Dark Web Meltdowns, Bureaucratic U-Turns & Europol’s World Domination Tour.
April 2025
By SUE DENIM
If you logged into your favourite cybercrime forum this week and found nothing but tumbleweeds and 404s, you’re not alone. A couple of well known underground hacking forums have either gone on holiday or been vaporised entirely. It's unclear if they’ve shut down for good or just doing the digital equivalent of pretending they’re not home when the FBI knocks.
One particularly loud mouthed Russian speaking hacking forum seems to be having clearnet issues which, in their line of work, is about as surprising as a crypto rug-pull. Meanwhile, the BreachForums drama is still going strong. Ever since it got Thanos snapped out of existence by activist group Dark Storm, new forums have been popping up like dodgy pop-ups on a torrent site. Some are clearly scams, others are actual contenders, and a few are probably honeypots with great UI.
The "new" BreachForums is apparently being run by several of the old moderators, but let’s just say the reunion tour hasn’t been warmly received. Former users have trust issues (shocking, I know) and aren’t quite rolling out the welcome mat. Oh, and ShinyHunters, the data breach supervillains behind attacks on Tokopedia, AT&T, and your local grandmother’s cookie blog, have vanished. No tweets. No leaks. Just silence. Either they’ve quit the game, or they’re watching from a cabana in a jurisdiction with no extradition.
And now, to the bureaucratic circus: The U.S. Department of Government Efficiency (DOGE, no, not a meme, it’s a real agency, tragically not funded by Elon Musk) recently decided to pull funding from MITRE. Yes, MITRE, the same folks responsible for the CVE Program, which helps the world not burn down every time someone writes insecure JavaScript.
Cue the collective meltdown from every corner of InfoSec Twitter and the more vocal corners of dark web chatrooms. Surprisingly, DOGE did a reverse Uno card and reinstated funding almost immediately, likely after realising that pulling the plug on the CVE database is like taking away a fire extinguisher during a grease fire. For context, MITRE has been handed around $1.5 billion since 2008. Pricey? Sure. But still cheaper than letting everything go full Equifax every week.
Now, here’s the part where Europol enters like a law enforcement John Wick. Teaming up with Bavarian State Police and 35(!) other countries, they helped shut down a truly horrific CSAM darknet site called "Kidflix" because apparently there's no bottom to the naming choices of depraved criminals.
From April 2022 to March 2025, this nightmare of a site hosted over 91,000 unique CSAM videos and attracted 1.8 million users. But here’s the good news:
- 1,400 users identified
- 79 arrests made
- And 39 children rescued
It’s a horrifying case, but it does show what can happen when law enforcement agencies put their heads together and decide to actually clean up the internet rather than just hold awkward press conferences about it.
So yes, the dark web is in disarray, bureaucrats are still confused by what the internet actually is, and law enforcement is finally making moves that actually matter. If nothing else, it’s been an eventful week and I, for one, am running low on popcorn.
Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan
THIS MONTHS SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES
Cybercrime Crackdowns, Cloud Denials, and Vanishing Professors.
https://breachaware.com/research/cybercrime-crackdowns-cloud-denials-and-vanishing-professors
A total of 18 breaches were found and analysed resulting in 22,619,144 leaked accounts containing a total of 34 different data types. The breaches found publicly and freely available included ULP Alien TxT File - Episode 8, ULP 0012, Hisense USA, Florida Department of State and Aiudo.
VPN Cracks, Dark Web Upgrades & Meta’s Make or Break Trial.
https://breachaware.com/research/vpn-cracks-dark-web-upgrades-and-metas-make-or-break-trial
A total of 28 breaches were found and analysed resulting in 27,088,911 leaked accounts containing a total of 29 different data types. The breaches found publicly and freely available included ULP Alien TxT File - Episode 9, ULP 0013, Breach.VIP, Boulanger and V-Tight Gel.
Patches, Psyops & Paranoia.
https://breachaware.com/research/patches-psyops-and-paranoia
A total of 14 breaches were found and analysed resulting in 5,870,230 leaked accounts containing a total of 23 different data types. The breaches found publicly and freely available included Alien TxT File - Episode 10, ULP 0014, Alshaya Group, Stealer Log 0522 and Puppy Finder.
Fine Wine, Fast Bugs, and Forum Drama.
https://breachaware.com/research/fine-wine-fast-bugs-and-forum-drama
A total of 30 breaches were found and analysed resulting in 15,193,862 leaked accounts containing a total of 29 different data types. The breaches found publicly and freely available included Quality Used Transmissions, ULP 0016, Telmex, ULP 0015 and AlfaStrakhovanie Group.
One particularly loud mouthed Russian speaking hacking forum seems to be having clearnet issues which, in their line of work, is about as surprising as a crypto rug-pull. Meanwhile, the BreachForums drama is still going strong. Ever since it got Thanos snapped out of existence by activist group Dark Storm, new forums have been popping up like dodgy pop-ups on a torrent site. Some are clearly scams, others are actual contenders, and a few are probably honeypots with great UI.
The "new" BreachForums is apparently being run by several of the old moderators, but let’s just say the reunion tour hasn’t been warmly received. Former users have trust issues (shocking, I know) and aren’t quite rolling out the welcome mat. Oh, and ShinyHunters, the data breach supervillains behind attacks on Tokopedia, AT&T, and your local grandmother’s cookie blog, have vanished. No tweets. No leaks. Just silence. Either they’ve quit the game, or they’re watching from a cabana in a jurisdiction with no extradition.
And now, to the bureaucratic circus: The U.S. Department of Government Efficiency (DOGE, no, not a meme, it’s a real agency, tragically not funded by Elon Musk) recently decided to pull funding from MITRE. Yes, MITRE, the same folks responsible for the CVE Program, which helps the world not burn down every time someone writes insecure JavaScript.
Cue the collective meltdown from every corner of InfoSec Twitter and the more vocal corners of dark web chatrooms. Surprisingly, DOGE did a reverse Uno card and reinstated funding almost immediately, likely after realising that pulling the plug on the CVE database is like taking away a fire extinguisher during a grease fire. For context, MITRE has been handed around $1.5 billion since 2008. Pricey? Sure. But still cheaper than letting everything go full Equifax every week.
Now, here’s the part where Europol enters like a law enforcement John Wick. Teaming up with Bavarian State Police and 35(!) other countries, they helped shut down a truly horrific CSAM darknet site called "Kidflix" because apparently there's no bottom to the naming choices of depraved criminals.
From April 2022 to March 2025, this nightmare of a site hosted over 91,000 unique CSAM videos and attracted 1.8 million users. But here’s the good news:
- 1,400 users identified
- 79 arrests made
- And 39 children rescued
It’s a horrifying case, but it does show what can happen when law enforcement agencies put their heads together and decide to actually clean up the internet rather than just hold awkward press conferences about it.
So yes, the dark web is in disarray, bureaucrats are still confused by what the internet actually is, and law enforcement is finally making moves that actually matter. If nothing else, it’s been an eventful week and I, for one, am running low on popcorn.
Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan
THIS MONTHS SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES
Cybercrime Crackdowns, Cloud Denials, and Vanishing Professors.
https://breachaware.com/research/cybercrime-crackdowns-cloud-denials-and-vanishing-professors
A total of 18 breaches were found and analysed resulting in 22,619,144 leaked accounts containing a total of 34 different data types. The breaches found publicly and freely available included ULP Alien TxT File - Episode 8, ULP 0012, Hisense USA, Florida Department of State and Aiudo.
VPN Cracks, Dark Web Upgrades & Meta’s Make or Break Trial.
https://breachaware.com/research/vpn-cracks-dark-web-upgrades-and-metas-make-or-break-trial
A total of 28 breaches were found and analysed resulting in 27,088,911 leaked accounts containing a total of 29 different data types. The breaches found publicly and freely available included ULP Alien TxT File - Episode 9, ULP 0013, Breach.VIP, Boulanger and V-Tight Gel.
Patches, Psyops & Paranoia.
https://breachaware.com/research/patches-psyops-and-paranoia
A total of 14 breaches were found and analysed resulting in 5,870,230 leaked accounts containing a total of 23 different data types. The breaches found publicly and freely available included Alien TxT File - Episode 10, ULP 0014, Alshaya Group, Stealer Log 0522 and Puppy Finder.
Fine Wine, Fast Bugs, and Forum Drama.
https://breachaware.com/research/fine-wine-fast-bugs-and-forum-drama
A total of 30 breaches were found and analysed resulting in 15,193,862 leaked accounts containing a total of 29 different data types. The breaches found publicly and freely available included Quality Used Transmissions, ULP 0016, Telmex, ULP 0015 and AlfaStrakhovanie Group.
BreachAware Insight
THE LATEST CURATED INTEL FROM OUR RESEARCH CENTRE
Listen to our podcast, where Andrew, the visionary CEO of BreachAware, sits down with unsung heroes of the cyber security industry. Get ready to uncover the stories and insights of industry trailblazers you might not have heard of before, as they share their experiences, opinions, and insider intel. But beware, it's not all serious talk—expect a healthy dose of humour (and the odd cussing) sprinkled throughout the conversation.




Weekly Summary
SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINESSchedule a Demonstration
MAKE THE SMART CHOICE TODAY
Whether you're considering becoming an Official BreachAware® Partner, seeking insights into
successful use cases, or simply exploring, a demonstration is
the perfect way to discover more.
