Insiders Flip, Ransomware Crews Implode, & Zero‑Days Rain Down.

A total of 11 breach events were found and analysed resulting in 1,528,450 exposed accounts containing a total of 22 different data types of personal datum. The breaches found publicly and freely available included BitMart, La Diaria, Office of Alumni & Corporate Relations - IIT Madras, Naver and Misr Pharmacies Online. Sign in to view the full library of breach events which includes, where available, reference articles relating to each breach.

Data Breach Impact

The impacted entities span crypto exchanges, educational institutions, media outlets, tech platforms, and healthcare providers, indicating that no sector is insulated from attack. This mix of industries signals a pattern where data custodians with varying maturity in cybersecurity become equal, opportunity targets, enabling attackers to exploit weaker links in supply chains.

Organisations like BitMart and Misr Pharmacies Online face heightened scrutiny under global privacy laws (e.g., GDPR, HIPAA, and jurisdiction-specific data protection acts). The presence of healthcare and financial data intensifies the likelihood of regulatory penalties and mandatory disclosure requirements, amplifying reputational and fiscal consequences.

This dataset has high monetisation potential:
- Financial data may enable direct theft or fraud.
- Academic credentials from IIT Madras could facilitate research espionage or insider recruitment.
- Media outlets (La Diaria) and tech platforms (Naver) provide vectors for targeted disinformation and account takeovers.

Cyber Spotlight

Remember that anonymous file hosting site that shut down a few years ago because its admin couldn’t handle the endless torrent of abuse? (Turns out “free, anonymous file sharing” attracts the sort of crowd that doesn’t just swap cat memes.) Well, it’s back, presumably under new management, and once again serving as the go-to dumping ground for leaks, shady data, and, inevitably, worse. There are no ads, no paywalls, and no clear path to profitability, meaning someone’s footing the bill out of either altruism… or something less wholesome. Either way, the bad actors have noticed, and business is booming.

The UK’s National Crime Agency (NCA) has scored a win against Scattered Spider, the cybercriminal collective linked to ransomware attacks on Marks & Spencer, Harrods, and Co-op. Four individuals, two 19 year old men, a 20 year old woman, and a 17 year old, were arrested in coordinated raids in London and the West Midlands.

The story really took off after Brian Krebs’ coverage, which sent the cyber-offender community (COM) into a full-blown meltdown in the comments section. The bickering ranges from denial to finger-pointing to the kind of unhinged infighting that makes you wonder how these people ever manage to pull off a ransomware attack. For the curious, the thread is a fascinating glimpse into the psychology of online criminals, equal parts petty drama and schadenfreude.

In a delicious twist of irony, a National Crime Agency operative tasked with fighting global cryptocurrency scams has been caught… running one. Paul Chowles, 42, was sentenced to five years in prison for stealing 50 Bitcoin during a joint NCA–FBI operation that seized 92 BTC from a Silk Road 2.0 operator.

Chowles’ attempt at laundering the funds through mixing services was, to put it mildly, less than expert. Investigators traced the coins as he siphoned them off and eventually loaded the proceeds, valued at £613,147.29, onto debit cards. The kicker? Internal investigators quickly concluded that only someone on the inside could have pulled off the theft.

We can only imagine the reception awaiting Chowles behind bars. After all, nothing says “welcome to prison” like being the ex-cop who skimmed millions from a drug-market takedown.

Vulnerability Chat

Microsoft has issued an urgent warning about “active attacks” targeting server software widely used by government agencies and businesses for internal document sharing. The vulnerabilities affect on-premises SharePoint servers only, not the SharePoint Online version in Microsoft 365, and the company is urging customers to apply security updates immediately.

A new memory corruption flaw has also been uncovered in the popular file archiver 7-Zip. Security researcher Jaroslav Lobačevski of GitHub Security Lab found that carefully crafted RAR5 archive files could trigger denial-of-service conditions, leaving affected systems unresponsive.

Meanwhile, Fortinet is dealing with a critical issue in its FortiWeb Fabric Connector, which acts as a bridge between FortiWeb firewalls and other Fortinet products. According to the Shadowserver Foundation, the flaw has been actively exploited since July 11. Ryan Dewhurst, head of proactive threat intelligence at watchTowr, remarked, “The surge in compromised devices reflects how quickly threat actors are now operating, far faster than they have in the past.”

Another threat comes from a zero-day vulnerability in CrushFTP servers, now being actively weaponised. The bug, tied to a previously addressed issue in newer versions, is still exploitable in older builds, putting unpatched systems at serious risk.

Lenovo has also patched a buffer overflow vulnerability in its Protection Driver that could let attackers with elevated privileges execute arbitrary code. The company is urging users to update immediately and notes that the driver will auto-update when associated applications are launched.

3 Common Vulnerability and Exposures (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including:
- Wing FTP Server; Wing FTP Server
- Fortinet; FortiWeb
- Microsoft; SharePoint

See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

On a related note, NIST has proposed a new metric designed to help IT teams prioritise vulnerabilities more effectively. The initiative, centred on the LEV (Likelihood of Exploitation Value) framework, introduces a formula called KEV_Exploited(), which estimates a lower bound on the number of vulnerabilities that should appear on CISA’s KEV list by adding up the LEV probabilities for relevant threats. Read the whitepaper here https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.41.pdf

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 742 vulnerabilities during the last week, making the 2025 total 26,137. For more information visit https://nvd.nist.gov/vuln/search/

View the latest critical vulnerabilities, exploited vulnerabilities and EU CSIRT coordinated vulnerabilities from the European Union Agency for Cybersecurity (ENISA) "Vulnerability Database" here: https://euvd.enisa.europa.eu/homepage

Information Privacy Headlines

A high profile data privacy lawsuit against current and former Meta Platforms executives has ended almost as quickly as it began. On the second day of the trial, a lawyer for the shareholders who brought the suit told the court that both sides had agreed to settle. The deal spares Meta’s top leadership from taking the stand to discuss their handling of the infamous Cambridge Analytica scandal.

Meanwhile, Google’s Global Director of Privacy Safety and Security Policy, Kate Charlet, has criticised Meta’s proposed age verification system, arguing that it introduces unnecessary risks for children while failing to address core gaps in digital age assurance.

In Uganda, the Personal Data Protection Office has made headlines by ordering Google LLC to register as a data controller and collector within 30 days. The ruling comes after four Ugandan citizens filed a complaint alleging that Google was operating without the required registration and transferring personal data abroad without adequate safeguards, violations of the country’s Data Protection and Privacy Act.

A new study by cybersecurity company NymVPN has revealed that nearly one in three Britons is sharing sensitive personal data with AI chatbots, including tools like OpenAI’s ChatGPT. “AI tools have rapidly become part of how people work, but we’re seeing a worrying trend where convenience is being prioritised over security,” warned Harry Halpin, NymVPN’s CEO.

Tesla has also entered the conversation with its recent move to install Grok, its in-house AI chatbot, on all new vehicles by default. Now a permanent fixture on the in-car display’s home screen, Grok can field questions and carry out tasks just like ChatGPT or Google’s Gemini. But privacy advocates are raising concerns. “There is a huge amount of risk that the data collected in the privacy of our own cars will be used against us, whether by law enforcement or immigration officials or simply being monetised without our consent,” warned Albert Cahn, executive director of the Surveillance Technology Oversight Project.

And then there’s the viral video that caught a tech executive in an awkward moment of infidelity during a Coldplay concert in the U.S., sparking fresh debate about privacy at public events in the Netherlands. Dutch experts note that similar footage captured locally could have legal consequences, though protections remain limited. Attorney Yasar Bayram offered this practical advice: “You can step away or grab a drink when a kiss cam or similar segment is happening.” Willem Westermann, from the Association of Event Organizers, was more direct: “If you’re doing something you wouldn’t want to be made public, like cheating, you probably shouldn’t be doing it in public.”

Smarter Protection Starts with Awareness
Data Breach Scan, Check Any Domain for Free https://breachaware.com/scan