Leaked LLM Chats, PomPompurin Sentenced, and LAPSUS$ Bows Out.

A total of 22 breach events were found and analysed resulting in 10,974,592 exposed accounts containing a total of 31 different data types of personal datum. The breaches found publicly and freely available included ULP Alien TxT File - Episode 23, Slate and Tell, WoW Health, My Conan and Humanists Community in Silicon Valley (HCSV). Sign in to view the full library of breach events which includes, where available, reference articles relating to each breach.

Data Breach Impact

This latest series of breaches highlights how deeply personal and community centred data is increasingly at risk. The inclusion of organisations like WoW Health and the Humanists Community in Silicon Valley (HCSV) signals that healthcare and cultural or social identity groups are now being drawn into the breach landscape, raising the stakes beyond financial fraud and into the realm of sensitive personal profiling and targeted exploitation. Platforms such as Slate and Tell and My Conan demonstrate that even smaller, niche digital services are not immune, yet they may lack the resources or maturity to defend against sophisticated attacks. The continued appearance of ULP Alien TxT Files shows that unsecured repositories remain a persistent vulnerability, providing attackers with a steady stream of personal records to exploit.

For the organisations breached, the implications are both regulatory and reputational. Healthcare platforms like WoW Health must contend with stricter compliance demands, as mishandling medical or wellness-related data can trigger severe penalties and erode patient trust. Community oriented organisations such as HCSV face a different but equally damaging risk: the potential alienation of their members if personal identities are exposed or misused. Even small-scale breaches in these sectors can cause outsized harm, given the sensitivity of the information involved and the trust placed in these institutions. Collectively, this breach set highlights the growing need for data governance and security investment across all tiers of digital platforms, not just the largest or most obvious targets.

Cyber Spotlight

What’s worse than oversharing on social media? Oversharing with an LLM and watching your chats pop up on the dark web. Researchers are now finding large language model conversations being sold (and sometimes dumped for free) both on the dark web and clear-net. Sounds harmless until you realise just how many people and companies are dropping way too much sensitive info into these tools.

A recent leak, supposedly from China’s version of ChatGPT, contained a buffet of personal details: emails, phone numbers, home addresses, gender, education history, date of birth, even CVs and planning applications. Basically, the kind of stuff that makes identity thieves drool.

The ugly truth? Unless you’re self-hosting your own LLM (a pricey endeavour), you’re trusting a black box with your data… and hoping it doesn’t spill out the other side.

The infamous PomPompurin, once the face behind BreachForums, is back in the headlines. After years of speculation about who really ran the backend, the courts have had their final say: Pom has been re-sentenced to 188 months (15+ years) in prison and slapped with a $1.1 million fine.

Once celebrated in the COM as a sort of digital folk hero, support evaporated when the FBI raided his home and reportedly found a stash of CSAM. Some in the underground muttered about it being planted evidence (a known law enforcement tactic, they claim), but that remains firmly in the realm of speculation. Either way, Pom’s reputation, and his freedom, are gone.

In a surprise twist, LAPSUS$ and Scattered Spider have announced they’re calling it quits. The two gangs released a long joint statement, part farewell letter, part flexing of past conquests.

Highlights include:
- Reminding everyone they hacked Google four times in the past year.
- Teasing that their names will still appear in future disclosure reports, but insisting they’re no longer active.
- Sending “regrets” to the families of the four ShinyHunters members arrested in France.
- Signing off with a list of their threat actor handles and this line:
“We will enjoy our golden parachutes with the millions the group accumulated. Thank you to everyone who has watched and stuck around. Goodbye.”

So there you have it: two of the most notorious gangs in recent memory claiming they’ve cashed out, riding off into the sunset with pockets full of crypto. Whether it’s a real retirement or just the start of another rebrand remains to be seen.

Vulnerability Chat

Researchers have uncovered a serious issue in LangChainGo, the Go version of the popular LangChain framework. The flaw is a big one, it could let attackers dig into servers and steal things like SSH keys, API credentials, or other sensitive files, completely undermining the trust model these systems rely on.

Over in browser land, Google has rushed out an urgent update for Chrome on Windows, Mac, and Linux. The bug was serious enough to allow remote code execution, and researchers who reported it earned tens of thousands of dollars in bug bounties.

Samsung Galaxy users also have a reason to patch fast. A WhatsApp-reported vulnerability affects Galaxy phones running Android 13 and newer. It’s similar to a zero-click exploit WhatsApp already fixed on iPhones just last month, meaning attackers wouldn’t even need you to click anything to compromise your device.

Microsoft, meanwhile, has doubled down on its warning about a critical flaw in Active Directory Domain Services. If exploited, it could give attackers full SYSTEM-level privileges. The company also patched several privilege escalation bugs in Windows Defender Firewall.

On the academic side, ETH Zurich researchers have revealed yet another Spectre variant. This one, called Spectre-BTI, shows that a malicious virtual machine could actually siphon data from its host system without touching the host’s software, a particularly nasty scenario for cloud providers.

IBM has patched a misconfiguration in its QRadar SIEM platform. Before the fix, privileged users could tamper with configuration files, but the new update locks down file permissions to prevent that.

And finally, there’s a real-world exploit already making waves. Hackers are going after a flaw in DELMIA Apriso, a piece of manufacturing software used in aerospace, defence, automotive, and industrial equipment sectors around the world. That one’s already being abused, so it’s a top priority for organisations running it.

1 Common Vulnerability and Exposures (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including:
- Dassault Systèmes; DELMIA Apriso

See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 946 vulnerabilities during the last week, making the 2025 total 33,032. For more information visit https://nvd.nist.gov/vuln/search/

View the latest critical vulnerabilities, exploited vulnerabilities and EU CSIRT coordinated vulnerabilities from the European Union Agency for Cybersecurity (ENISA) "Vulnerability Database" here: https://euvd.enisa.europa.eu/homepage

Information Privacy Headlines

Google just rolled out VaultGemma, which it’s calling the most powerful differentially private large language model in the world. In a blog post, the company explained that it developed a new way to understand scaling laws for differential privacy, which made it possible to train and release what they say is the largest open DP trained model to date.

Meanwhile, over in the crypto space, the Ethereum Foundation’s research arm, previously known as the Privacy & Scaling Explorations team, has reintroduced itself under a new name: Privacy Stewards of Ethereum (PSE). Along with the rebrand comes a fresh roadmap, one that puts a spotlight on protecting users as Ethereum continues evolving into a global settlement layer.

Smarter Protection Starts with Awareness
Data Breach Exposure Scan, Check Any Domain for Free https://breachaware.com/scan