A total of 18 breaches were found and analysed resulting in 3,873,960 leaked accounts containing a total of 20 different data types. The breaches found publicly and freely available included Leader ID, Stealer Log 0403, iGlobe, Stealer Log 0404 and Pelayanan Denpasarkota. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

In a recent security incident, an association founded in Atlanta in 1977 and comprising energy engineers has fallen victim to a website breach orchestrated by threat actors. This non-profit professional society boasts a global membership of over 18,000 individuals spanning 100 countries. Established with the mission "to promote the scientific and educational interests of those engaged in the energy industry and to foster action for sustainable development," the organisation's headquarters are located in Ireland. Notably, they provide training and energy certifications to further their objectives.

On another front, a Russian website serving as a platform for hosting events, both online and offline across Russia, has succumbed to a data breach. The events hosted on this platform range from open mic nights to webinars covering a diverse array of genres and cultural interests. The breach has exposed a significant number of users, with over 1.7 million unique email addresses compromised, along with various data sets.

VULNERABILITY CHAT

A new exploit targeting Google has surfaced in the cybercrime underworld. Dubbed "zombie cookies," this exploit has the capability to hijack Google accounts by exploiting an undocumented 0auth2 functionality, enabling session hijacking. Last October, a threat actor revealed a method allowing Google cookies to persist through token manipulation, enabling the regeneration of session cookies and potential unauthorised access to a victim's account. This exploit has been integrated into popular malware strains like Lumma Stealer, and despite attempts by Google engineers to patch the bug, the exploit remains at large.

2 Common Vulnerabilities and Exposure (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week: Spreadsheet::ParseExcel and Google Chromium (WebRTC). See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

INFORMATION PRIVACY HEADLINES

Approximately 30 million randomly-selected users of Google's Chrome, the world's most popular internet browser, will be presented with an option to "browse with more privacy." This new feature disables third-party cookies, with plans for a broader rollout to eliminate cookies entirely later this year. Notably, Apple's Safari and Mozilla Firefox already offer options to block third-party cookies, marking a broader industry shift toward enhancing user privacy in the digital landscape.