A total of 15 breaches were found and analysed resulting in 3,010,005 leaked accounts containing a total of 26 different data types. The breaches found publicly and freely available included Strong Current, Email Data Pro, Stealer Log 0506, Lapor GO and International Olympiad Foundation. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

Following up on a recent story in our monthly newsletter, law enforcement has seized a number of major cybercrime forums and services. Last Friday, the United States Department of Justice issued a statement regarding Cracked.io, Nulled.to, and Sellix.io, detailing their alleged involvement in widespread cyber fraud. According to the DOJ, Cracked.io alone has contributed to fraud and cybercrime affecting 17 million American citizens.

The Federal Bureau of Investigation provided a disturbing example of such activities. Users of Cracked.io were involved in extortion and sextortion schemes, cyberstalking, and issuing threats. In one instance, individuals harassed a woman, bombarding her with sexually explicit and coercive messages. As part of the crackdown, the FBI has seized all of Cracked.io’s servers and infrastructure, including their alleged payment processor, Sellix.

The second major cybercrime platform, Nulled, has also been dismantled. Its administrator, an Argentine citizen living in Valencia, Spain, was arrested several days ago following a raid by the Spanish Guardia Civil. The FBI has confirmed that Nulled.to has been seized, with authorities alleging that the site was a hub for selling hacking services and stolen data. Boasting over 5 million users and a staggering 54 million posts related to cybercrime and fraud, the platform was a giant in the underground market.

Unfortunately for the admin, the FBI has also gathered extensive information on those involved with Nulled’s escrow service. On the dark web, one of the biggest challenges is trust—who sends money first when purchasing illicit goods or services? To solve this, many marketplaces operate escrow services, acting as middlemen who verify transactions before releasing funds. In Nulled’s case, this system allegedly facilitated the sale of illegal materials, leaving its admin exposed to serious legal consequences. According to the DOJ, "Nulled’s customers would use redacted services to complete transactions involving stolen credentials and other information.” As a result, the admin now faces charges including conspiracy to traffic in passwords, which alone carries a five-year sentence. With three additional convictions pending, he could be looking at a total of 30 years behind bars.

In a surprising twist, Amazon’s “Just Walk Out” stores, touted as AI-driven, cashier-less shopping experiences—aren’t actually powered by artificial intelligence. Instead, they reportedly rely on a hidden workforce of 1,000 employees in India, manually monitoring customer movements, overseeing self-checkouts, and ensuring smooth transactions. A recent report brought this to light, prompting Amazon to issue a swift and firm denial. According to an Amazon spokesperson, "Human staff in India annotate video images, which includes training AI powered algorithms to recognise objects on the screen." Regardless of the technicalities, Amazon is now shifting away from “Just Walk Out” stores in favour of those familiar, yet often frustrating, handheld scanner guns that announce prices in their signature tinny tones.

VULNERABILITY CHAT

The WantToCry ransomware group has ramped up its operations, exploiting exposed SMB services to infiltrate networks, encrypt critical files, and demand hefty ransoms. By taking advantage of misconfigured Server Message Block (SMB) services, attackers gain an initial foothold before moving laterally across networks, escalating privileges, and deploying malicious payloads that lock down essential data.

Meanwhile, Nvidia has confirmed seven new security vulnerabilities affecting its GPUs. The company issued a stark warning: “To protect your system, download and install this security update,” urging users to act immediately to guard against denial-of-service attacks, information disclosure, and data tampering.

Threat actors have also set their sights on devices running SimpleHelp remote management software. According to Arctic Wolf, “If a threat actor chains these vulnerabilities together and gains administrative access to a SimpleHelp server, they could theoretically use it to compromise devices running the SimpleHelp client software.” This could pose a significant risk for organisations relying on the platform for remote assistance.

BeyondTrust has disclosed a critical security breach impacting 17 customers of its Remote Support SaaS platform. The attack was traced back to zero-day vulnerabilities exploited by Silk Typhoon, a hacking group believed to be operating out of China.

In another alarming discovery, SonarQube Cloud researchers have uncovered three vulnerabilities in the open-source PHP package Voyager, commonly used for managing Laravel applications. These flaws could be leveraged for remote code execution attacks, posing a threat to Laravel developers relying on Voyager’s pre-built admin panel for application management.

Apple isn’t immune to security concerns either. Cybersecurity researchers have identified at least two vulnerabilities in Apple’s processors, linked to flaws in the Load Value Predictor (LVP). They cautioned, “If the LVP guesses incorrectly, the CPU can perform arbitrary calculations with incorrect data under speculative execution. This can lead to critical checks in the program logic for memory security being bypassed, creating attack surfaces for spying on secrets stored in memory.”

Finally, Meta’s WhatsApp has revealed a new wave of cyberattacks targeting its users, particularly journalists and members of civil society. The company stated it has “high confidence” that spyware maker Paragon Solutions was behind the hacking activity, potentially compromising around 90 individuals.

1 Common Vulnerability and Exposure (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including Apple (Multiple Products). See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 762 vulnerabilities last week, making the 2025 total 4,355. For more information visit https://nvd.nist.gov/vuln/search/

The National Cyber Security Centre (NCSC) laid out a case for simplifying classification of security flaws and eliminating many of the currently used vulnerability scoring systems. Rather than attempt to score and prioritise vulnerabilities and patches based on severity ratings, the NCSC team believes organisations should adopt a simple policy with two classifications. They argue organisations would be better served by breaking vulnerabilities down into “forgivable” and “unforgivable” categories.

INFORMATION PRIVACY HEADLINES

Australia’s privacy commissioner, Carly Kind, has determined that government agencies have failed to adequately protect data related to "digital doppelgangers," individuals who share the same name and date of birth, leading to cases where government records mistakenly merge their personal information. In one such instance, Kind awarded $10,000 in compensation to a complainant whose healthcare records became entangled with those of another person with an identical name and birth date.

Meanwhile, the Open Rights Group (ORG) has flagged security concerns in all three canvassing apps developed for the UK’s major political parties: Labour, the Conservatives, and the Liberal Democrats. The group has urged action to address these vulnerabilities, citing potential risks to user data.

Across Europe, scrutiny is mounting over Chinese artificial intelligence company DeepSeek’s data collection practices. The Dutch privacy watchdog, AP, has launched an investigation, with chairman Aleid Wolfsen warning, “The AP is issuing this warning due to serious concerns over DeepSeek’s privacy policies and how it appears to handle personal information.”

France’s privacy watchdog, CNIL, has also stepped in, announcing plans to question DeepSeek to better understand the inner workings of its AI system and any associated privacy risks. A spokesperson explained, “To gain a clearer picture of how this AI system operates and the potential data protection risks, the CNIL will question the company behind the DeepSeek chatbot.”

Italy, however, has taken a more decisive stance, blocking DeepSeek’s service outright due to a lack of transparency regarding its use of personal data. South Korea is also preparing to investigate DeepSeek’s data management practices, with an official from the nation’s privacy commission confirming that a formal request for information could be issued in the coming days.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan