'%3e%3cg id='Final-Copy-2_2_' transform='translate(1275.000000, 200.000000)'%3e%3cpath class='st0' d='M7.4,12.8h6.8l3.1-11.6H7.4C4.2,1.2,1.6,3.8,1.6,7S4.2,12.8,7.4,12.8z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg id='final---dec.11-2020'%3e%3cg id='_x30_208-our-toggle' transform='translate(-1275.000000, -200.000000)'%3e%3cg id='Final-Copy-2' transform='translate(1275.000000, 200.000000)'%3e%3cpath class='st1' d='M22.6,0H7.4c-3.9,0-7,3.1-7,7s3.1,7,7,7h15.2c3.9,0,7-3.1,7-7S26.4,0,22.6,0z M1.6,7c0-3.2,2.6-5.8,5.8-5.8 h9.9l-3.1,11.6H7.4C4.2,12.8,1.6,10.2,1.6,7z'/%3e%3cpath id='x' class='st2' d='M24.6,4c0.2,0.2,0.2,0.6,0,0.8l0,0L22.5,7l2.2,2.2c0.2,0.2,0.2,0.6,0,0.8c-0.2,0.2-0.6,0.2-0.8,0 l0,0l-2.2-2.2L19.5,10c-0.2,0.2-0.6,0.2-0.8,0c-0.2-0.2-0.2-0.6,0-0.8l0,0L20.8,7l-2.2-2.2c-0.2-0.2-0.2-0.6,0-0.8 c0.2-0.2,0.6-0.2,0.8,0l0,0l2.2,2.2L23.8,4C24,3.8,24.4,3.8,24.6,4z'/%3e%3cpath id='y' class='st3' d='M12.7,4.1c0.2,0.2,0.3,0.6,0.1,0.8l0,0L8.6,9.8C8.5,9.9,8.4,10,8.3,10c-0.2,0.1-0.5,0.1-0.7-0.1l0,0 L5.4,7.7c-0.2-0.2-0.2-0.6,0-0.8c0.2-0.2,0.6-0.2,0.8,0l0,0L8,8.6l3.8-4.5C12,3.9,12.4,3.9,12.7,4.1z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
Hackers Pay for Tattoos, Cloudflare Mocked, and Ransomware Cartel Dreams.
08 September 2025BREACHAWARE HQ
A total of 26 breach events were found and analysed resulting in 21,504,511 exposed accounts containing a total of 27 different data types of personal datum. The breaches found publicly and freely available included ULP Alien TxT File - Episode 22, Skyeng, LinkedIn [sample data], QQ Mail and Allianz Life. Sign in to view the full
library of breach events which includes, where available, reference articles relating to
each breach.
Categories of Personal Data Discovered
Contact, Technology, Sociodemographic, Geolocation, Digital Behaviour, Finance, Commerce, Career, Unstructured.
Data Breach Impact
This cluster of breaches reflects a mix of mainstream platforms, financial services, and recurring unsecured repositories, a dangerous combination that amplifies risks for both consumers and enterprises. The exposure of LinkedIn sample data and QQ Mail points to threats in the professional and communication spheres, where stolen records can be weaponised for spear-phishing, business email compromise, or corporate espionage. The inclusion of Skyeng, an educational platform, broadens the impact into the edtech sector, where student and teacher identities may be leveraged for fraud or harassment. Meanwhile, the recurring ULP Alien TxT File underscores a persistent pattern of unsecured, low-friction data dumps, continuing to feed the open-source breach ecosystem.For organisations like Allianz Life and other named entities, the implications are serious. Financial services companies face heightened regulatory and reputational exposure when customer information is compromised, particularly given the trust-heavy nature of the insurance sector. Tech and communication platforms risk customer attrition if users lose confidence in their ability to safeguard sensitive personal and professional data. The cross-industry spread here signals a systemic issue: adversaries are no longer targeting just high-value financial platforms but are just as willing to exploit educational portals, communication hubs, and forgotten repositories. For the affected organisations, this wave of breaches isn’t just about incident response, it’s a test of their ability to demonstrate resilience, transparency, and proactive data stewardship in an environment where breaches are becoming alarmingly routine.
Cyber Spotlight
It’s been one of those weeks in the cyber underground, aka the COM, where reality feels more like a Netflix scriptwriter went rogue. Let’s dig into the madness.In what feels like a crossover episode nobody asked for, ShinyHunters and Scattered Spider have joined forces. They’re calling themselves Scattered Lapsuss Hunters, and their first week has been… well, chaotic doesn’t even cover it. They’ve already claimed hits on Land Rover, Zscaler, and Cloudflare. And in true edgy-teen fashion, they messaged Cloudflare CEO Matthew Prince with this gem:
“Dear Matthew Prince, CEO of Cloudflare, Inc., WE ARE DEMANDING YOU CHANGE YOUR NAME FROM CLOUDFLARE TO CUCKFLARE OR WE WILL LEAK YOUR DATA!!!! — ShinyHunters/Scattered Spider”
Subtle, right?
They’ve also bragged about compromising Google, name dropped FBI agents supposedly on their trail, and casually claimed they were secretly running BreachForums behind the scenes for PomPompurin (the admin arrested years ago). Their words:
“We always ran it behind the scenes until we were forced to come out and run it publicly in June 2023 with Baphomet.”
VX Underground summed it up beautifully “They’re doing an FBI Most Wanted speed run.” To top it off, they’re literally paying people to get “Scattered Lapsuss Hunters” tattoos. A thousand quid a pop, in crypto, and yes, people are getting inked around the world like it’s some bizarre cult recruitment drive. If this keeps up, we’ll be seeing these tattoos in mugshots before long.
While Scattered Lapsuss Hunters were busy LARPing as GTA villains, LockBit 3.0 quietly celebrated its sixth birthday. To mark the occasion (or maybe just by coincidence), DragonForce and Qilin ransomware crews floated the idea of forming a… ransomware cartel.
Their pitch went something like this:
- Stop insulting each other in public (it only entertains journalists and the FBI).
- Agree on equal competition terms, no undercutting, no dodgy deals.
- Work together like “allies, not enemies.”
- Increase revenue and “dictate market conditions.”
In other words: “Let’s form a cartel, but make it ransomware.” They don’t care what it’s called, coalition, cartel, underground bake sale, the message is simple: “There’s enough pie for everyone, let’s just slice it fairly.”
So, in one week we’ve got hackers handing out cash for tattoos, Cloudflare being threatened with playground insults, and ransomware gangs openly floating cartel-building like it’s 1920s Chicago. The COM is wild right now. And if law enforcement wasn’t already watching, they definitely are now.
Vulnerability Chat
Experts are sounding the alarm for SAP S/4HANA cloud customers after confirming that a critical code injection vulnerability patched in August is already being exploited in the wild. Attackers who pull it off gain admin-level access to targeted SAP systems, opening the door to OS-level interference. From there, the risks spiral: data theft, credential harvesting, backdoors, ransomware, and major operational disruption are all on the table.Google’s security team has also raised concerns, this time over a zero-day vulnerability in the SiteCore content management platform. The flaw was uncovered during a ViewState deserialisation attack that researchers managed to disrupt mid-operation. SiteCore has urged customers to patch immediately and to proactively scan their environments for any signs of compromise.
Meanwhile, a newly disclosed flaw in Apache Jackrabbit could expose applications to remote code execution risks. Researcher James John found that deployments using JndiRepositoryFactory for JCR lookup are particularly vulnerable. The Apache Software Foundation’s advice is clear: upgrade to version 2.22.2, where JNDI lookups are disabled by default.
7 Common Vulnerability and Exposures (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including:
- TP-Link; TL-WA855RE
- Meta Platforms; WhatsApp
- TP-Link; TL-WR841N
- TP-Link; Multiple Routers
- Linux; Kernel
- Android; Runtime
- Sitecore; Multiple Products
See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 1,815 vulnerabilities during the two last week, making the 2025 total 32,086. For more information visit https://nvd.nist.gov/vuln/search/
View the latest critical vulnerabilities, exploited vulnerabilities and EU CSIRT coordinated vulnerabilities from the European Union Agency for Cybersecurity (ENISA) "Vulnerability Database" here: https://euvd.enisa.europa.eu/homepage
Information Privacy Headlines
A federal jury has hit Google with a $425.7 million penalty after finding the company invaded users’ privacy by collecting data for eight years from millions of people who had disabled a tracking feature in their Google accounts. Google argued during the trial that the information was “non-personal, pseudonymous, and stored in segregated, secured, and encrypted locations,” but jurors were not convinced.The Walt Disney Company has also agreed to a settlement, this time for $10 million, over a children’s privacy lawsuit with the Federal Trade Commission. The case centred on YouTube videos Disney uploaded during the pandemic, which regulators said were mis-categorised in violation of the Children’s Online Privacy Protection Act (COPPA), a law that’s been in place since 1998.
Meanwhile, the FTC is pursuing a fresh case against Apitor Technology, a Chinese manufacturer of robot toys. Regulators allege that Apitor’s mobile app enabled unauthorised collection of children’s geolocation data through its integration of JPush, a toolkit built by Chinese mobile developer Aurora Mobile Ltd. (Jiguang). The lawsuit accuses the company of failing to obtain parental consent before gathering sensitive data.
Across the Atlantic, the European General Court has shut down a challenge by French MP Philippe Latombe, who sought to annul the EU-U.S. Data Privacy Framework (DPF). The court upheld the framework’s validity, saying it was consistent with the facts and legal context at the time the European Commission declared U.S. protections “adequate” back in 2023.
Smarter Protection Starts with Awareness
Data Breach Exposure Scan, Check Any Domain for Free https://breachaware.com/scan
