Cybercrime Crackdowns, Cloud Denials, and Vanishing Professors.

A total of 18 breaches were found and analysed resulting in 22,619,144 leaked accounts containing a total of 34 different data types. The breaches found publicly and freely available included ULP Alien TxT File - Episode 8, ULP 0012, Hisense USA, Florida Department of State and Aiudo. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

Europol has been on a roll lately, if cybercrime were a video game, they just hit a new high score. Fresh off the takedown of four major cybercrime forums, Europol, in collaboration with the Bavarian State Criminal Police and over 35 countries worldwide, has now helped shut down a CSAM (Child Sexual Abuse Material) darknet site named Kidflix, a name that’s about as disturbing as it gets.

From April 2022 to March 2025, Kidflix hosted over 91,000 unique CSAM videos and amassed a stomach-churning 1.8 million users across the globe. But there’s good news:
- 1,400 individuals have been identified,
- 79 arrests have been made, and
- most importantly, 39 children have been rescued from horrific abuse.

It’s a grim reminder of the darker corners of the internet, but also a powerful testament to what international cooperation can achieve when aimed at the right target.

The latest hot topic in the infosec world: Oracle might have been breached, and they’re doing the corporate version of putting their fingers in their ears and humming loudly.

On March 20th, someone dropped a bombshell on a popular English-speaking cybercrime forum:
Over 6 million Oracle Cloud user records for sale, complete with SSO-encrypted passwords, enterprise JPS keys, and other password decryption tools.

The data reportedly came from Oracle Cloud's regional login servers, which were allegedly running software vulnerable to a known CVE (Common Vulnerability and Exposure).

But Oracle's official stance? “There has been no breach of Oracle Cloud. The published credentials are not from the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data.”

Hmm. Nothing says "definitely not compromised" like a snapshot from the Wayback Machine being used as proof, showing the Oracle Access Manager frontend with the threat actor’s email addresses baked in.

It’s like someone smashing your front window and you telling everyone it’s just a breeze. Stay tuned, this story isn’t done unravelling.

Now, for a story that feels like it was ripped straight from a cyber-thriller screenplay...

Dr. Xiaofeng Wang, a tenured computer science professor at Indiana University, has mysteriously vanished. And it’s not just him that’s gone—his entire digital footprint at the university has been scrubbed clean. No faculty page, no publications, nada. Shortly afterward, the FBI raided his home.

Dr. Wang had made a name for himself in cybersecurity and privacy research, particularly in the world of machine learning and neural networks. One standout piece of his work? A paper titled: “Practical Bit-Flipping on Gray-box Deep Neural Networks for Runtime Trojan Injection.” Y’know, light reading.

The timing and secrecy have raised eyebrows all over the infosec community. Whether it's espionage, intellectual property theft, or something deeper, this one smells like a rabbit hole, and we’ll be watching closely as it unfolds.

VULNERABILITY CHAT

Bitdefender has issued a security advisory for a critical vulnerability in its GravityZone Console that could allow remote attackers to execute arbitrary commands on affected systems. Security researcher Nicolas Verdier discovered the flaw as part of a responsible disclosure process. Bitdefender has since resolved the issue in GravityZone Console version 6.41.2-1, now available as an automatic update to all users.

A newly disclosed vulnerability in WinRAR poses a significant risk by allowing attackers to bypass Windows’ core Mark of the Web (MotW) security mechanism. This feature is designed to restrict the execution of files downloaded from untrusted sources. Exploiting the flaw enables arbitrary code execution on affected systems, undermining a critical Windows safeguard.

Apache Parquet’s Java library is also under scrutiny following the discovery of a vulnerability that could allow remote code execution. Endor Labs revealed that exploitation hinges on tricking a vulnerable system into reading a maliciously crafted Parquet file, opening the door for attackers to execute arbitrary code remotely.

AMD has issued an alert regarding vulnerabilities in its AI software, Ryzen AI. The company has stated that the issues could lead to a loss of confidentiality, integrity, or availability. Security updates are now available via the Ryzen AI website for users to mitigate potential risks.

Cisco’s Anyconnect VPN software for its Meraki MX and Z series devices, as well as its Enterprise Chat and Email (ECE) platforms, have both been found to contain vulnerabilities. In the case of Anyconnect, attackers with valid VPN credentials can trigger a denial-of-service (DoS) condition. Separately, unauthenticated attackers within the network can provoke a DoS in the ECE platform. Cisco has released updated firmware and software to address both issues.

Meanwhile, a security audit has uncovered a pre-authentication SQL injection vulnerability in the codebase of Halo ITSM, a widely used IT support management platform. While the company has patched the immediate issue, researchers caution that the platform’s codebase still harbours weaknesses related to post-authentication attack surfaces, signalling the need for further hardening.

4 Common Vulnerability and Exposure (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including:
- Cisco; Smart Licensing Utility
- Apache; Tomcat
- Ivanti; Connect Secure, Policy Secure and ZTA Gateways
See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 1,398 vulnerabilities during the last week, making the 2025 total 13,064. For more information visit https://nvd.nist.gov/vuln/search/

INFORMATION PRIVACY HEADLINES

OpenSNP, an open-source platform for sharing genetic data, is shutting down amid mounting concerns over data privacy, the misuse of genetic information by law enforcement, and increasing global authoritarianism. Co-founder Bastian Greshake Tzovaras explained that the decision was influenced by both the collapse of consumer DNA company 23andMe and the broader political climate, highlighting the risks of continuing to host sensitive genetic information in such an environment.

In a notable shift, the European Commission is preparing to propose changes to the General Data Protection Regulation (GDPR). Danish Digital Minister Caroline Stage Olsen acknowledged the value of GDPR in safeguarding privacy but emphasised the need for more practical implementation. “There are a lot of good things about GDPR, and privacy is completely necessary,” she said, “but we don’t need to regulate in a stupid way. We need to make it easy for businesses and for companies to comply.”

Apple has been fined €150 million (approximately $162.4 million USD) by French antitrust regulators for abusing its dominant position in mobile app advertising through its App Tracking Transparency (ATT) privacy tool. The French Competition Authority found the system unfairly limited third-party advertisers while promoting Apple’s own interests. Apple responded by expressing disappointment with the decision, noting that no specific changes to ATT have been mandated.

Meanwhile, WhatsApp is developing new privacy features aimed at giving users more control over how their shared media is handled. The updates will allow users to restrict the automatic saving of photos, videos, and voice messages to their devices, a move designed to enhance message confidentiality and reduce the risk of unintended data exposure.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan