A total of 24 breaches were found and analysed resulting in 23,332,681 leaked accounts containing a total of 36 different data types. The breaches found publicly and freely available included Indian DataBase Package, Stealer Log 0508, Chess, LinkedIn (Executive Profiles) and Traderie. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

Doxbin’s got itself in hot water again, surprise, surprise. The controversial doxxing site, which has changed hands more times than a dollar bill since its launch in 2011, saw its latest drama unfold. It started as a darknet site and added a clearnet version in 2019. Even an FBI seizure couldn’t keep it down, as the owners snatched it back. It’s not exactly a household name, but in the underground world, it’s become some kind of twisted monument. Every now and then, a little drama bubbles up, usually thanks to egotistical owners or high-profile doxxings. Oh, and there’s even a theme song on YouTube titled “You’re on Doxbin.” Classy.

Rumours first flew about a total backend compromise, but the situation was a bit more... underwhelming. VX Underground, a malware analysis group, received an email from someone claiming to know the ins and outs of the Doxbin hack. They clarified that the “threat actor” didn’t have full backend access, just whatever scraps the admin panel allowed. The admin’s stolen credentials only had low privileges, and the leaked user base turned out to be a blacklist of banned accounts that had already made the rounds on hacking forums. Either way, the blacklist spread like wildfire through the usual sketchy channels.

Meanwhile, the United States Department of Justice had a “gotcha” moment with 8base, a ransomware gang formerly known as Phobos. It’s a rough time to be in the ransomware business—these gangs are dropping faster than Bitcoin in a bear market. Two Russian nationals living in Thailand allegedly ran this particular extortion scheme and made off with over $16.5 million between 2019 and 2024. They didn’t exactly win any humanitarian awards either, targeting children’s hospitals, healthcare providers, and schools. With help from Europol and German authorities, the US disrupted more than 100 servers, which probably sent the gang’s hard drives into full panic mode. The two suspects now face a buffet of seven charges that could land them 120 years behind bars. Crime may pay... until you get caught and lose the receipt.

In other “you can’t make this up” news, the Department of Government Efficiency (yep, that’s a real thing), run by Elon Musk, got defaced. For a hot minute, Doge.gov displayed a delightful message: “THESE ‘EXPERTS’ LEFT ETHIR DATABASE OPEN—roro.” 404media reported that the site is little more than a WordPress placeholder page slapped together by Elon’s team. Two anonymous web developers, poking around for fun or federal reasons, said the site seemed to be built on Cloudflare Pages, not hosted on government servers. The kicker? The database it pulls from can be edited by third parties and shows live changes on the site. The threat actor followed up with another charming note: “This is a joke of a .gov site.” Well, at least they’re honest.

VULNERABILITY CHAT

Apple has released iOS 18.3.1, an emergency update designed to address a serious security vulnerability that is already being exploited in real-world attacks. The flaw, initially discovered by Bill Marczak of The Citizen Lab at the University of Toronto's Munk School, allows attackers to remotely disable USB Restricted Mode on an unlocked phone. This vulnerability opens the door for sophisticated attackers to bypass the security feature and potentially infiltrate devices.

Meanwhile, the Russian Interior Ministry has warned of a critical vulnerability in WhatsApp, allowing spyware to infiltrate devices through infected PDF files shared in group chats. The spyware, named Graphite, can be installed automatically, without users needing to open the file or click any links, posing a significant threat to WhatsApp users.

Google has patched a flaw that allowed any email linked to a YouTube account to be accessed through a "relatively simple exploit." A security researcher known as Brutecat managed to chain several vulnerabilities across Google services to extract the email addresses of YouTube users. In recognition of the discovery, Google awarded Brutecat a $10,633 bounty.

Adobe has addressed a critical vulnerability in Adobe Commerce that could lead to arbitrary code execution, privilege escalation, and bypassing of security features. Additionally, Adobe warned of a denial-of-service vulnerability affecting its Substance 3D Stager tool, though the company has not detected any active exploitation of these issues.

IBL Software Engineering has disclosed a vulnerability affecting its Visual Weather software and related products, including Aero Weather, Satellite Weather, and NAMIS. The flaw allows remote, unauthenticated attackers to execute arbitrary Python code on affected servers, potentially compromising system confidentiality, integrity, and availability.

Cityworks, an enterprise asset management tool from Trimble, is also facing exploitation due to a zero-day vulnerability. According to a CISA advisory, this flaw allows authenticated users to perform remote code execution attacks on Microsoft Internet Information Services (IIS) web servers, putting customer data and operations at risk.

Finally, Devolutions has disclosed a vulnerability in its Remote Desktop Manager (RDM) software. The flaw enables attackers to intercept and modify encrypted communications through man-in-the-middle (MITM) attacks. The attack is network-based and requires no user privileges or interaction, making it particularly dangerous for organisations using RDM.

7 Common Vulnerability and Exposure (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including:
- Zyxel; DSL CPE Devices
- Microsoft; Windows
- Apple; iOS and iPadOS
- Mitel; SIP Phones
- SimpleHelp; SimpleHelp
See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 972 vulnerabilities last week, making the 2025 total 5,977. For more information visit https://nvd.nist.gov/vuln/search/

INFORMATION PRIVACY HEADLINES

Google is reversing its stance on "fingerprinting" with new rules allowing online advertisers to collect more data about users, including their IP addresses and device information. Previously, Google had stated that fingerprinting "subverts user choice and is wrong." Lena Cohen of the Electronic Frontier Foundation told the BBC, “By explicitly allowing a tracking technique that they previously described as incompatible with user control, Google highlights its ongoing prioritisation of profits over privacy.”

In a related move, Google is capping Customer Match list durations at 540 days, a change that may impact advertisers’ targeting strategies and campaign performance. This shift aligns with increasing privacy concerns and best practices for Customer Match, pushing advertisers to maintain more up-to-date customer data. To adapt, advertisers will need to implement regular data refresh protocols to keep campaign performance consistent.

The European Commission (EC) has announced it will no longer pursue three draft rules intended to regulate technology patents, artificial intelligence (AI) liability, and consumer privacy on messaging apps. Opposition from affected industries and a lack of expected approval from EU lawmakers prompted the EC to abandon the drafts, according to Reuters.

Worldcoin has announced that Filipinos will soon gain access to World ID, a service adopted by over 23 million people globally. World ID aims to help users distinguish themselves from AI-driven bots through a biometric scan, emphasising the importance of proving humanity in an increasingly automated digital world.

Germany's antitrust authority, Bundeskartellamt (FCO), has released preliminary findings from its investigation into Apple, suspecting the company may be treating third-party app developers unequally. The probe focuses on Apple’s App Tracking Transparency (ATTF) framework, which allows iOS users to block apps from tracking them for ad targeting. Apple is currently appealing the FCO’s designation and seeking to overturn the watchdog’s authority to exercise special abuse powers.

The Electronic Frontier Foundation (EFF) and a coalition of privacy advocates have filed a lawsuit seeking to prevent the U.S. Office of Personnel Management (OPM) from disclosing millions of Americans’ private data to the “Department of Government Efficiency” (DOGE). The lawsuit also demands that any data already shared with DOGE be deleted immediately.

John Joyce, Vice Chairman of the House Committee on Energy and Commerce, will lead the establishment of a comprehensive data privacy working group. "We are creating this working group to bring members and stakeholders together to explore a framework for legislation that can get across the finish line,” said Chairman Guthrie and Vice Chairman Joyce.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan