France Rejects Encryption Ban & North Korean Hackers Exposed

A total of 17 breaches were found and analysed resulting in 103,560,038 leaked accounts containing a total of 34 different data types. The breaches found publicly and freely available included ULP Alien TxT File - Episode 3, ULP Alien TxT File - Episode 4, ULP Alien TxT File - Episode 5, Business Emails (CRM Database) and ULP 0007. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

Privacy enthusiasts and French citizens can breathe a sigh of relief, the French government has rejected the proposed law to ban encryption. The controversial bill, known as Article 8 of the Drug Trafficking Act, would have required all encrypted messaging services to decrypt messages on demand for the authorities. Ostensibly, this was all in the name of public safety. But let’s be honest, the French authorities already know where the drug gangs are operating. They didn’t need to strip away encryption to prove it.

Meanwhile, over in Sweden, a similar drama is unfolding. The Swedish government has been making not so subtle threats about restricting encryption for everyday citizens. But here’s the twist: The Swedish military just standardised the use of Signal, one of the most secure messaging apps, for all non-classified communications.

So, in a plot twist worthy of a spy thriller, the military gets privacy perks while the public gets... well, the short end of the stick. Guess encrypted messaging is fine, as long as you’re wearing camouflage.

In other bizarre news, North Korea has just been banned from ChatGPT. Apparently, cyber criminals and state-sponsored hackers weren’t using it for innocent queries like "how to bake a cake" instead, they were cheating on homework assignments. And by homework, we mean developing cyberattacks.

According to a new OpenAI threat intelligence report, North Korean hackers were using ChatGPT for tasks like:
- Researching vulnerabilities in applications.
- Building C#-based RDP clients for brute-force attacks.
- Creating and deploying obfuscated malware payloads.

Busy little hackers, aren’t they? But here’s the kicker, they got caught because of a hilariously rookie mistake. While copying and pasting into ChatGPT, they accidentally included staging URLs for their own malware. That’s right — they outed themselves. It's like tripping over your own shoelaces during a bank heist.

For the full facepalm-worthy details, check out the report: https://cdn.openai.com/threat-intelligence-reports/disrupting-malicious-uses-of-our-models-february-2025-update.pdf

And finally, Pavel Durov, the elusive Telegram founder and CEO, is making headlines once again. After spending last August in France under arrest, he’s now back in his sunny Dubai home, though the investigation against him continues.

Durov was detained by French authorities for allegedly failing to moderate Telegram, which now boasts a whopping 960 million users worldwide. The West, it seems, has grown increasingly wary of Telegram’s lack of government control.

Funny how things change. A few years back, Western governments praised Durov for standing up to Russian censorship and protecting user privacy. But once Telegram’s unregulated nature became an inconvenience to their own interests, the admiration quickly soured. Turns out, championing privacy is only heroic when it’s politically convenient.

And in a move straight out of a spy flick, Durov’s arrest didn’t happen at his villa or during a flashy conference. Nope. His private jet simply stopped to refuel in Paris—and that’s when authorities pounced. Next time, he might want to top off the tank before takeoff.

VULNERABILITY CHAT

Apple has addressed a vulnerability in its Passwords app, initially reported by security researchers at Mysk, by enforcing HTTPS for all network communications. This critical update significantly reduces the risk of attackers intercepting or redirecting traffic, making phishing attacks far more difficult to execute.

Veeam has issued an urgent warning about a critical Remote Code Execution (RCE) vulnerability that cybercriminals can exploit to compromise backup servers linked to a specific domain. In a detailed blog post, researchers Piotr Bazydlo and Sina Kheirkhah from watchTowr cautioned, "If you have not patched your Veeam server and it is joined to your AD domain, you are probably in real danger."

Next.js, the popular React framework for web application development, has also been found to contain a vulnerability. Security experts at Zeropath revealed that attackers could exploit this flaw to bypass security measures applied through middleware, jeopardising authentication, authorisation, and security header implementations.

In a concerning development, Pillar Security has discovered a vulnerability known as the "Rule Files Backdoor" affecting GitHub Copilot and Cursor. This exploit allows attackers to manipulate these AI-driven coding assistants, generating malicious code that may appear legitimate to unsuspecting developers.

A security flaw has also been disclosed in AMI’s MegaRAC Baseboard Management Controller (BMC) software, which could permit attackers to bypass authentication and execute further malicious actions. In response, HPE and Lenovo have swiftly released security updates incorporating AMI’s fix to safeguard their affected products.

Additionally, GreyNoise has reported a “notable resurgence of in-the-wild activity” targeting unpatched systems vulnerable to three ServiceNow flaws. Although ServiceNow promptly released patches after the vulnerabilities were identified by Assetnote researchers a year ago, many systems remain exposed.

The SANS Technology Institute has issued a strong recommendation for organisations using Cisco’s Smart Licensing Utility (CSLU) to update their software immediately. Two serious vulnerabilities were identified: a hardcoded password flaw that could grant attackers administrative privileges through the app’s API, and a second flaw that allows attackers to extract sensitive data from log files, including API credentials.

5 Common Vulnerability and Exposure (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including:
- TJ-Actions; Changed-files GitHub Action
- Fortinet; FortiOS and FortiProxy
- SAP; NetWeaver
- NAKIVO; Backup and Replication
- Edimax; IC-7100 IP Camera
See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published [unknown]* vulnerabilities last week, making the 2025 total 9,790. For more information visit https://nvd.nist.gov/vuln/search/

*At the time of publishing the NIST service was unavailable.

INFORMATION PRIVACY HEADLINES

Meta has reached a settlement with UK citizen Tanya O’Carroll, a human rights campaigner, agreeing to cease targeting her with personalised advertisements. O’Carroll, who brought the privacy case against Meta, remarked, “This is an individual settlement, but I believe its ramifications extend far beyond me.” In light of growing privacy concerns, Meta is reportedly considering introducing a subscription service in the UK that would offer users an ad-free experience for a fee.

Meanwhile, OpenAI is facing fresh scrutiny in Europe over its chatbot’s tendency to fabricate false information. The privacy advocacy group Noyb is backing a Norwegian individual who discovered that ChatGPT falsely claimed he had been convicted of murdering two of his children and attempting to kill the third. The complaint raises serious concerns about AI-generated misinformation and the lack of safeguards to prevent harmful inaccuracies.

In Morocco, the National Commission for the Protection of Personal Data (CNDP) has announced plans to hold hearings to establish privacy regulations for the use of video surveillance. This initiative follows reports that Rabat intends to install 4,000 AI-powered cameras equipped with facial recognition technology by the end of 2025. The CNDP’s proactive approach aims to ensure that privacy rights are maintained amid the country’s increasing reliance on surveillance technologies.

Amazon, on the other hand, has suffered a legal defeat in its ongoing battle against a substantial $812.4 million fine imposed by Luxembourg’s National Commission for Data Protection (CNPD). The court upheld the CNPD’s decision, ruling against Amazon’s challenge. While the company has indicated it is considering further appeals, the ruling stands as a significant milestone in the enforcement of data protection laws within the European Union.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan