Forums Get Doxed, RaidForums Speedruns Death & Microsoft Blinks.

A total of 12 breach events were found and analysed resulting in 6,036,789 exposed accounts containing a total of 54 different data types of personal datum. The breaches found publicly and freely available included ULP Alien Txt File - Episode 29, Venezuela Citizen Databases, Turing, Webové Stránky and WithPropel. Sign in to view the full library of breach events which includes, where available, reference articles relating to each breach.

Data Breach Impact

What makes this breach cluster stand out isn’t just the number of accounts affected, but the extraordinary breadth of personal detail exposed. With an unusually high variety of data types involved, these leaks enable near complete identity reconstruction, giving attackers the ability to move well beyond basic phishing into coercion, impersonation, and long term surveillance style misuse. The inclusion of Venezuela citizen databases raises particularly serious concerns, as government linked population data can be exploited for political targeting, financial fraud, or cross border abuse. At the same time, platforms like Turing and WithPropel suggest that professional and employment related identities are also being swept into the breach ecosystem, increasing the likelihood of job offer scams, recruiter impersonation, and business email compromise. The recurring ULP Alien Txt File again highlights how aggregated, poorly controlled data repositories continue to amplify the damage of individual leaks.

For the organisations and entities tied to these exposures, the implications are profound. When datasets contain this level of detail, regulatory scrutiny intensifies and public trust becomes much harder to restore, especially for organisations associated with civic or employment data. Even companies indirectly involved, such as platforms whose users appear in aggregated ULP style dumps, face reputational risk as their brands become associated with repeated exposure cycles. This breach set reinforces a critical reality: data minimisation and lifecycle control are no longer optional. Holding excessive personal information, exporting it into unmanaged environments, or failing to monitor where it resurfaces creates systemic risk. In an era where breached data is endlessly recombined and redistributed, organisations must assume that anything they store without strict governance may eventually become part of the public breach economy.

Cyber Spotlight

Yet another cybercrime forum has allegedly been compromised, this time with fingers pointing at Indian cybercrime authorities and the FBI. Not exactly the dream team you want poking around your infrastructure.

Concerns really kicked off a few weeks ago when the forum’s admin was comprehensively doxed. And by comprehensively, we mean everything but his shoe size: home address, personal photos, social media accounts, PayPal details, and even the exact model of camera he owns (a Nikon D7200, for those keeping score).

Unsurprisingly, chatter inside the COMM has shifted toward “maybe don’t log in for a bit”. Many threat actors now believe the admin is fully compromised, and confidence in the forum’s safety has dropped faster than a reused VPN.

Last week, we promised to keep readers updated on Raid Forums V2, and, well, this update came much faster than expected. After launching with bold promises of upgraded security, renewed trust, and a bright future, the forum has already shut its doors. A message from the admin explains that they wanted to “build a space that valued privacy, encouraged collaboration, and provided a great experience,” which is forum admin speak for “this is harder than it looks.”

The announcement then took a sharp turn into a real-estate listing: The entire platform is now for sale, Telegram channel, domain, VPS infrastructure, database, and full ownership included. Serious buyers only. All of this happened just over a week after launch. For context, even BreachForums’ last resurrection managed to cling on for nearly a month. Raid Forums V2 has officially won the gold medal in shortest lived reboot. Speedrun complete.

Over in Big Tech land, Microsoft CEO Satya Nadella is reportedly dialling back the company’s AI ambitions. Spending on AI data centres is being cut, with as much as 50% of allocated funds redirected elsewhere. The reason? Simple: users seem to prefer ChatGPT, Gemini, and Claude. That’s got to sting, especially after Microsoft’s massive investment in OpenAI, and while Windows users continue to cry softly into their keyboards over the current state of Windows 11.

It’s a tough pill to swallow when you bankroll the future… and the future chooses someone else.

Vulnerability Chat

Security researchers at the Shadowserver Foundation have flagged around 125,000 WatchGuard Firebox firewall devices worldwide as being at risk from a critical vulnerability that’s already being actively exploited. WatchGuard itself has confirmed that attackers are trying to abuse the flaw in real world attacks, meaning this is a genuine zero day threat for any organisation that hasn’t patched yet.

Hewlett Packard Enterprise has also issued a serious warning of its own, releasing a critical security bulletin for a severe flaw in HPE OneView Software. The vulnerability could allow a remote attacker to execute arbitrary code without needing to authenticate at all. HPE credited security researcher Brock200 (Nguyen Quoc Khanh) for responsibly discovering and reporting the issue.

Meanwhile, concerns are growing around developer tooling. A newly detailed critical remote code execution vulnerability in Cursor Inc.’s integrated development environment highlights the risks that can come with trusted installation workflows and increasingly “agentic” AI powered development tools.

At a much lower level of the stack, Riot Games’ Vanguard anti-cheat team has uncovered a worrying firmware vulnerability affecting motherboards from major manufacturers, including Gigabyte, MSI, ASRock, and ASUS. Dubbed “Sleeping Bouncer,” the flaw allows sophisticated hardware based cheats to inject malicious code at the very earliest stages of system boot, slipping past security protections that appear to be active and trusted.

Finally, researchers at the U.S. National Institute of Standards and Technology (NIST) have discovered critical security flaws in the widely used Exim mail server. If exploited, these weaknesses could give remote attackers complete control over affected systems, making patching and mitigation a top priority for organisations running Exim.

7 Common Vulnerability and Exposures (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including:
- Gladinet; CentreStack and Triofox
- Apple; Multiple Products
- Fortinet; Multiple Products
- ASUS; Live Update
- SonicWall; SMA1000 appliance
- Cisco; Multiple Products
- WatchGuard; Firebox

See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 1,415 vulnerabilities during the last week, making the 2025 total 46,662. For more information visit https://nvd.nist.gov/vuln/search/

View the latest critical vulnerabilities, exploited vulnerabilities and EU CSIRT coordinated vulnerabilities from the European Union Agency for Cybersecurity (ENISA) "Vulnerability Database" here: https://euvd.enisa.europa.eu/homepage

Information Privacy Headlines

Apple has been handed a $115 million fine after Italy’s competition authority accused the company of abusing its dominant position in the App Store in ways that hurt third-party developers. The authority made a point of saying it has no problem with Apple putting privacy safeguards in place, even ones that go beyond what’s strictly necessary to protect users within iOS. The issue here, it said, is that Apple appeared to leverage its power as an app distributor to disadvantage developers whose business models rely on advertising, along with advertisers themselves and the platforms that sit in between.

At the same time, privacy advocacy group noyb has filed complaints with Austria’s data protection authority against TikTok, Grindr, and AppsFlyer. The group alleges these companies breached regional privacy laws in ways that could expose sensitive personal data. According to noyb, TikTok tracked a specific user’s Grindr activity through data firm AppsFlyer, a claim that raises serious questions about compliance with the EU’s General Data Protection Regulation.

On the research front, a December 2025 study by Digitain looking at risks to user privacy ranked what it described as the ten worst browsers for user security, based on risk scores where lower numbers indicate better privacy. At the bottom of the list was ChatGPT Atlas with a score of 99, followed by Google Chrome at 76 and Vivaldi at 75. Microsoft Edge came next with a score of 63, then Opera at 58 and Ungoogled at 55. Mozilla Firefox scored 50, Apple Safari came in at 49, DuckDuckGo at 44, and Tor rounded out the list as the least risky of the group with a score of 40.

Smarter Protection Starts with Awareness

Data Breach Exposure Scan, Check Any Domain for Free https://breachaware.com/scan