Dark Web Crackdowns, CVE Wave, Global Privacy Tensions Rise.

A total of 12 breach events were found and analysed resulting in 14,927,673 exposed accounts containing a total of 33 different data types of personal datum. The breaches found publicly and freely available included Alien TxT File - Episode 17, Cetdigit, ULP 0026, Stealer Log 0534 and CarderPro. Sign in to view the full library of breach events which includes, where available, reference articles relating to each breach.

Data Breach Impact

The combination of these events highlights the multi-dimensional threat of breaches: not just credential theft, but deeper business data exposure and ties to fraud ecosystems. Individuals risk identity theft and account compromise, while businesses may see impersonation, reputational harm, or even compliance violations depending on their role in the affected data chain.

Cyber Spotlight

In a dramatic escalation of law enforcement action against dark web infrastructure, French authorities have arrested five individuals suspected of being tied to the administration of BreachForums, once the most active hacker marketplace for breached data.

The news sent shockwaves through the cybercriminal community, especially among major players like ShinyHunters and IntelBroker, two prolific threat actors who’ve made headlines for compromising the likes of AT&T, MasterCard, Acuity, and USGov assets.

IntelBroker alone is believed to have caused over $25 million in damage globally, and US intelligence has long had an eye on him. Now, his known stomping ground just got gutted.

BreachForums' chaotic lifecycle is infamous:
- After FBI seized the original forum and arrested admin Conor Brian Fitzpatrick (a.k.a. Pompompurin), ShinyHunters and a new partner, Baphomet, relaunched it.
- The site suffered repeated outages and suspicions that it had been compromised, with many users convinced it had been "fedded" (i.e., under surveillance or sting).

Just before these latest arrests, ShinyHunters reportedly sold off the linked Telegram channel “The Jacuzzi,” a vital hub of around 10,000 users discussing breaches and advertising stolen credentials, to a rival forum. And now things get murkier.

The timing of events has raised eyebrows. The Telegram channel sale happened just days before the arrests, leading many to speculate that either:
- The arrests were already in motion and Shiny cashed out last-minute, or
- The sale was orchestrated to flush out threat actors tied to the infrastructure.

Adding to the fire: the rival forum that bought “The Jacuzzi” has now had its backend IP address leaked, a critical failure in operational security that could expose their real location, a golden ticket for law enforcement.

Despite the crackdown, BreachForums seems to be trying once more, albeit under a new name (not publicly confirmed yet), and possibly run by former staff members. It's unclear whether this is a genuine resurrection or a honeypot-in-waiting. What is clear is that two new dark web hacking forums have popped up in the aftermath, both absorbing the displaced users and actors from the shuttered BreachForums.

As the dark web fractals into new territories, one thing remains consistent: law enforcement’s patience is long, and the circle is tightening.

Vulnerability Chat

Recent findings from Rapid7 reveal that hundreds of Brother printer models, both for home and enterprise use, are sitting on some serious security vulnerabilities. One of these issues is particularly tricky, it can’t be fixed with a regular software update. Instead, the entire device would need to be redesigned to fully eliminate the flaw.

Meanwhile, Semperis has released new research highlighting a major vulnerability in Microsoft’s Entra ID, known as nOAuth. The potential impact is wide reaching, potentially affecting 10% of SaaS applications around the world. As TechRadar reports, Eric Woodruff, Chief Identity Architect at Semperis, warned that customers currently have no way to detect or stop this kind of attack, which makes it a particularly dangerous and lingering threat.

Over in the world of Notepad++, researchers Shashi Raj, Yatharth Tyagi, and Kunal Choudhary have identified a vulnerability in the installer that could let unprivileged users gain SYSTEM level access. The issue stems from insecure executable search paths and was responsibly disclosed to the project’s maintainer, Don Ho. Users are being advised to update to the patched version as soon as it becomes available.

Nx security researchers have also gone public with a significant vulnerability impacting build systems that use remote caching. They’ve dubbed it "CREEP" short for Cache Race-condition Exploit Enables Poisoning. It’s a fitting name for a flaw that allows any developer with pull request access to slip malicious code into production artefacts without detection.

CISA is sounding the alarm about a major vulnerability in ControlID’s iDSecure On-premises vehicle control software. This one lets attackers completely bypass authentication without needing valid credentials, making it an especially urgent concern.

And that’s not the only alert from CISA. They’ve also issued a critical warning about a Fortinet FortiOS vulnerability that poses a serious risk to network security infrastructure. This is a known exploited vulnerability, and organisations using Fortinet FortiOS are under pressure to act fast, the federal cybersecurity directive sets a firm remediation deadline of July 16, 2025.

In other developments, a researcher going by the alias ‘whs3-detonator’ has uncovered a vulnerability in WinRAR. It gives attackers a way to execute malicious code on a target’s system. The good news? RARLAB, the company behind WinRAR, has already issued a fix in their latest beta release.

Hewlett Packard Enterprise hasn’t been spared either. A newly discovered flaw in their OneView for VMware vCenter (OV4VC) platform could let attackers with limited privileges escalate their access all the way to administrative levels.

Even Google had a slip-up. A misconfiguration in their open source code review system, Gerrit, allowed unauthorised code revisions in at least 18 different projects. The issue was traced back to misconfigured permissions and flawed review label logic. After being flagged by researchers at Tenable, Google moved quickly to roll out the necessary configuration changes.

And finally, Cisco has released patches for two critical vulnerabilities found in its Identity Services Engine (ISE) and the ISE Passive Identity Connector (ISE-PIC). These flaws could potentially lead to remote code execution, making the updates crucial for maintaining system security.

3 Common Vulnerability and Exposures (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including:
- Fortinet; FortiOS
- D-Link; DIR-859 Router
- AMI; MegaRAC SPx

See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 761 vulnerabilities during the last week, making the 2025 total 23,602. For more information visit https://nvd.nist.gov/vuln/search/

View the latest critical vulnerabilities, exploited vulnerabilities and EU CSIRT coordinated vulnerabilities from the European Union Agency for Cybersecurity (ENISA) "Vulnerability Database" here: https://euvd.enisa.europa.eu/homepage

Information Privacy Headlines

Canada’s government has told Chinese surveillance tech vendor Hikvision to shut down its operations in the country. As reported by The Register, Industry Minister Mélanie Joly said a national security review determined that Hikvision’s continued presence would pose a threat to Canada’s national security. Hikvision wasn’t quiet about the decision, firing back with criticism of what it called the Minister’s “unfounded allegations of national security concerns.”

Over in China, the National Computer Virus Emergency Response Center (CVERC) has flagged 64 apps for illegally collecting and misusing personal information and among them is a Starbucks app. The applet, used via WeChat, was called out for privacy issues. Starbucks China responded, explaining that the applet didn’t collect data unlawfully but did show an ad before asking users for consent through a pop-up privacy policy.

Vitalik Buterin, co-founder of Ethereum, has weighed in on a deeper issue in the world of digital identity. He pointed out that even privacy centric systems struggle when they try to enforce a one-identity-per-person model. Whether it’s Sam Altman’s Worldcoin, Taiwan’s digital ID initiative, or EU regulatory frameworks, all face the same core dilemma: in trying to verify people and block bots, they risk eroding the very pseudonymity that makes privacy work in practice.

Meanwhile, privacy watchdog noyb (None of Your Business) has filed a complaint accusing Bumble of violating the EU’s GDPR. The concern centres on a feature called Icebreakers in the Bumble for Friends app, which uses OpenAI to analyse user profiles. According to noyb, this analysis happens without getting clear consent and breaks four separate provisions of the regulation.

Facebook is also making headlines again, this time by encouraging users to let the app access photos on their phones, not just the ones uploaded. The idea is to use AI to suggest collages, recaps, and similar features. Meta insists the images won’t be used for targeted ads, but privacy experts remain wary about how far this kind of data collection might go.

And in Italy, the Data Protection Authority has issued a new ruling tightening the rules around workplace surveillance. Employers can no longer rely on third-party reports, private conversations, or social media posts as evidence in disciplinary actions, adding another layer of protection to employee privacy.

Smarter Protection Starts with Awareness
Data Breach Scan, Check Any Domain for Free https://breachaware.com/scan