In cyber warfare, it seems no sector is safe from the relentless clutches of threat actors. Take, for instance, a Russian food manufacturing giant finding itself in the crosshairs of a Ukrainian hacker collective. With a flair for the dramatic, the group proudly proclaimed their conquest in a channel dedicated to airing their digital conquests. Their loot? A whopping 6TB of sensitive data, including source code and client information, leaving the company's confidentiality in tatters. And if that weren't enough, they even dropped the CEO's personal details like it was hot gossip, suggesting a brazen breach via the company's VPN. One can only speculate whether the CEO's nonchalance stemmed from a hefty ransom payout or simply poor cybersecurity practices.

Meanwhile, Apple users worldwide received an unexpected jolt from the tech giant, courtesy of threat notifications warning of potential targeted attacks by none other than sophisticated threat actors. These aren't your run-of-the-mill alerts; they're the digital equivalent of a red alert, signalling the presence of high-value targets under the watchful eye of nation-state hackers or other nefarious entities. It's a call to arms for users to fortify their digital defences posthaste, with a direct line to cybersecurity professionals for backup.

And just when you thought the cyber landscape couldn't get any stranger, along comes a musical interlude courtesy of the malware analysis mavens over at VX Underground. An EDM anthem straight out of an anime fever dream, its lyrics lifted straight from the digital annals of LockBit 3.0's takedown saga. It may not be destined for the Billboard charts, but it's certainly a quirky addition to the cyber-culture canon.

In cybersecurity policy, the Biden Administration's U.S. Cyber Trust Mark initiative is gearing up for its grand debut. Designed to bolster the security of everyday IoT devices, this policy promises consumers greater transparency when navigating the maze of internet-connected gadgets. However, as the industry braces for this much-needed shake-up, lingering concerns persist over the prevalence of insecure IoT devices lurking in the market's shadows. It's a step in the right direction, to be sure, but the road to a cyber-safe future is paved with many a digital hurdle.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan

Huge amount of customer records exposed from the solar industry.
https://breachaware.com/research/huge-amount-of-customer-records-exposed-from-the-solar-industry
A total of 13 breaches were found and analysed resulting in 4,834,779 leaked accounts containing a total of 21 different data types. The breaches found publicly and freely available included Stealer Log 0452, Redaq, Stealer Log 0453, Kharkov and Stealer Log 0451.

You didn't have to be a brain surgeon to use the LabHost service.
https://breachaware.com/research/you-didnt-have-to-be-a-brain-surgeon-to-use-the-labhost-service
A total of 11 breaches were found and analysed resulting in 8,670,369 leaked accounts containing a total of 26 different data types. The breaches found publicly and freely available included A MONEY, Raychat, Bin Weevils, ZOON and Stealer Log 0450.

Apple warns users they may be targeted by a “mercenary spyware attack"
https://breachaware.com/research/apple-warns-users-they-may-be-targeted-by-a-mercenary-spyware-attack
A total of 15 breaches were found and analysed resulting in 10,110,194 leaked accounts containing a total of 23 different data types. The breaches found publicly and freely available included US Environmental Protection Agency (EPA), Stealer Log 0448, Stealer Log 0449, Believe and Carding Team.

Well known threat actor is currently on a hacking spree.
https://breachaware.com/research/well-known-threat-actor-is-currently-on-a-hacking-spree
A total of 7 breaches were found and analysed resulting in 2,399,513 leaked accounts containing a total of 20 different data types. The breaches found publicly and freely available included PandaBuy, Stealer Log 0447, Leadzen, FICO and Koroleva.

US Cyber Trust Mark excludes internet-enabled medical equipment.
https://breachaware.com/research/us-cyber-trust-mark-excludes-internet-enabled-medical-equipment
A total of 35 breaches were found and analysed resulting in 9,841,487 leaked accounts containing a total of 24 different data types. The breaches found publicly and freely available included Stealer Log 0442, Kral Bros Garage, Stealer Log 0444, Stealer Log 0446 and DataCamp.

Ah, the dramatic saga of TikTok in the United States! Picture this: a ban looming over TikTok, akin to a dark cloud threatening to rain on our digital parade. Congress is all up in arms, waving their "think of the children" banners while TikTok nervously checks its watch, wondering if it should start packing its bags for a forced sale. Meanwhile, nobody bats an eye at the plethora of Chinese gadgets quietly infiltrating American households. It's like the ultimate game of "spot the double standard."

And then there's the Discord bot community, a bustling hub of over 170,000 members, blissfully unaware of the chaos brewing in its midst. Little did they know, a sneaky supply chain attack was underway, with cybercriminals slinging malware like digital ninja stars. The plot thickens as innocent developers unwittingly become pawns in this cyber chess match. It's like a scene straight out of a cyberpunk thriller, only with more Python packages and less neon.

But wait, there's more! Remember that telecom company caught in the data breach scandal of yesteryear? Well, guess who's back in the limelight! Cue the dramatic music as data allegedly linked to their previous mishap resurfaces, like a ghost from breaches past. The company's denial game is strong, but cybersecurity experts aren't buying it. With the FCC's new data breach notification rules hot off the press, it's like watching a high-stakes poker game unfold, with the company desperately trying to bluff its way out of trouble.

Ah, the cybersecurity world. Just when you think you've seen it all, it throws you another curveball. Stay tuned, folks. This digital rollercoaster ride is far from over!

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan

THIS MONTHS SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES

Lithuanian police have “pulled the trigger” on seizing a dark web market place.
https://breachaware.com/research/lithuanian-police-have-pulled-the-trigger-on-seizing-a-dark-web-market-place
A total of 24 breaches were found and analysed resulting in 87,916,303 leaked accounts containing a total of 21 different data types. The breaches found publicly and freely available included AT&T Division, US Consumer Opt In Records, Gosuslugi [2], Kava CasinoLife Poker and Stealer Log 0438.

"We got one final little nasty surprise for y’all." Exit scam on a new level!
https://breachaware.com/research/we-got-one-final-little-nasty-surprise-for-yall-exit-scam-on-a-new-level
A total of 27 breaches were found and analysed resulting in 12,280,942 leaked accounts containing a total of 30 different data types. The breaches found publicly and freely available included MyPertamina, Viet Loan, Movistar - Peru, Papa Johns Pizza - Moscow and Stealer Log 0437.

Exit scamming adding a new dimension to nefarious activities.
https://breachaware.com/research/exit-scamming-adding-a-new-dimension-to-nefarious-activities
A total of 22 breaches were found and analysed resulting in 38,890,296 leaked accounts containing a total of 28 different data types. The breaches found publicly and freely available included Cutout.Pro, Haijiao, LenDen App, R20 Digital and Stealer Log 0435.

Credentials unearthed from Stealer Logs continue to skyrocket.
https://breachaware.com/research/credentials-unearthed-from-stealer-logs-continue-to-skyrocket
A total of 15 breaches were found and analysed resulting in 1,263,339 leaked accounts containing a total of 25 different data types. The breaches found publicly and freely available included Stealer Log 0253, Uteka, Stealer Log 0252, Ultra Trade and Bmobile.

Well, well, well, it seems the digital waters are getting murkier by the day. A mysterious GitHub user by the name of I-SOON recently made their grand entrance onto the coding scene, dropping a repository bombshell titled "The Truth Behind an Xun." Inside? Oh, just a casual 200 megabytes of top-secret intel about a Chinese cybersecurity company. Talk about spilling the digital tea!

This treasure trove of data gives us a backstage pass into the shadowy world of state-sponsored hacking, courtesy of a company that, on the surface, offers cybersecurity courses and pen tests. But oh, there's so much more beneath the surface. The leaked documents, all 500 of them, paint a rather colourful picture of the company's not-so-innocent activities, spanning from the UK to the far corners of Asia.

And if that weren't enough, we've got juicy tidbits on spyware and hacking gadgets straight out of a Bond film. Imagine Android phones unwittingly spilling their guts when connecting to the same network as these nefarious devices. Oh, and let's not forget the pièce de résistance: a Twitter exploit playbook that's like a digital Trojan horse, granting attackers the keys to the Twitter kingdom with just one click on a shady link.

But wait, there's more! Among the treasure trove lies a white paper ominously titled "Twitter Public Opinion Guidance and Control System." Sounds like something straight out of a dystopian novel, doesn't it? Clearly, controlling overseas social public opinion is all the rage these days.

Meanwhile, down under, an Australian internet provider finds itself in some scorching hot water. Ever since cozying up to the Common Wealth Bank in 2021, they've found themselves in the midst of a security storm. Over 230 thousand users are left exposed after a security snafu of epic proportions. Despite assurances that they've slammed the door shut on network access, it seems the damage is done. Data types are now taking a leisurely stroll on the dark web, courtesy of this cyber debacle. Time to batten down the digital hatches, folks!

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan

THIS MONTHS SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES

Ransomware group responds following publicised joint operation.
https://breachaware.com/research/ransomware-group-responds-following-publicised-joint-operation
A total of 38 breaches were found and analysed resulting in 3,984,206 leaked accounts containing a total of 27 different data types. The breaches found publicly and freely available included Stealer Log 0248, Leonardo, Stealer Log 0249, Tangerine Telecom and Stealer Log 0250.

Ransomware group allowed affiliates to ransom a cancer treatment centre.
https://breachaware.com/research/ransomware-group-allowed-affiliates-to-ransom-a-cancer-treatment-centre
A total of 18 breaches were found and analysed resulting in 210,458,625 leaked accounts containing a total of 18 different data types. The breaches found publicly and freely available included demo.zerooq.com, Dunzo, Aussie Vapes, Stealer Log 0247 and Too Easy.

Alleged threat actor responsible for mental health provider breach caught.
https://breachaware.com/research/alleged-threat-actor-responsible-for-mental-health-provider-breach-caught
A total of 27 breaches were found and analysed resulting in 19,114,750 leaked accounts containing a total of 25 different data types. The breaches found publicly and freely available included Lime Leads [2], Stealer Log 0425, My Wallet, Toys’R’Us - Israel and 45Minut.

Hong Kong based luxury clothing company's API exploited.
https://breachaware.com/research/hong-kong-based-luxury-clothing-companys-api-exploited
A total of 20 breaches were found and analysed resulting in 5,576,986 leaked accounts containing a total of 20 different data types. The breaches found publicly and freely available included JPoint, Rina Orc, Blogigo, Tolgel88 and Stealer Log 0412.

In a cyber twist reminiscent of a high-stakes thriller, Ukrainian activists are claiming to have performed a digital magic trick at the Russian Center for Space Hydro-Meteorology. The daring act allegedly involved breaking in and erasing a whopping two petabytes of data. If the Center had their cosmic ducks in a row with backups, they're in for a celestial restoration project that could take eons. The Planeta, as it's casually known, juggles the arrangement of aerospace data, including the management of military satellites, ground equipment like radars, and a plethora of stations monitoring everything from natural disasters to volcanic activity. The hackers, reportedly causing chaos across 280 servers, are giving the term "data wipeout" a cosmic spin. Despite the news being delivered by the Main Intelligence Directorate of Ukraine's Ministry of Defence, they're quick to deny any hands-on involvement, leaving the cyber curtain open for speculation.

Meanwhile, in the world of cybercrime, a member of the infamous Shiny Hunters crew has found themselves in a real-life courtroom drama. Sentenced to three years in the cyber slammer and slapped with a five-million-dollar damages bill, this former computer science whiz was nabbed by Moroccan authorities after the FBI sent out a digital wanted poster in May 2022. Through a plea deal that would make even seasoned negotiators nod in approval, the hacker avoided a potential 116-year prison stint for charges including electronic fraud and aggravated identity theft. The Shiny Hunters gang, known for its digital exploits in compromising over 60 companies, can now add the loss of one of its own to its criminal resume. Talk about poetic justice in the cyber realm.

As if we needed another plot twist in the cyber saga, "CyberKidnapping" is making headlines, featuring social engineering as the star of the show. In a recent American case, threat actors managed to get the upper hand by acquiring substantial information about a Chinese family with a 17-year-old son living in the U.S., while the rest of the family resided in China. Through a web of spoofed phone calls, these digital puppet masters convinced the family to fork over a hefty $80,000 for the supposed safe return of their son. The plot thickens as the young man is later discovered chilling in the mountains of Utah, having fallen victim to the cyber smoke and mirrors. Who needs Hollywood scripts when reality is writing its own cyber thriller?

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan

THIS MONTHS SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES

'Best car insurance company of 2023' fell victim to a significant data breach.
https://breachaware.com/research/best-car-insurance-company-of-2023-fell-victim-to-a-significant-data-breach
A total of 29 breaches were found and analysed resulting in 62,500,213 leaked accounts containing a total of 23 different data types. The breaches found publicly and freely available included Naz.API, Elephant Insurance Services, Klarna [2] (URL Redirected), Stealer Log 0410 and Vecer.

Music event ticket sellers' entire user base is exposed.
https://breachaware.com/research/music-event-ticket-sellers-entire-user-base-is-exposed
A total of 19 breaches were found and analysed resulting in 6,238,564 leaked accounts containing a total of 23 different data types. The breaches found publicly and freely available included Hathway Cable & Datacom, GSM Forum, Stealer Log 0407, Atlas Bus and Live4Fun.

"The McFlurry Bandit" exposed McDonald’s Single Sign-On (SSO) services.
https://breachaware.com/research/the-mcflurry-bandit-exposed-mcdonalds-single-sign-on-services
A total of 36 breaches were found and analysed resulting in 8,839,927 leaked accounts containing a total of 24 different data types. The breaches found publicly and freely available included Alpha Bank, Kredit Plus, Stealer Log 0406, The ACE Card Club and RCZ Bike Shop.

Energy engineers from 100 countries have fallen victim to a breach.
https://breachaware.com/research/energy-engineers-from-100-countries-have-fallen-victim-to-a-breach
A total of 18 breaches were found and analysed resulting in 3,873,960 leaked accounts containing a total of 20 different data types. The breaches found publicly and freely available included Leader ID, Stealer Log 0403, iGlobe, Stealer Log 0404 and Pelayanan Denpasarkota.

International peace and security organisation finds itself at the centre of a breach.
https://breachaware.com/research/international-peace-and-security-organisation-finds-itself-at-the-centre-of-a-breach
A total of 27 breaches were found and analysed resulting in 2,791,859 leaked accounts containing a total of 21 different data types. The breaches found publicly and freely available included Stealer Log 0402, Stealer Log 0400, Annuaire Sante, Stealer Log 0401 and X Ponential.

A new hitch in the Bluetooth protocol is making iOS, Android, Linux, and Mac users do the vulnerability two-step. The researcher who stumbled upon this digital dance has chosen to keep the proof of concept under wraps, opting for a behind-the-scenes chat with the manufacturers. This exploit waltzes its way into the operating systems mentioned, convincing them to welcome an unauthorised individual via Bluetooth, turning your device into a potential puppet on the hacker's string. Until the code sees the light of day, it's a waiting game. Remember, folks, keep that Bluetooth switch off when not in use – consider it a digital lockdown for your devices. It's just another nudge to stay vigilant.

In the realm of booming cryptocurrencies, malware vendors are unveiling their latest party tricks. Their updates flaunt the ability to scour a victim's computer for popular crypto wallets. As we gear up for the new year, the research team is coming face-to-face with malware capabilities that are nothing short of spine-chilling. The A-list of stealer logs is up for sale, and these bad boys aren't being handed out for free. Balancing risk and convenience is an art form in the digital age. The research team is eyeing multiple devices to safeguard personal use applications like online banking, crypto wallets, and casual web surfing. It's like crafting a digital security masterpiece.

In a cinematic twist, the U.S. Justice Department has disrupted a ransomware gang that's been wreaking havoc globally for the past 18 months. The gang's tor network-operated ransomware site got the official "seized" stamp from the authorities. The victim list includes networks intricately linked with or supporting critical U.S. infrastructure. The ransomware gang's website now proudly displays a "seizure banner," showcasing the various law enforcement agencies that tag-teamed to take it down. However, in a plot twist worthy of a cyber thriller, a respected cybersecurity group exchanged messages with the gang, who claim they've simply changed locations. The FBI, ever the hero, has whipped up a decryption tool to restore the computers of the 500 or so victims. Cue collective sighs of relief from the ransomware-stricken masses.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan

THIS MONTHS SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES

Let's hope none of these innocent animals are subject to identity theft.
https://breachaware.com/research/lets-hope-none-of-these-innocent-animals-are-subject-to-identity-theft
A total of 24 breaches were found and analysed resulting in 5,543,572 leaked accounts containing a total of 15 different data types. The breaches found publicly and freely available included Pleer, Foam Store, Clash of Olympus, Ramailo and Jivo.

Enthusiasts of inflatable and balloon fetish entertainment fell victim to a cyber breach.
https://breachaware.com/research/enthusiasts-of-inflatable-and-balloon-fetish-entertainment-fell-victim-to-a-cyber-breach
A total of 7 breaches were found and analysed resulting in 145,841 leaked accounts containing a total of 19 different data types. The breaches found publicly and freely available included Reserved, Stealer Log 0399, Camel Grinding Wheels, Instituto Universatario De Tecnologia De Administracion Industrial and InflateVids.

New twist reveals threat actor has meticulously de-hashed 12 million passwords.
https://breachaware.com/research/new-twist-reveals-threat-actor-has-meticulously-de-hashed-12-million-passwords
A total of 24 breaches were found and analysed resulting in 15,864,178 leaked accounts containing a total of 25 different data types. The breaches found publicly and freely available included Fotolog, Stealer Log 0398, Stealer Log 0396, Home Center and Stealer Log 0394.

Shocking incident involving a pinnacle cybersecurity entity underscores the severity of the situation.
https://breachaware.com/research/shocking-incident-involving-a-pinnacle-cybersecurity-entity-underscores-the-severity-of-the-situation
A total of 31 breaches were found and analysed resulting in 11,573,930 leaked accounts containing a total of 24 different data types. The breaches found publicly and freely available included Kassy, Stealer Log 0388, Postgre Pro, Neznaika and Ikea Israel.

Google's latest IP protection feature for Chrome is like the superhero cape for your online privacy, swooping in to save the day. It's their way of saying, "Hey, we may have ditched 'don't be evil,' but we're still here for you." The feature promises to shield users from cross-site tracking, the internet's version of someone following you around the grocery store and noting every item in your cart.

Now, Google's grand plan involves routing all your data through their servers with a two-hop proxy. Picture it like a relay race where the first baton pass is to a Google server and the second is to a CDN. It's like a secret agent operation, only instead of spies, it's your data taking on a covert mission. But, hold your horses, if the CDN has a secret alliance with Google or is part of the Alphabet family (which, surprise, owns Google), there might be some data collection shenanigans going on.

In the anti-abuse section of their proposal, Google says you'll need to be logged in for this magic to happen. They claim the proxy won't play detective and connect your traffic to a user account. Well, that's reassuring, coming from the folks who've turned data-selling into an art form. The implementation of this feature is like waiting for the grand finale of a magic show – let's see if the disappearing act actually works.

And now, let's mosey on over to the farm where even cows are caught up in the whirlwind of IoT devices. In the good old days, cows would leisurely graze, blissfully unaware of the digital era. Fast forward to today, farmers are outfitting them with smart collars. However, a team of researchers has found some chinks in the cows' digital armour. They've reverse-engineered the wireless protocol, playing a high-stakes game of cow-themed espionage. If these smart collars were part of the internet at large, it would be a moo-ving argument for beefing up security. Just imagine a cow facing a ransomware attack – udder chaos!

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan

THIS MONTHS SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES

US nuclear research facility has been compromised.
https://breachaware.com/research/us-nuclear-research-facility-has-been-compromised
A total of 13 breaches were found and analysed resulting in 1,873,089 leaked accounts containing a total of 19 different data types. The breaches found publicly and freely available included MPL Esports Update [URL Redirected], Stealer Log 0383, Ace Online (Israel), Stealer Log 0384 and Stealer Log 0386.

Next-gen smart home tech company warned "I may release the entire breach for free."
https://breachaware.com/research/next-gen-smart-home-tech-company-warned-i-may-release-the-entire-breach-for-free
A total of 28 breaches were found and analysed resulting in 146,769,692 leaked accounts containing a total of 26 different data types. The breaches found publicly and freely available included Dubsmash (2), Reverb Nation, Work 5, Wobi and Medical Company Nauka.

“The battle for Omegle has been lost, but the war against the Internet rages on."
https://breachaware.com/research/the-battle-for-omegle-has-been-lost-but-the-war-against-the-internet-rages-on
A total of 32 breaches were found and analysed resulting in 3,371,685 leaked accounts containing a total of 25 different data types. The breaches found publicly and freely available included Stealer Log 0377, Stealer Log 0378, iD Tech, My Book Qatar and Utel Universad.

Unsuspecting government, police, and military recipients will be receiving a fresh wave of links to believable phishing sites.
https://breachaware.com/research/unsuspecting-government-police-and-military-recipients-will-be-receiving-a-fresh-wave-of-links-to-believable-phishing-sites
A total of 17 breaches were found and analysed resulting in 3,775,020 leaked accounts containing a total of 22 different data types. The breaches found publicly and freely available included Stealer Log 0375, Stealer Log 0372, Stealer Log 0374, Stealer Log 0373 and 585Gold.

Ah, the ever-tempestuous Middle East, where conflicts extend beyond the physical battlefield into the digital realm. Hacktivist groups and state-sponsored hackers are joining the fray, turning critical infrastructure into virtual battlegrounds. Disturbing reports emerge of compromised systems, painting a grim picture of the region's cybersecurity landscape.

In a scene straight out of a cyber thriller, a notorious threat actor group, known to frequent our weekly insights, has been making waves. They've allegedly breached a major gas station company, flaunting their access by sharing screenshots of control panels for petrol and diesel storage, along with temperature controls. As if that weren't enough, they've also flexed their digital muscles by showcasing videos of havoc wreaked upon a prominent energy provider's power grid.

The damage doesn't stop there. Reports detail the group's interference with transformers and electrical cables, prompting the affected company to scramble for hefty generators while parts of their network undergo a digital makeover. And it's not just the power grid feeling the heat; screenshots of access to water waste treatment plants have also made their way online. One can't help but wonder why these critical systems aren't tucked away behind the digital equivalent of a fortress wall – you know, the old 'air-gapping' trick.

Meanwhile, across the pond, America's favorite pipeline is making headlines once again. Fresh off the heels of a devastating ransomware attack in 2021, this vital artery supplying half of the east coast's oil finds itself in the crosshairs once more. A new ransomware gang, with a penchant for digital mischief, has managed to snag 2.9 GB of sensitive files. While they haven't pulled the trigger on encryption or disrupted operations (yet), the stolen loot includes contracts, employee emails, and even staff photographs – talk about a digital treasure trove.

But here's the kicker: despite the FBI's best efforts, the gang's spam-delivery infrastructure remains stubbornly operational. These 'Qakbot' affiliates seem unfazed by law enforcement's attempts to shut them down, continuing their nefarious activities like cyber cockroaches that just won't quit. It's a stark reminder that even in the face of adversity, the digital underworld persists, lurking in the shadows, ready to strike at a moment's notice.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan

THIS MONTHS SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES

He hired out various criminal gangs to fire bomb and brick houses.
https://breachaware.com/research/he-hired-out-various-criminal-gangs-to-fire-bomb-and-brick-houses
A total of 32 breaches were found and analysed resulting in 21,344,925 leaked accounts containing a total of 24 different data types. The breaches found publicly and freely available included CDEK, Appen [2], Stealer Log 0369, PokerStars and Stealer - Meta 0359.

Former Navy IT manager stole PII from over nine thousand service men and women.
https://breachaware.com/research/former-navy-it-manager-stole-pii-from-over-nine-thousand-service-men-and-women
A total of 26 breaches were found and analysed resulting in 67,367,045 leaked accounts containing a total of 20 different data types. The breaches found publicly and freely available included Apollo [2], Hurb [2], TaiLieu, TigerAir Taiwan and Lamoda.

The STEM camp company still remains quiet on the breached data.
https://breachaware.com/research/the-stem-camp-company-still-remains-quiet-on-the-breached-data
A total of 23 breaches were found and analysed resulting in 1,710,241 leaked accounts containing a total of 23 different data types. The breaches found publicly and freely available included Zarina, Ministero della Giustizia, Reg Me, Stealer - RedLine 0336 and University of La Guajira.

Threat actor says the compromised charity has been stealing and laundering money for years.
https://breachaware.com/research/threat-actor-says-the-compromised-charity-has-been-stealing-and-laundering-money-for-years
A total of 41 breaches were found and analysed resulting in 38,464,662 leaked accounts containing a total of 24 different data types. The breaches found publicly and freely available included Evite, Viva Air (3), Craft Rise, La Poste Mobile and Stealer - Mixed Logs 0349.

Leaked voice recordings reveal customers and staff exchanging security questions.
https://breachaware.com/research/leaked-voice-recordings-reveal-customers-and-staff-exchanging-security-questions
A total of 17 breaches were found and analysed resulting in 2,028,772 leaked accounts containing a total of 20 different data types. The breaches found publicly and freely available included Sphero, Cyber Photo, Comp and Save, Cover King and ICT Billet.