A total of 7 breaches were found and analysed resulting in 145,841 leaked accounts containing a total of 19 different data types. The breaches found publicly and freely available included Reserved, Stealer Log 0399, Camel Grinding Wheels, Instituto Universatario De Tecnologia De Administracion Industrial and InflateVids. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

Kicking off the headlines, a popular video streaming site catering to enthusiasts of inflatable and balloon fetish entertainment fell victim to a cyber breach a week ago. The threat actor not only wiped the site's servers but also defaced the front page and subsequently leaked a substantial database on a well-known hacking forum. The aftermath has rendered the site inaccessible, undoubtedly disappointing balloon enthusiasts worldwide.

In a recent incident, a prominent European company specialising in research and infrastructure for bio-banking experienced a data breach. This company, dedicated to storing a diverse range of human biological samples, including DNA, blood, cells, and tissue, offers comprehensive services in the bio-banking sector.

In the midst of the ongoing conflict in the Middle East, individuals are remotely joining the fray from their homes. A notable Israel-based manufacturing company specialising in home carbonation systems recently encountered a security incident. The hacking group attributed their actions to the company's "long and well-known history of active engagement with the occupation."

Turning attention to cybercriminal activities, a threat actor is currently peddling stolen Bank of America data, boasting a collection of over five hundred thousand unique email addresses, accompanied by various data types, including social security numbers.

VULNERABILITY CHAT

The TeamCity tool vulnerability from JetBrains, a renowned provider of tools for software developers and project managers, is reportedly under exploitation once again. Previously exploited by North Korean hackers, this time the vulnerability has been leveraged by Russia's Foreign Intelligence Service (SVR). Government agencies in the US, Poland, and the UK have alerted numerous companies worldwide after discovering hundreds of compromised devices. Targets include an energy trade association, companies in software for billing, medical devices, customer care, employee monitoring, financial management, and more, as reported by The Record.

1 Common Vulnerabilities and Exposure (CVEs) was added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week: Vision PLC and HMI (Unitronics). See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

INFORMATION PRIVACY HEADLINES

Max Schrems of NYOB has filed a complaint with the Dutch data protection authority against X (formerly known as Twitter). The complaint alleges GDPR rule violations related to advertising targeting methods, specifically the use of individuals' political views and religious beliefs to tailor advertisements. Notably, according to CNBC, major brands such as Apple, Disney, and Microsoft have withdrawn their advertisements from the platform, citing controversies surrounding Elon Musk, including the sharing of a post exploring a popular antisemitic conspiracy theory.