Discord Bribery Scandal, BreachForums Seized (Again) & Korea’s Cloud Meltdown.

A total of 27 breach events were found and analysed resulting in 10,915,864 exposed accounts containing a total of 36 different data types of personal datum. The breaches found publicly and freely available included ULP Alien TxT File - Episode 25, Cherry Digital, FOAT, Stealer Log 0543 and Stealer Log 0544. Sign in to view the full library of breach events which includes, where available, reference articles relating to each breach.

Data Breach Impact

This latest collection of breaches shows a continuation of the pattern where traditional data exposures and malware driven leaks intersect to create sustained, multi-vector risk. The recurring ULP Alien TxT File and stealer logs (0543 and 0544) demonstrate how unprotected text-based repositories and credential-harvesting malware continue to feed a global ecosystem of recycled data leaks. Their persistence underlines the fact that even when an organisation tightens its defences, compromised endpoint data and previously exfiltrated credentials remain in circulation indefinitely. The inclusion of entities like Cherry Digital and FOAT indicates that smaller marketing and automotive-related companies, often dependent on customer relationship data, are becoming collateral victims of data sprawl. With 36 data types exposed, these breaches not only reveal personal information but also capture behavioural, transactional, and device-level insights that can be weaponised for targeted fraud, impersonation, or credential chaining.

For the affected organisations, the implications go beyond immediate containment. Repeated appearances of stealer logs in breach ecosystems highlight a failure to control endpoint-level risks, suggesting that data security cannot rely solely on network perimeter protections. Companies such as Cherry Digital face potential reputational fallout if client data is traced back to their infrastructure, while FOAT—representing niche or industry specific platforms, illustrates how supply chain and vendor relationships can become unintended breach conduits. These exposures serve as a reminder that protecting data today requires holistic visibility across all tiers of an organisation’s digital environment, including contractor systems, local machines, and cloud-based storage. For many, the most pressing task is not just cleaning up after a leak but preventing the quiet, continuous exfiltration that fuels the next one.

Cyber Spotlight

It’s not looking too hot for Discord right now, and we don’t just mean their servers. The recent Zendesk compromise just got a messy new chapter. The group behind the attack claims they didn’t hack their way in with any fancy zero-days… they just bribed the help.

According to the hackers, they reached out to members of the outsourced support team in Southeast Asia, offering them a casual $500 just to prove they worked there, followed by a few grand for actual access. You know, old-fashioned corruption over complicated code.

The kicker? Management knew about the emails but told staff to ignore them. Hindsight, as they say, is 20/20, though in this case, it’s more like 20 Bitcoin. Maybe next time, Discord will think twice before outsourcing critical data or, wild idea, paying staff enough so they don’t accept bribes from cybercriminals. We’ll be over here in our bunker, tinfoil hats on, quietly screaming into the void.

And now, the story that just won’t die, BreachForums. The infamous marketplace for leaked data and digital mischief has been seized. Again. This latest resurrection lasted less than a month before the feds rolled in faster than a DDoS attack on payday. But this time, they came with style. Forget the boring old black banners, this new seizure notice looks like it was designed by someone who just discovered Cyberpunk 2077. We’re talking animated blue lasers, a neon background, and the logos of four law enforcement agencies. Clearly, someone in the FBI’s design department got a budget increase.

ShinyHunters quickly distanced themselves, confirming they weren’t involved and that “everyone connected” had already been arrested. They also dropped what might be the final nail in the coffin for the old-school cybercrime community “The era of forums is over. We are not fighting this war anymore. This is officially the end.” Translation: forums are out, Telegram is in, and anyone launching a new “BreachForums reboot” is probably working for the feds.

And finally, we head to South Korea, where the government has just pulled off what might be one of the most catastrophic IT blunders in modern history. A massive fire has wiped out the country’s entire government cloud storage system, the G-Drive, which served 750,000 civil servants, 74 government agencies, and supported over 640 online services, including the country’s digital ID system. Citizens without physical IDs? Tough luck, go home.

The cause? Out-of-date UPS batteries. LG had warned the government about them last year, but, in true bureaucratic fashion, they got around to fixing them only after sparks literally started flying. The result: 858 terabytes of government data, gone in a blaze of glory. But wait, there’s more! They did have a full backup… stored in the same room as the original system. Yes, you read that right. The backup burned too. A perfect metaphor for every “we’ll fix it next quarter” decision ever made in IT history.

Vulnerability Chat

Oracle has issued yet another security alert for its E-Business Suite (EBS) after a fresh vulnerability was uncovered, the same software family previously targeted by the Cl0p ransomware group to breach corporate user accounts. According to NIST, this latest flaw is considered “easily exploitable,” raising concerns about how quickly attackers could take advantage of it.

In another major find, Legit Security researcher Omer Mayraz has discovered a critical vulnerability in GitHub Copilot Chat, calling it “CamoLeak.” The flaw could allow attackers to trick the AI assistant into quietly leaking sensitive user data. GitHub has since disabled image rendering in Copilot Chat as a precaution.

Security experts are also warning about two new high-severity vulnerabilities in 7-Zip, the popular open-source file archiver. The bugs could let remote attackers execute arbitrary code, though exploitation requires user interaction, meaning a victim would have to open a maliciously crafted archive for the attack to succeed.

Axis Communications has confirmed and fixed a serious issue in its Autodesk Revit plugin, where Azure Storage Account credentials were mistakenly exposed inside signed DLL files. The company says the vulnerability has now been fully patched.

Imperva researchers have gone public with details of a now-patched vulnerability in the widely used figma-developer-mcp Model Context Protocol (MCP) server that could have allowed attackers to execute arbitrary code.

Meanwhile, Wiz Research has revealed a critical remote code execution flaw in Redis, the widely used in-memory data store. The issue stems from a Use-After-Free (UAF) memory corruption bug that has quietly existed in Redis source code for roughly 13 years.

A zero-day vulnerability is also being actively exploited in Gladinet’s CentreStack and Triofox products. The flaw allows unauthenticated local file inclusion that can lead to remote code execution. While no patch is yet available, Gladinet has released a mitigation to reduce risk.

North Korean threat actors have ramped up their so-called Contagious Interview campaign, publishing 338 malicious npm packages that have already been downloaded more than 50,000 times. Their targets: cryptocurrency and blockchain developers, who are being lured in through clever social engineering tactics.

And finally, Apple is raising the bar in cybersecurity with its biggest-ever bug bounty, offering up to $2 million for anyone who can uncover a critical vulnerability capable of executing a “zero-click hack.”

9 Common Vulnerability and Exposures (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including:
- Linux; Kernel
- Microsoft; Internet Explorer
- Microsoft; Windows
- Mozilla; Multiple Products
- Oracle; E-Business Suite
- Synacor; Zimbra Collaboration Suite (ZCS)
- Grafana Labs; Grafana

See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 857 vulnerabilities during the last week, making the 2025 total 37,025. For more information visit https://nvd.nist.gov/vuln/search/

View the latest critical vulnerabilities, exploited vulnerabilities and EU CSIRT coordinated vulnerabilities from the European Union Agency for Cybersecurity (ENISA) "Vulnerability Database" here: https://euvd.enisa.europa.eu/homepage

Information Privacy Headlines

In a big win for digital rights advocates, the German government has refused to support the EU’s controversial Chat Control regulation after facing heavy public backlash. The chairman of the conservative CDU/CSU parliamentary group in the Bundestag made it clear where they stand, saying: “We, the CDU/CSU parliamentary group in the Bundestag, are opposed to the unwarranted monitoring of chats. That would be like opening all letters as a precautionary measure to see if there is anything illegal in them. That is not acceptable, and we will not allow it.”

Across the Atlantic, California Governor Gavin Newsom has signed a new privacy law requiring social media companies to make account cancellations simple, clear, and, most importantly, permanent. Once a user decides to delete their account, the platform must fully erase all associated personal data. The Governor also signed several other bills designed to strengthen California’s already strong privacy framework, ensuring consumers have more control and transparency over how their data is used.

Meanwhile, Austria’s data protection authority, the Datenschutzbehörde (DSB), has ruled that Microsoft broke the law by tracking students through its education software. According to the regulator, Microsoft failed to give students access to their own data and used cookies without proper consent. The DSB has ordered the company to provide access to the complainant’s data and to clearly explain how it collects and uses such information moving forward.

And in the UK, Microsoft’s own research has shed light on a growing trend, employees turning to consumer AI tools at work without official approval. The report found that 71 percent of UK workers have used or experimented with so-called “Shadow AI” tools for professional tasks, and more than half are doing it weekly. The findings highlight a fast-growing challenge for companies trying to balance innovation, security, and compliance in the age of generative AI.

Smarter Protection Starts with Awareness
Data Breach Exposure Scan, Check Any Domain for Free https://breachaware.com/scan