any Domain for Free https://breachaware.com/scan
Data Breach, Vulnerability & Privacy Research this Month
Cybercrime Crackdowns, Cloud Denials, and Vanishing Professors.https://breachaware.com/research/cybercrime-crackdowns-cloud-denials-and-vanishing-professors
A total of 18 breaches were found and analysed resulting in 22,619,144 leaked accounts containing a total of 34 different data types. The breaches found publicly and freely available included ULP Alien TxT File - Episode 8, ULP 0012, Hisense USA, Florida Department of State and Aiudo.
VPN Cracks, Dark Web Upgrades & Meta’s Make or Break Trial.
https://breachaware.com/research/vpn-cracks-dark-web-upgrades-and-metas-make-or-break-trial
A total of 28 breaches were found and analysed resulting in 27,088,911 leaked accounts containing a total of 29 different data types. The breaches found publicly and freely available included ULP Alien TxT File - Episode 9, ULP 0013, Breach.VIP, Boulanger and V-Tight Gel.
Patches, Psyops & Paranoia.
https://breachaware.com/research/patches-psyops-and-paranoia
A total of 14 breaches were found and analysed resulting in 5,870,230 leaked accounts containing a total of 23 different data types. The breaches found publicly and freely available included Alien TxT File - Episode 10, ULP 0014, Alshaya Group, Stealer Log 0522 and Puppy Finder.
Fine Wine, Fast Bugs, and Forum Drama.
https://breachaware.com/research/fine-wine-fast-bugs-and-forum-drama
A total of 30 breaches were found and analysed resulting in 15,193,862 leaked accounts containing a total of 29 different data types. The breaches found publicly and freely available included Quality Used Transmissions, ULP 0016, Telmex, ULP 0015 and AlfaStrakhovanie Group.
