Crypto Scammer Dismembered, FBI Director Doxxed & Cybercrime Forums Crushed.

A total of 18 breach events were found and analysed resulting in 4,940,527 exposed accounts containing a total of 30 different data types of personal datum. The breaches found publicly and freely available included ULP Alien Txt File - Episode 28, Stealer Log 0547, joom-dmps, Crypto Email Database 2025 and TISZA Világ. Sign in to view the full library of breach events which includes, where available, reference articles relating to each breach.

Data Breach Impact

This latest set of breaches reflects an ecosystem where data exposure is now driven more by aggregation and malware, compromised devices than by single point system failures. The continued appearance of ULP Alien TxT File repositories, paired with stealer log sources like Stealer Log 0547, shows how attackers are increasingly stitching together vast datasets pulled from infected endpoints, forgotten exports, and unsecured databases. Listings such as joom-dmps and the Crypto Email Database 2025 add a financial dimension, suggesting that crypto-interested individuals remain heavily targeted due to the immediate monetisation potential of compromised accounts. With 30 different data types exposed across nearly five million accounts, threat actors can build detailed profiles that support spear-phishing, SIM swap attempts, financial fraud, and identity based exploitation, especially when crypto related emails and credentials are involved.

For the organisations connected to these leaks, the implications point to a broader governance challenge rather than isolated technical failures. Platforms like TISZA Világ and services behind joom related datasets must contend with the reputational hit that comes from users learning their information has reappeared in open forums, even if the original breach occurred upstream or via compromised end users. The repeated presence of stealer logs highlights a persistent blind spot: endpoint security and credential hygiene remain weak points across user and employee devices, allowing attackers to harvest keys to multiple ecosystems with minimal effort. Rebuilding trust will require these organisations to strengthen their data lifecycle management, tighten access controls, and establish ongoing dark web and leak site monitoring. Modern breach response isn’t just about fixing a vulnerability, it’s about understanding how data escapes, where it accumulates, and how quickly it propagates once inside the breach sharing ecosystem.

Cyber Spotlight

It’s been a spectacularly bad week for a Russian crypto scammer named Mr. Novak, and tragically, his wife, after the pair were found dismembered in the desert on the outskirts of Dubai. Novak previously served a three year sentence in Russia for running a crypto scheme that relieved investors of only about $500 million. After serving his time, he and his wife moved to Dubai, presumably hoping for a fresh start… or at least a fresh set of investors.

They were last seen alive on October 2nd, supposedly on their way to a mountain resort to meet investors, because nothing says “trustworthy financial engagement” like heading into the mountains with a known fraudster.

UAE law enforcement suspect a failed kidnapping and extortion attempt, especially after discovering Novak’s crypto wallet had been completely drained. To make things even more macabre, some of their remains were later found in a mail bin. A former employee of the Russian Interior Ministry and eight others have been detained. If nothing else, this serves as a stark reminder: Scamming the wrong people can be very, very hazardous to your continued existence.

In other unsettling news, the full dox of Kash Patel, Director of the FBI, has started circulating on the dark web. The leaked information includes:
- Mobile carrier details
- Social Security number
- Physical address
- Email
- Education history

And because threat actors love being extra, personal information about his girlfriend and her family.

Basically, everything short of his favourite pizza order (but give them time). It’s a reminder that no one is off limits once certain corners of the internet decide you’re interesting.

A very well known Russian cybercrime forum had a bit of a technical… hiccup several days ago, courtesy of law enforcement. Authorities managed to:
- Blocklist their clearnet domain
- Disrupt their onion address
- Knock the site offline for a short period

This also caused chaos for a connected info-stealer-as-a-service operation called Rhadamanthys Stealer, which offers subscription plans like it's running a Netflix for cybercriminals:
- Basic: $299/month
- Professional: $499/month
- Enterprise: “Contact sales” because even criminals love an opaque pricing model

Threat actors complained they suddenly couldn’t access their SSH panels. One admin issued a very calm and totally-not-panicked notice “If your password cannot log in, the server login method has been changed to certificate login mode. Check and confirm. If so, immediately reinstall your server and erase traces. The German police are acting.”

They also reported unusual server activity from an IP address in Germany just before everything went sideways. Considering their servers were in EU datacenters, it seems law enforcement simply walked right in the metaphorical front door.

Vulnerability Chat

Palo Alto Networks has revealed a critical denial-of-service flaw in its PAN-OS firewall software, and it’s a worrying one. The issue allows attackers to remotely reboot a firewall just by sending specially crafted packets. What makes it more troubling is that the attacker doesn’t need authentication, credentials, or any kind of user interaction. It’s a straight, unauthenticated path to disruption.

NVIDIA is also dealing with serious security concerns. The company has pushed out a critical update to fix two high severity vulnerabilities in its NeMo Framework. Left unpatched, these issues could let attackers run malicious code and escalate their privileges on affected systems. The flaws were uncovered by researchers from TencentAISec and Tsinghua University’s NISL lab, underscoring how important coordinated security research continues to be.

On the defensive evasion front, researchers have documented a new technique aimed at slipping past endpoint detection and response tools. The method, dubbed SilentButDeadly, uses the Windows Filtering Platform in a surprisingly clever way. It blocks network communication from EDR and antivirus tools, cutting them off from their cloud services without having to kill processes or tamper with the kernel.

And in the hosting world, a critical vulnerability has been found in Imunify360 AV, the security scanner used to protect more than 56 million websites. According to Patchstack, the flaw is severe enough to let attackers take full control of the server, and, by extension, every site running on it.

5 Common Vulnerability and Exposures (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including:
- Samsung; Mobile Devices
- Gladinet; Triofox
- Microsoft; Windows
- WatchGuard; Firebox
- Fortinet; FortiWeb

See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 948 vulnerabilities during the last week, making the 2025 total 41,522. For more information visit https://nvd.nist.gov/vuln/search/

View the latest critical vulnerabilities, exploited vulnerabilities and EU CSIRT coordinated vulnerabilities from the European Union Agency for Cybersecurity (ENISA) "Vulnerability Database" here: https://euvd.enisa.europa.eu/homepage

Information Privacy Headlines

Logitech has confirmed it experienced a data breach after attackers accessed part of its IT environment. The company says the stolen data “likely included limited information about employees and consumers, and data relating to customers and suppliers,” but stressed that no sensitive personal information, like national ID numbers or credit card details, was stored in the affected systems.

The Washington Post has also been hit by cybercriminals. Attackers exploited a vulnerability in Oracle’s E-Business Suite to break into the organisation and copy data belonging to nearly 10,000 people. The unauthorised access happened between July 10 and August 22, and by late October the Post confirmed that personal information from current and former employees, as well as contractors, had been compromised.

Google, meanwhile, is rolling out a new privacy focused technology called Private AI Compute. The idea is to let users benefit from the speed and power of cloud-based Gemini models without exposing their personal data. According to Google, the platform ensures that data processed through Private AI Compute stays private to the user, meaning not even Google can access it.

And in India, a major shift in digital rights just became official. The government has finalised the rules needed to put the Digital Personal Data Protection (DPDP) Act into full effect. Indian internet users will now have legally guaranteed control over their personal information. Companies must obtain verifiable parental consent to process the data of minors, report breaches quickly to both users and the Data Protection Board, and follow strict requirements for storing and securing personal data.

Smarter Protection Starts with Awareness
Data Breach Exposure Scan, Check Any Domain for Free https://breachaware.com/scan