Dark Web Admin Exposed, Trident Ransomware Strikes & Airbus Issues Critical Patch.

A total of 34 breach events were found and analysed resulting in 6,558,157 exposed accounts containing a total of 39 different data types of personal datum. The breaches found publicly and freely available included ULP 0037, Stealer Log 0549, Stealer Log 0548, Ekonika and 123 Casting. Sign in to view the full library of breach events which includes, where available, reference articles relating to each breach.

Data Breach Impact

This breach set highlights how personal data is increasingly exposed through a mix of endpoint compromise, unmanaged data repositories, and niche industry platforms. The presence of Stealer Log 0548 and Stealer Log 0549 reinforces the trend that many breaches now originate from infected user or employee devices rather than direct intrusions into corporate systems. These logs often contain browser stored passwords, cookies, and autofill data, giving attackers instant access to multiple services with minimal effort. Meanwhile, datasets like Ekonika and 123 Casting show how specialised sectors such as fashion retail and talent recruitment are becoming part of the breach landscape, placing individuals at risk of impersonation, targeted phishing, and exploitation tied to professional or personal aspirations. With 39 different data types exposed across more than six million accounts, adversaries gain both breadth and depth, enough to enrich identity profiles, craft persuasive social engineering attacks, and bypass weak authentication processes.

For the organisations linked to these breaches, the implications point toward fragmented data governance and insufficient endpoint level controls. The repeated appearance of ULP files, including ULP 0037, suggests internal data exports and archives continue to find their way into public spaces, indicating issues not just with cybersecurity, but with basic information handling hygiene. Companies connected to retail, casting, or talent-matching services must now deal with reputational fallout, especially as individuals in these sectors rely heavily on trust and professional credibility. At the same time, organisations indirectly implicated through stealer logs face the challenge of remediating compromised user accounts, resetting credentials, and identifying potential unauthorised access that may already have occurred. Overall, this breach cluster reinforces that without strong identity management, robust endpoint protection, and disciplined control over data flows, even everyday business operations can inadvertently feed into the growing ecosystem of publicly available breached data.

Cyber Spotlight

A certain “supreme dog of an admin” who runs one of the most popular English language cybercrime forums on the dark web has found himself doing the rounds online, and not in the fun “look at this meme” way.

Information circulating about him is extensive: social media accounts (yes, including LinkedIn, bold choice), phone numbers, a physical address, and a collection of IPs that would make any investigator’s eyes light up. And that’s just the appetiser. If the details are accurate, the admin’s list of options is… limited:
1. Cover the walls in tinfoil and hope the universe resets itself.
2. Move to sunny Russia, where more cybercriminals live than sunscreen does.
3. Panic. (A classic. A timeless choice.)

Not exactly a menu of hope, more like the “children’s menu of consequences.”

German authorities have arrested a man in his late 30s who’d been selling forged identification documents on a dark-web marketplace, the same marketplace that police recently seized. Talk about bad timing. Investigators believe he sold over 50 high-quality fake IDs across Europe at around €550 a pop, complete with custom photos and personalised details. Essentially the “Build-A-Bear Workshop” of forged documents.

This arrest is part of a much wider operation: more than 300 officers carried out searches across seven German states in pursuit of nine specific customers. Nothing says “your day is about to go badly” like 300 officers looking for people who shopped where you shopped.

A fresh ransomware gang calling itself Trident Locker has appeared, and they’ve already claimed eight victims despite only popping up last week. Efficiency is clearly their brand. The group launched the usual dark web leak site (because no ransomware group is complete without its own onion branded storefront). The eight companies listed on the site have presumably refused to pay, given that over 100 GB of victim data is now publicly posted.

Details about the gang remain thin. No manifesto, no edgy tagline, not even a faux ethical “we avoid hospitals” disclaimer. It’s rare these days, most ransomware gangs at least pretend to have values, even if those values are as stable as wet cardboard.

Vulnerability Chat

Airbus has quietly pushed out a series of unexpected software updates after discovering a critical safety issue in its A320 family aircraft. The problem surfaced following a recent mid-air incident involving a JetBlue A320 and was ultimately traced back to a vulnerability triggered by solar flares. Airbus moved quickly to update the entire fleet, a decision widely seen as necessary for safety, but the timing caused major turbulence for airlines, especially during the already hectic U.S. Thanksgiving travel rush.

Security researchers have released a Proof of Concept exploit for a serious remote code execution flaw in Microsoft Outlook. Known as “MonikerLink,” the vulnerability lets attackers slip past Outlook’s usual security guardrails, specifically “Protected View” to run malicious code or steal user credentials.

A major security flaw has also been uncovered in the Angular framework, one that could let attackers swipe sensitive user security tokens. Angular relies on secret, session based tokens to prove that requests are legitimate, but the issue lies in how Angular decides whether a request is considered “safe.” If exploited, that gap could expose protected tokens to attackers.

GitLab users are being urged to update immediately after the company released critical security patches for both its Community Edition and Enterprise Edition. While GitLab.com has already been secured, anyone running a self managed setup should upgrade as soon as possible to avoid potential exploitation of several high severity vulnerabilities.

And in another notable disclosure, Apache confirmed a critical vulnerability in its bRPC framework. The issue sits in the json2pb component, which handles conversion from JSON to Protocol Buffers. Attackers can exploit the flaw simply by sending specially crafted JSON data, potentially crashing targeted servers.

1 Common Vulnerability and Exposures (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including:
- OpenPLC, ScadaBR

See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 462 vulnerabilities during the last week, making the 2025 total 42,739. For more information visit https://nvd.nist.gov/vuln/search/

View the latest critical vulnerabilities, exploited vulnerabilities and EU CSIRT coordinated vulnerabilities from the European Union Agency for Cybersecurity (ENISA) "Vulnerability Database" here: https://euvd.enisa.europa.eu/homepage

Information Privacy Headlines

The French Football Federation has confirmed it’s dealing with a major cybersecurity incident after attackers stole personal data belonging to members and licensees. According to the federation, cybercriminals managed to break into the centralised administrative software that football clubs across the country rely on to run daily operations and handle memberships.

In Poland, the anti monopoly regulator UOKiK has opened an investigation into whether Apple is limiting competition in the mobile advertising market through its privacy policies. The concern centres on Apple’s App Tracking Transparency framework, introduced with iOS 14.5, which restricts how third-party apps collect data for personalised ads. Regulators suspect the rules may give Apple’s own advertising services an unfair advantage. If that turns out to be the case, Apple could be hit with penalties of up to 10% of its annual turnover in Poland.

The UK’s Information Commissioner’s Office has also stepped in, announcing a review of how popular mobile games used by children handle online privacy. The ICO will be looking closely at whether these games use appropriate default privacy settings, how they control geolocation features, and how they approach targeted advertising. The review will also dig into any other privacy issues that surface along the way.

On the tech front, Houdini Pay has launched a new option for freelancers to accept crypto payments without revealing their wallet details. The service, from Houdini Swap, is meant to offer simple, everyday privacy for users who want a bit more protection. At the same time, Telegram founder Pavel Durov has unveiled Cocoon, a TON-powered decentralised AI compute market aimed squarely at people who value strong privacy.

Smarter Protection Starts with Awareness

Data Breach Exposure Scan, Check Any Domain for Free https://breachaware.com/scan