Dark Web Cracks, Student Hacker Falls, and BreachForums Rises Again.

A total of 16 breach events were found and analysed resulting in 1,917,577 exposed accounts containing a total of 28 different data types of personal datum. The breaches found publicly and freely available included ULP 0023, Stealer Log 0531, Aire de Fiesta, Brazilian Consumer Database and Silver Falls Capital. Sign in to view the full library of breach events which includes, where available, reference articles relating to each breach.

Data Breach Analysis

Several of these exposures were linked to ULP 0023 and Stealer Log 0531, both part of the infostealer ecosystem. These datasets typically originate from malware infections and include credentials like usernames, passwords, browser-stored information, and autofill data. When aggregated and leaked, they can lead to widespread account takeovers, identity theft, and corporate credential stuffing attacks.

Aire de Fiesta operates in the events and party planning sector, suggesting the breach could involve client contact information, purchase history, and event logistics. This type of exposure may enable targeted phishing or fraud campaigns, especially when linked with celebratory or high-cost events.

The Brazilian Consumer Database appears to be a broad compilation of personal information from various sources, possibly aggregated and resold. This type of data is often used to enrich malicious campaigns, increasing the success rate of social engineering or fraud attempts both for individuals and businesses.

Silver Falls Capital, an investment or financial services firm, would typically handle highly sensitive data such as financial identifiers, client records, and internal communications. A breach here introduces risks not only of personal fraud but also of reputational and regulatory harm, especially in financial sectors with tight compliance obligations.

Spotlight

Some of the oldest names in the dark web drug trade are falling. After years of quiet operations, vendors like JoyInc, a seven-year veteran of darknet markets, have found themselves at the wrong end of Europol’s latest coordinated operation.

Leveraging intel gathered from past takedowns, including Nemesis, Bohemia, Kingdom, and the well-named Tor2Door, authorities executed a massive sweep against long-standing suppliers. According to Europol, the operation resulted in:
- 2+ tonnes of seized narcotics (amphetamines, cocaine, ketamine, opioids, cannabis)
- 180+ firearms, along with tasers, knives, and imitation weapons
- Seizures of millions in cash and crypto assets

The scale of arrests speaks volumes:
- 130 vendors in the United States
- 42 in Germany
- 37 in the UK

This isn’t just the end of a few vendors, it’s the dismantling of entire ecosystems, built on years of trust, reputation, and encryption. If darknet markets are the new cartels, Europol is making it clear they’re willing to play DEA at global scale.

From a college dorm in Massachusetts, 19-year-old Matthew D. Lane was pulling strings like a seasoned cyber extortionist. But his game is now over.

The Assumption University student has pleaded guilty to a slate of serious federal charges:
- Cyber extortion conspiracy
- Unauthorised access to protected computers
- Aggravated identity theft

Between April and May last year, Lane and associates targeted a major U.S. telecom company, extorting $200,000 under threat of leaking customer data. According to court filings: “We are the only ones with a copy of this data now. Stop this nonsense or your executives and employees will see the same fate.”

He also attempted to ransom a second company for $2.85 million in bitcoin, stating: “Go big or go home, I think the saying is.”

Lane, who once dreamed of fast money and digital dominance, is now facing years in federal prison, and likely won't be seeing a computer screen unsupervised anytime soon.

You can’t keep a zombie forum dead, apparently. After multiple shutdowns and failed revivals, BreachForums is back online once again, this time under a new domain and restructured infrastructure. The infamous admin team, ShinyHunters, released a statement addressing the rollercoaster of the past few months:

“We have strong reasons to believe the previous infrastructure, breachforums.st, was compromised multiple times in March and April.”

In response, they’ve:
- Retired the old domain and infrastructure
- Disabled vulnerable third-party plugins
- Begun rewriting key components from scratch

While some in the community are already rebuilding, others wonder how many lives this cybercrime cat has left. After domain seizures, FBI infiltration, and mass arrests of forum admins, BreachForums is the digital Hydra of the underground, cut off one domain, and another sprouts in its place.

The question now isn’t if it will fall again… but when.

Vulnerability Chat

Symantec researchers have uncovered a troubling vulnerability affecting millions of Google Chrome extension users. During routine security assessments, the team discovered that many popular browser extensions are mishandling sensitive data, specifically, by hardcoding credentials directly into JavaScript files. That means anyone with basic technical know-how could easily extract these secrets just by inspecting the extension’s code. It’s a widespread issue and a clear case of poor credential hygiene.

Meanwhile, Hewlett Packard Enterprise (HPE) has rolled out security updates for its StoreOnce backup and deduplication system. The fixes address vulnerabilities that could allow attackers to bypass authentication and execute code remotely. The flaw, originally flagged by an anonymous researcher and reported through the Zero Day Initiative, stems from issues in how the system handles machine account checks.

Security experts are also sounding the alarm over a newly discovered zero-day vulnerability that affects both Windows and Linux users of Chrome and Chromium-based browsers. This exploit is particularly dangerous because it sidesteps typical browser defences and compromises core security assumptions of web infrastructure. Google has released emergency patches for Windows and Gentoo Linux to help contain the risk.

Kirill Firsov, CEO of cybersecurity firm FearsOff, has identified a major flaw in Roundcube, a popular webmail client. The vulnerability, which had remained hidden for over ten years, allows attackers to take control of systems and execute arbitrary code. According to Firsov, this exploit is not just theoretical, it’s already being traded on the black market.

In another discovery, a vulnerability in Wireshark, the widely used network protocol analyser, could let attackers crash systems using malicious packets or corrupted capture files. Thankfully, the Wireshark team found the flaw during internal testing and says there’s no evidence of real-world exploitation so far.

IBM has also issued a security bulletin alerting users to serious vulnerabilities in its QRadar Suite and Cloud Pak for Security platforms. Organisations using these tools are being strongly urged to update to the latest version to avoid potential breaches.

Cisco, on the other hand, has been busy patching a series of critical issues. One of them is a high-risk SSH host key validation flaw in its Nexus Dashboard Fabric Controller. This could allow attackers to eavesdrop on traffic and harvest login credentials. Another vulnerability, reported by Kentaro Kawane of GMO Cybersecurity, affects Cisco's Identity Services Engine (ISE), potentially letting unauthenticated users perform malicious actions on vulnerable systems.

And there’s more from Cisco, this time concerning its Integrated Management Controller (IMC) software. A newly reported privilege escalation vulnerability impacts several server lines, including UCS B-Series, C-Series, S-Series, and X-Series. The good news? Cisco has issued free patches for all of the above, and users are urged to apply them without delay.

9 Common Vulnerability and Exposures (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including:
- ASUS; Routers
- ConnectWise; ScreenConnect
- Craft CMS; Craft CMS
- ASUS; RT-AX55 Routers
- Qualcomm; Multiple Chipsets
- Google; Chromium V8

See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 842 vulnerabilities during the last week, making the 2025 total 20,887. For more information visit https://nvd.nist.gov/vuln/search/

View the latest critical vulnerabilities, exploited vulnerabilities and EU CSIRT coordinated vulnerabilities from the European Union Agency for Cybersecurity (ENISA) "Vulnerability Database" here: https://euvd.enisa.europa.eu/homepage

Information Privacy Headlines

Gunes Acar, an assistant professor at Radboud University in the Netherlands, has uncovered something that should give all of us pause: millions of websites are quietly running a bit of code from Meta that logs your online activity. And it doesn't stop there. Working alongside teams from KU Leuven in Belgium and IMDEA Networks in Spain, Acar found that Meta and Yandex apps were bypassing Android privacy protections. That allowed them to track users' web browsing behaviour, without users ever knowing. Albert Fox Cahn, who heads the Surveillance Technology Oversight Project, didn’t mince words: “We should be outraged.”

Meanwhile, OpenAI is pushing back in court. The company is appealing a judge’s order in a copyright lawsuit filed by The New York Times that would require it to indefinitely retain ChatGPT output. OpenAI argues that the order clashes with its user privacy commitments. CEO Sam Altman weighed in directly, posting on X that the company would “fight any demand that compromises our users’ privacy”and that this principle is non-negotiable.

In New Zealand, privacy laws could be in for an overhaul following a scandal involving the deputy press secretary to the prime minister. Allegations surfaced that he secretly recorded sex workers at a Wellington brothel without their consent. The brothel’s manager told RNZ that this case highlights how outdated the country’s laws are when it comes to non-consensual recording, and called for urgent reform.

Over in Germany, Vodafone is facing the consequences of lax privacy and security. The country’s data protection watchdog, the BfDI, hit the telecom giant with a €45 million fine. The penalty comes after it was discovered that third-party sales agents engaged in what regulators called “malicious behaviour,” and that there were serious holes in Vodafone’s customer authentication system. In response, Vodafone said it regrets that its customers were negatively affected.

And on a more artistic note, Apple has picked up a top honour at the US AICP (Association of Independent Commercial Producers) awards. The winning ad, titled Flock, was directed by Ivan Zacharias and produced by Smuggler. It’s a smart, eerie riff on Hitchcock’s The Birds, designed to hammer home Apple’s message: in a world where we’re always being watched, you’re safest sticking with an iPhone. Watch it here https://www.youtube.com/watch?v=0HjDpPnxcP0

Smarter Privacy Starts with Awareness
Data Breach Scan, Check Any Domain for Free https://breachaware.com/scan