Data Breaches Surge, Doxbin Returns & Cyber Threats Escalate.

A total of 31 breach events were found and analysed resulting in 73,108,369 exposed accounts containing a total of 45 different data types of personal datum. The breaches found publicly and freely available included Alien Txt File - Episode 36, R0bins ULP 0043, Amtrak, Hallmark Cards and Stealer Log 0558. Sign in to view the full library of breach events which includes, where available, reference articles relating to each breach.

Data Breach Impact

This week didn’t hold back. From travel and retail names like Amtrak and Hallmark to the ever reliable chaos of stealer logs and ULP drops, it’s a wide reaching mix with real consequences. For third-party organisations, it’s another reminder that your exposure isn’t always your own doing, employee data can easily get swept up in someone else’s breach. And for individuals, more data in the wild means more angles for exploitation, from phishing to full-blown identity fraud. Big numbers, bigger ripple effects.

Cyber Update

Doxbin, the Internet’s Worst Zombie, is back. Again. At this point, it’s less a website and more a cybercrime cult classic that simply refuses to stay buried. Seized, sold, taken down, resurrected, rinse and repeat since 2012.

The admins insist:
- Infrastructure is “safe”
- No compromise occurred
- Downtime was just a “temporary domain hold”

Standard script, really.

In reality, Doxbin’s resilience isn’t particularly sophisticated, it just moves faster than takedowns can keep up. Domains go down, mirrors pop up, Telegram fills in the gaps. Law enforcement plays whack-a-mole, and Doxbin keeps reappearing like a bad sequel nobody asked for.

Unless you’re the one being doxed, of course, then it’s less amusing.

Meanwhile, ShinyHunters are still in full production mode. Over the past week alone:
- 7 major company leaks dropped
- 8 new “Final Notice” posts issued

Translation: pay up, or you’re next on the leak conveyor belt.

Alongside the corporate chaos, they’ve reportedly doxed a well-known former forum admin, with a video circulating that allegedly shows a young female threat actor, a rare twist in a scene that’s usually a bit more predictable. Details are still thin, but if there’s one thing ShinyHunters excels at, it’s turning leaks into theatre.

“We Own the Power Grid” (…Do You Though?)

And now for the headline-grabbing claim of the week. A threat actor group is alleging they’ve fully compromised Venezuela’s national power grid, specifically citing control over:
- SCADA systems
- Guri Hydroelectric Plant
- High-voltage substations (765 kV backbone)
- Industrial protocols like IEC 104 and DNP3

They go on to claim they can trigger frequency desynchronisation, essentially forcing large-scale outages on demand. It’s a bold statement. Cinematic, even. But let’s add a bit of reality to the script.

While cyberattacks against power grids are absolutely possible, and have happened before, they are:
- Technically complex
- Highly dependent on deep access and persistence
- Often limited in scale and duration

Experts note that even confirmed cyber operations against power grids (like Ukraine or suspected incidents in Venezuela) tend to be targeted, temporary, and difficult to verify publicly. And importantly, Venezuela’s grid is already:
- Fragile and ageing
- Prone to outages from underinvestment and infrastructure issues 

Which makes attribution even murkier. When the lights go out, it’s not always a hacker, sometimes it’s just the grid doing what it’s been doing for years.

So, could someone manipulate industrial control systems? Yes. Do threat actors often overstate their capabilities for impact? Also yes. For now, treat this one as high-drama, low-confirmation.

Software Vulnerabilities

Palo Alto PAN-OS; authentication bypass + config tampering (active exploitation, KEV).
Palo Alto found itself back under the microscope with an auth bypass that lets attackers sidestep login controls and start fiddling with configurations. Not quite the sort of “user-friendly access” they had in mind. Patch immediately, lock down management interfaces, and check for any unexpected configuration changes. If something looks “off,” it probably is.

Microsoft Windows SmartScreen; security feature bypass (zero-day exploitation).
A neat little irony: a vulnerability designed to bypass the thing that’s meant to stop you running dodgy files. This one’s been actively exploited in the wild, typically as part of phishing chains. Users think they’re safe, attackers say otherwise. Get those updates rolled out and remind users that “Are you sure?” prompts still deserve a moment’s thought.

Fortinet FortiGate; continued exploitation of known flaws.
Fortinet’s greatest hits album is still being played, loudly. Older vulnerabilities in FortiGate devices are being actively exploited again, particularly where patches were missed or only partially applied. Verify patching is actually complete (not “we think we did it”), and hunt for persistence. Attackers rarely tidy up after themselves.

VMware ESXi; targeting unpatched instances.
ESXi continues to be prime ransomware real estate. This week saw renewed targeting of unpatched or poorly secured instances, with attackers going straight for virtual infrastructure. Efficient, really, why compromise one server when you can have them all? Patch, segment, and for the love of uptime, don’t leave management interfaces exposed.

Edge devices in general; still the soft underbelly.
Firewalls, VPNs, routers… if it sits on the edge and talks to the internet, it’s being probed. This isn’t a single CVE, it’s a pattern. Attackers are focusing on entry points that organisations forget about after deployment. Continuous monitoring, regular patching, and maybe a quick audit of “what’s actually exposed right now?”

Data & Privacy Headlines

AI companies still being asked awkward questions about data.
Regulators aren’t letting this one go. There’s growing pressure on AI firms to explain exactly where their training data comes from, and “the internet” is no longer an acceptable answer. Expect more scrutiny, and likely a few high-profile enforcement actions sooner rather than later.

The age verification debate is getting properly heated.
What started as “protect the kids” has quickly turned into “how much personal data are we comfortable collecting?” Governments want stricter controls, privacy advocates want fewer databases full of faces and IDs, and tech companies are stuck in the middle trying not to upset everyone at once. Good luck with that.

Data brokers quietly sweating under regulatory pressure.
There’s increasing noise around clamping down on data brokers, especially those dealing in location and behavioural data. The uncomfortable truth is that entire industries exist purely to package and sell personal information. Regulators are starting to notice… loudly.

Breach disclosures now feel like real-time events.
Companies are getting faster at disclosing breaches, often because attackers beat them to it. The result? Public, messy, unfolding incidents where updates come in waves. It’s less “incident report” and more “live broadcast.”

Privacy is finally becoming a competitive advantage.
A small but notable shift: companies are starting to realise that strong privacy practices aren’t just about avoiding fines, they’re good for business. Turns out people quite like knowing their data isn’t being casually leaked or sold on the side. Who would’ve thought?

Smarter Protection Starts with Awareness

Third-party exposure is now a first-order risk. You can’t patch what you can’t see.
Free Data Breach Exposure Scan: Check any domain in seconds: https://breachaware.com/scan