LeakBase Takedown, AI-Powered Hacks & KEV Exploits on the Rise.

A total of 46 breach events were found and analysed resulting in 16,503,444 exposed accounts containing a total of 54 different data types of personal datum. The breaches found publicly and freely available included Goli, RDC inMotiv, Roomvu, Guidely and Stealer Log 0554. Sign in to view the full library of breach events which includes, where available, reference articles relating to each breach.

Data Breach Impact

A hefty 46 breach events this week, but with a twist: while the 16.5 million exposed accounts mark a lower volume, the 54 types of personal data leaked show just how rich the pickings were. From wellness brands to real estate platforms and another helping of stealer log chaos, it’s a buffet of breach diversity. For third-party companies, it’s a sharp reminder that it’s not always about how many accounts leak, it’s about what leaks. And for individuals, the more data types spilled, the more angles scammers have to work with. In short? The numbers may be leaner, but the risk is anything but.

Cyber Update

Sometimes cybercrime runs like a slick global enterprise. Other times, the police simply turn up and unplug it. A coordinated international law-enforcement operation dismantled LeakBase, a long-running underground forum where stolen databases, login credentials, and financial records were traded like collector’s cards for aspiring fraudsters. The site had accumulated more than 142,000 members and, in a move that suggests boldness or remarkable optimism, operated openly on the clearnet.

Authorities across multiple countries launched roughly 100 enforcement actions, including house searches and arrests targeting dozens of the forum’s most active participants. Europol also seized the forum’s infrastructure and database, meaning thousands of users who believed they were operating anonymously may soon receive correspondence they very much did not subscribe to.

Perhaps the most charming detail of all: LeakBase maintained a rule banning the sale of Russian data. Even cybercrime markets, it seems, have compliance policies and geopolitical sensitivities.

Meanwhile, the ransomware industry continued humming along like a particularly unpleasant production line. Early in the week, the Play ransomware group added WCC Technologies Group to its leak site. The announcement arrived with the usual finesse: a public post declaring the breach and hinting that stolen data would appear if negotiations failed.

There was nothing especially novel about the technique, but the pattern reinforces how industrialised ransomware has become. Groups now operate less like chaotic hacker collectives and more like SaaS companies, complete with affiliate programmes, marketing announcements, and customer negotiations conducted in cryptocurrency. The only difference is that the product is extortion.

If ransomware gangs are the loud extortionists, leak forums remain the chaotic bazaar of the cyber underground. During the week, several fresh datasets surfaced online, including alleged leaks containing hundreds of thousands of Brazilian telecom customer records, alongside other large databases circulating across dark-web channels.

The lifecycle of these leaks is becoming almost ritualistic:
1. A breach occurs, often months earlier
2. The data circulates quietly among criminals
3. Someone eventually dumps it publicly for attention, revenge, or pocket change

It’s essentially the cybercrime version of recycling, except the end product is identity theft. Threat intelligence reports released during the same period highlight another shift: AI-assisted attacks are accelerating rapidly.

Tools powered by generative AI are lowering the barrier for cybercriminals to produce phishing campaigns, malicious scripts, and automated attack tools. In practical terms, this means attackers no longer need to be particularly skilled developers. They simply need a prompt, an internet connection, and questionable life choices. The result is an ecosystem with more participants, faster tooling, and increasing automation, a combination that tends to favour chaos.

Software Vulnerabilities

Android / Qualcomm, CVE-2026-21385
This was the week’s headline mobile headache: an actively exploited Qualcomm memory-corruption flaw landed in Android’s March security update and was added to CISA’s KEV list on 3 March. Translation: if your Android estate relies on OEMs that treat patching like a seasonal hobby, this one deserves some loud internal emails.

VMware Aria Operations, CVE-2026-22719
Also added to KEV on 3 March, this unauthenticated command-injection bug in VMware Aria Operations is the sort of issue that makes “single pane of glass” sound less like convenience and more like a hostage situation. Broadcom pushed patches and workarounds, but if the box is exposed and unpatched, the conversation gets grim rather quickly.

Hikvision multiple products, CVE-2017-7921
Yes, a 2017 bug made a fresh KEV appearance on 5 March, because old flaws never die; they just linger in forgotten cameras bolted to walls. This improper-authentication issue can hand attackers privileged access to surveillance kit, which is not ideal if you enjoy your CCTV being yours.

Rockwell Automation Logix / related products, CVE-2021-22681
Industrial environments also got the “please patch immediately” treatment. CISA added this Rockwell flaw to KEV on 5 March, warning that weakly protected credentials can allow unauthorised access to Logix controllers. OT teams everywhere were once again reminded that “air-gapped in spirit” is not a control.

Apple exploit-chain trio, CVE-2021-30952, CVE-2023-41974, CVE-2023-43000
CISA also added three older but actively exploited Apple flaws to KEV on 5 March. What makes this juicy is the reporting that these bugs are associated with the Coruna iOS exploit kit, which is less “one-off bug” and more “modular misery”. If you manage Apple fleets and haven’t normalised fast OS uptake, this is your hint.

Data & Privacy Headlines

Australia’s age-verification regime started bending the internet before it even fully arrived. Ahead of the 9 March compliance deadline, adult platforms began blocking or limiting Australian users rather than casually hoovering up IDs and face scans without a fight. It is a neat snapshot of modern privacy policymaking: protect children, absolutely, but perhaps without turning every adult website into a budget passport office.

More than 400 scientists called for a halt to mandatory age verification. The backlash sharpened this week, with hundreds of privacy and security researchers arguing that today’s age-checking tech is either invasive, insecure, or both. Their point was not especially subtle: building giant databases of faces, IDs and card details in the name of safety may be the sort of galaxy-brain move that creates the next breach instead.

Indonesia said it will begin phasing in restrictions for under-16s from 28 March across high-risk platforms including TikTok, Instagram, X, YouTube and Roblox. The global mood is getting unmistakable: governments no longer want platforms merely to pinky-swear that they care about kids; they want hard gates, hard rules and very little whining.

LexisNexis Legal & Professional confirmed a breach after stolen files were leaked. A legal and government data supplier confirming that attackers got into its environment and exposed customer and business information is, frankly, a privacy story with extra seasoning. Supply-chain exposure is bad enough; supply-chain exposure involving law firms and government-linked clients is the sort of thing that keeps compliance teams awake and billing by the hour.

The Odido breach turned from “bad” to “staggeringly inconvenient for national security types.” Fresh reporting this week said data from the massive Dutch telecom breach included records tied to ministers, protected persons and workers in strategic sectors. Telecoms have always been privacy-sensitive; this was a rather rude reminder that when a telco spills, it does not merely leak customer data, it leaks context, relationships, and a fairly useful map of society.

Smarter Protection Starts with Awareness

Third-party exposure is now a first-order risk. You can’t patch what you can’t see.
Free Data Breach Exposure Scan: Check any domain in seconds: https://breachaware.com/scan