Deepfake Scam Targets YouTubers.

A total of 12 breaches were found and analysed resulting in 80,379,926 leaked accounts containing a total of 27 different data types. The breaches found publicly and freely available included ULP Alien File - Episode 2, Digitel, Kilts and Kilts, Mr Excel and Stealer Log 0513. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

In yet another example of AI powered cyber trickery, threat actors have been using deepfake technology to impersonate YouTube CEO Neal Mohan, all in a bid to steal login details from content creators. This sophisticated phishing campaign specifically targeted YouTube creators who make serious money from ad revenue. Some of these influencers are pulling in thousands of pounds a month, so naturally, they make for prime targets.

The scam started with an official looking email, featuring a convincing AI generated video of "Neal Mohan" explaining that YouTube’s monetisation terms were changing. The email then directed victims to a phishing page, where they were asked to "log in" to accept the new Terms and Conditions, handing their credentials over to hackers in the process.

YouTube has since warned users about clicking on links embedded in emails, urging them to manually check the official website for any real updates. Because if there's one lesson to be learned from all this, it’s that Neal Mohan probably isn’t personally emailing you about policy changes, especially with an AI-generated mouth that doesn’t quite sync up.

Meanwhile, things are looking pretty grim for one alleged core member of the LockBit ransomware gang.

A 51-year-old Russian-Israeli national, identified as Alexander Panev, is currently being extradited to the United States, where he’ll likely face the full force of the DOJ’s wrath. LockBit first made headlines in 2019, and since then, has been causing absolute mayhem across the globe.

The DOJ’s latest statement on the situation lays out just how much damage LockBit has done:
- Over 2,500 victims across 120 countries, including 1,800 in the U.S.
- Victims include hospitals, schools, nonprofits, critical infrastructure, and government agencies.
- The group extorted at least $500 million in ransom payments.
- Billions more lost in incident response and recovery costs.

So, here’s the real head scratcher: Why was Panev living in Israel, a country with a U.S. extradition treaty, instead of hiding out in Russia with the rest of his ransomware buddies? If you’re at the top of every government’s most wanted list, maybe relocating to a country that will hand you over to the feds isn’t the best move.

Following his arrest, Panev reportedly admitted to working closely with LockBit’s admin (LockBitSupp) on coding and development. Authorities also traced cryptocurrency transactions amounting to over $230,000 sent to him, further cementing his involvement.

VULNERABILITY CHAT

Apple has patched a critical vulnerability in iPhones and iPads that was actively exploited in the wild. The flaw lies within WebKit, the open-source browser engine that powers Safari, Mail, the App Store, and other Apple apps. To counter the threat, an out-of-bounds write issue was addressed with enhanced security checks, preventing unauthorised access to sensitive system resources or user data beyond the browser’s intended scope.

Meta’s Facebook has sounded the alarm over a security vulnerability affecting the FreeType open-source font rendering library, warning that it may have been exploited in real-world attacks. This flaw, classified as an out-of-bounds write issue, has the potential to enable remote code execution when parsing certain font files, posing a serious security risk.

GreyNoise has reported that a critical PHP remote code execution vulnerability affecting Windows systems is now being exploited on a large scale. This warning follows earlier findings from Cisco Talos, which revealed that an unknown attacker had been leveraging the same PHP flaw to target Japanese organisations as far back as January 2025.

Cisco Talos' Vulnerability Discovery & Research team has also uncovered multiple vulnerabilities in Adobe Acrobat. These security gaps stem from a combination of out-of-bounds read flaws and a memory corruption issue, all tied to the software’s font functionality. If exploited, these weaknesses could compromise system stability and security.

Separately, Cisco has disclosed a privilege escalation vulnerability in its IOS XR Software, which could allow attackers to execute unauthorised commands, manipulate critical data, or destabilise affected devices, raising concerns for enterprise security.

SAP has rolled out patches addressing high-severity vulnerabilities in its Commerce and NetWeaver enterprise software packages. The company has provided Security Notes detailing the remediation steps, which can be found in their official post https://support.sap.com/en/my-support/knowledge-base/security-notes-news/march-2025.html

Meanwhile, two security flaws have been identified in the open-source ruby-saml library, potentially enabling attackers to bypass Security Assertion Markup Language (SAML) authentication protections. A parser differential issue within the library creates an opening for Signature Wrapping attacks, which could lead to unauthorised authentication bypass.

Microsoft has also issued security updates to resolve 57 vulnerabilities across its software ecosystem, including six zero-days that have been actively exploited. One particularly critical flaw is a use-after-free (UAF) vulnerability in the Windows Win32 Kernel Subsystem, which could allow an attacker with existing access to escalate privileges locally, heightening the risk of further system compromise.

13 Common Vulnerability and Exposure (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including:
- Ivanti; Endpoint Manager (EPM)
- Advantive; VeraCore
- Microsoft; Windows
- Juniper; Junos OS
- Apple; Multiple Products
See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 793 vulnerabilities last week, making the 2025 total 9,790. For more information visit https://nvd.nist.gov/vuln/search/

INFORMATION PRIVACY HEADLINES

A company you may not have heard of, BraX, is gearing up to launch BraX3, a business smartphone tailored for those who prioritise privacy above all else. Running on iodéOS, an open-source, de-Googled Android 14 based operating system, it blocks ads, trackers, and unwanted data sharing by default. The device is currently available for pre-order on IndieGogo for $299, with more details available on BraX's website https://www.braxtech.net/

Amazon is phasing out a privacy focused feature that previously allowed select Echo devices to process voice requests locally. With this change, all voice recordings will now be sent to the cloud before deletion. Users who refuse to send their voice recordings will find that the Voice ID feature becomes non-functional, effectively "bricking" this capability on their devices.

In the ongoing legal battle between the UK and Apple, privacy advocacy groups Liberty and Privacy International, along with individuals Gus Hosein and Ben Wizner, are contesting what they believe to be the Home Secretary’s covert use of her powers to force Apple into granting government access to users’ secured iCloud data. The case raises serious concerns over digital privacy rights and government surveillance.

Apple has confirmed that it will introduce support for encrypted RCS messages in upcoming updates to iOS, iPadOS, macOS, and watchOS. This long-awaited feature ensures that rich text messages exchanged between Apple and Android users will be automatically secured using the latest industry standards, marking a significant step forward in cross-platform messaging security.

Meanwhile, the California Privacy Protection Agency (CPPA) has imposed a $632,500 fine on American Honda Motor Co., Inc. for breaching the California Consumer Privacy Act (CCPA). The violation stems from Honda’s failure to comply with the "symmetry in choice" requirement, which mandates that opting out of data collection must be as simple as opting in, something the company allegedly failed to uphold.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan