Fine Wine, Fast Bugs, and Forum Drama.

A total of 30 breaches were found and analysed resulting in 15,193,862 leaked accounts containing a total of 29 different data types. The breaches found publicly and freely available included Quality Used Transmissions, ULP 0016, Telmex, ULP 0015 and AlfaStrakhovanie Group. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

APT29, the notorious Russian-backed hacking group, has launched a new malware campaign targeting European diplomats. In true Bond villain style, the lure was a phishing email offering an exclusive free wine tasting, allegedly hosted by the Indian ambassador.

All the recipients had to do was click a link to “RSVP” by filling out a form. That click triggered the installation of malware, dubbed GrapeLoader (or Windeloader). Apparently, even the highest echelons of government aren't immune to the promise of a cheeky glass of Shiraz. The campaign highlights once again that no matter how sophisticated your cybersecurity system is, a well-placed social engineering lure can still pop corks and devices.

New details have emerged about the Nemesis Market seizure by German authorities last year. Nemesis was a major dark web marketplace dealing in drugs, malware, and stolen credentials, operating on Tor with a user base north of 120,000 by early 2024 and more than 400,000 transactions.

Incredibly, Nemesis was a one-man show. Authorities revealed that the admin, a 39-year-old Iranian national named Behrouz Parsarad, ran both the marketplace and an affiliated criminal coin mixer for laundering money, personally profiting over $30 million.

The unsealed indictment charges Parsarad with conspiracy to distribute narcotics, conspiracy to launder money, and six counts of drug distribution. However, since Parsarad is based in Iran, he's comfortably beyond the reach of Western law enforcement. There are whispers he may even be plotting a Nemesis Market 2.0. Watch this space.

The BreachForums saga is starting to feel like a bad reboot franchise. After its latest collapse and all the drama surrounding possible FBI honeypots, a few new "replacement" forums have popped up.

One contender is Breached.fi, allegedly launched by ex-moderators and threat actors. However, former BreachForums staff quickly distanced themselves, warning that it could be a honeypot designed to harvest user credentials.

Meanwhile, another unnamed project is apparently brewing, led by former BreachForums insiders. They claim they're just ironing out some final issues before relaunching “properly.” Given the level of paranoia and distrust in the community, expect plenty of chaos before anything resembling stability returns.

VULNERABILITY CHAT

Researchers at cybersecurity firm Patchstack have uncovered a WooCommerce phishing campaign, highlighting that WooCommerce users remain unaffected as long as they refrain from downloading and installing the malicious plugin. The phishing email warns, “If misused, this could compromise user data, including customer details, order details, and payment method data, potentially leading to unauthorised payments, extensive data breaches, or even losing control of your website.”

SAP has disclosed and patched a highly critical vulnerability in its NetWeaver Visual Composer development server following evidence of exploitation in the wild. If successfully exploited, the vulnerability enables an unauthenticated attacker to upload malicious executable binaries, posing a severe threat to the host system.

A researcher at watchTowr has identified a vulnerability within Commvault’s Command Center. Detailed in a blog post, the issue involves a simple Server-Side Request Forgery (SSRF) that can be exploited even before authentication. SSRF attacks enable malicious actors to manipulate a server application into sending unwanted requests to internal or external systems.

The XRP Ledger Foundation has reported the discovery of a vulnerability in its official JavaScript library, which is widely used to interact with the XRP Ledger blockchain. According to security firm Aikido, sophisticated attackers managed to compromise the library by inserting a backdoor designed to steal private keys and gain unauthorised access to crypto wallets.

A newly disclosed vulnerability in the FastCGI library poses a major risk to embedded and IoT devices, potentially enabling remote code execution. Security researcher Baptiste Mayaud found a critical flaw in FastCGI’s parameter-parsing code that could allow attackers to exploit vulnerable systems.

Researchers at ARMO have identified a significant 'blind spot' in Linux that enables attackers to operate undetected. Specifically, they found that malicious activities could be performed without triggering the standard signals that security solutions typically rely on to detect suspicious behaviour.

Meanwhile, a recent Microsoft security update has unintentionally introduced a serious new flaw. Security researcher Kevin Beaumont discovered that the update creates a denial of service vulnerability, allowing non-administrator users to permanently block Windows security updates, significantly undermining system protection.

0 Common Vulnerability and Exposure (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week.
See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 585 vulnerabilities during the last week, making the 2025 total 15,761. For more information visit https://nvd.nist.gov/vuln/search/

INFORMATION PRIVACY HEADLINES

Privacy firm NOYB is representing a complainant who alleges that 2016’s Far Cry Primal collected extensive user information. According to the complaint, within just ten minutes of launching the game, users connected to external servers 150 times, including those operated by Google, Amazon, and Datadog. Ubisoft has responded by stating that an internet connection is necessary to verify ownership of the game.

Google has announced it will abandon its long-standing plan to eliminate cookies, citing a lack of consensus among industry stakeholders and increased regulatory scrutiny. This decision follows years of delays and mounting criticism of its Privacy Sandbox initiative, which faced significant challenges from privacy advocates and legal authorities concerned about user tracking and antitrust implications.

WhatsApp has introduced an Advanced Chat Privacy setting aimed at preventing other users from exporting chats or downloading images and media without consent. This new feature comes only weeks after the platform launched an AI tool that attracted considerable criticism from privacy advocates.

BMW has revealed plans to integrate DeepSeek’s open-sourced large language model into its new vehicle models in China later this year. “Key advances in AI are happening here. We are strengthening AI partnerships for integration in our vehicles in China,” said CEO Oliver Zipse.

The Federal Trade Commission (FTC) has officially updated its Children’s Online Privacy Protection Act (COPPA) rule, with the changes set to take effect on June 23, 2025. The amended rule places a stronger emphasis on securing personal data and restricts how and with whom this data can be shared. Operators of websites and apps aimed at children will now be required to conduct annual risk assessments and adhere to stricter data retention and deletion practices.

Arkansas Governor Sarah Huckabee Sanders has signed three new laws expanding privacy protections for children and teens. The Arkansas Children and Teens’ Online Privacy Act is modelled after proposed expansions to the federal Children’s Online Privacy Protection Act.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan