Lockbit Birthday Wishes, Russian Ransomware Celebs & Privacy Fails.

A total of 22 breaches were found and analysed resulting in 92,498,711 leaked accounts containing a total of 32 different data types. The breaches found publicly and freely available included Special K, ULP 0005, TGBUS, ULP 0004 and DangDang. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

Lockbit, Conspiracies, and Birthday Wishes for the FBI.

We try to keep things relatively straightforward in our weekly insight, but this story definitely had a few of us doing double takes around the office. It all kicked off when LockbitSupp, the mouthpiece of the infamous Lockbit 3.0 ransomware gang, decided to leave an... unusual message on their official onion site last week.

The note was directed straight at the new FBI director, Kash Patel. And in true Lockbit fashion, it wasn’t just a simple “Happy Birthday” card. Oh no. Instead, it read:

“I decided to give you the best gift of all — an archive of classified information for you personally, Mr. Kash Patel. A guide, a roadmap and some friendly advice. With access level ONLY for you. Under password. This information is for the benefit of the national security of the United States of America, information for you on how to find the truth.”

Yeah... nothing to see here, just a notorious ransomware group offering a personal "classified" birthday gift to the FBI director. Totally normal day on the dark web.

This post, of course, landed in the middle of a fresh wave of conspiracy theories. Rumours have been swirling that the FBI is in full panic mode, scrambling to delete compromising files after the Trump camp claimed they’d soon be releasing a treasure trove of long demanded documents, we're talking JFK, RFK, MLK, UFOs, Epstein’s client list, 9/11 files, and even the origins of COVID-19.

Usually, ransomware gangs and conspiracy theorists occupy very different corners of the internet, but if anyone were to randomly drop classified FBI archives on a Tor site as a birthday present? Honestly, LockbitSupp feels like the right kind of unhinged.

-----

Wazawaka Sentenced: Russia’s Favorite Cyber Celebrity Gets a Slap on the Wrist.

In other news from the ransomware hall of fame, Mikhail Matveev, better known as “Wazawaka”, just got sentenced in Russia... and, well, let’s just say it’s not exactly hard time.

For those keeping score, Wazawaka’s résumé reads like a ransomware all-star lineup:
- Babuk ransomware (boss man)
- LockBit ransomware (member)
- Conti ransomware (member)
- HIVE ransomware (member)
- BlackMatter ransomware (member)

According to VX Underground, Matveev is believed to have played a role in major attacks on police departments and critical infrastructure, both in the US and across Europe. Basically, if something important got ransomwared, there was a decent chance Wazawaka was nearby, grinning in a luxury car.

Speaking of luxury cars, this is the same guy who openly posted pictures of himself living large, handing out T-shirts featuring his own FBI wanted poster, and publicly declaring his love for Mother Russia.

So what’s his punishment?
- 18 months of “limited free speech” (whatever that means)
- Curfew
- Travel restrictions
- Social and employment limitations

In other words, he’s grounded. He’s basically not allowed out past 8pm and might have to delete some spicy tweets. That’s... it.

Not bad for someone topping the FBI and Europol’s most-wanted lists. If this is justice, it’s wearing flip-flops.

VULNERABILITY CHAT

Cisco has revealed that the Salt Typhoon hacking group primarily used stolen credentials to infiltrate telecommunications systems across the U.S. and globally. In one notable instance, the group exploited a seven-year-old vulnerability in Cisco software.

VulnCheck researcher Patrick Garrity analysed chat logs from the Black Basta ransomware group, finding that while they considered discovering new vulnerabilities, they largely relied on publicly available exploits for known flaws.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert about active exploitation of critical vulnerabilities in Adobe and Oracle products. CISA warns these attack vectors are frequently targeted by threat actors and pose ongoing risks to federal systems and enterprises.

Microsoft has added the BioNTdrv.sys driver from Paragon Partition Manager to its Vulnerable Driver Blocklist after the discovery of five zero-day flaws that enable local privilege escalation and denial-of-service attacks. However, the blocklist is not universally enabled by default, prompting the need for manual security reinforcement on some systems.

Israeli cybersecurity firm Lasso uncovered a serious flaw involving caching mechanisms in Microsoft Copilot and Bing, inadvertently exposing sensitive corporate data, including thousands of private GitHub repositories. Impacted companies include major tech players like IBM, Google, Tencent, PayPal, and Microsoft itself. Lasso warned that modern data leakage is exacerbated by AI systems that can rapidly ingest and persist leaked information.

A code audit led by researchers from Red Hat, Oracle, and SUSE uncovered 20 vulnerabilities in GRUB2, the widely used bootloader for Linux and Unix-like systems. The flaws enable potential secure boot bypass, remote code execution, and persistent firmware-level attacks, threatening millions of devices across enterprise and consumer environments.

4 Common Vulnerability and Exposure (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including:
- Microsoft; Partner Center
- Synacor; Zimbra Collaboration Suite (ZCS)
- Adobe; ColdFusion
- Oracle; Agile Product Lifecycle Management (PLM)
See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 1,522 vulnerabilities last week, making the 2025 total 8,090. For more information visit https://nvd.nist.gov/vuln/search/

INFORMATION PRIVACY HEADLINES

The UK’s Information Commissioner’s Office (ICO) has launched three investigations into TikTok, Reddit, and Imgur to assess whether these platforms adequately protect the privacy of children in the UK. Commissioner John Edwards emphasised, "If social media and video-sharing platforms want to benefit from operating in the UK, they must comply with data protection law."

Privacy-first messaging app Signal has surged to the top of Dutch app store rankings on both iOS and Android. In an interview with De Telegraaf, Signal President Meredith Whittaker cited growing public awareness around privacy, distrust of Big Tech, and rising political concerns about digital security as key drivers of this growth.

Privacy organisations like Tuta (formerly Tutanota) and the VPN Trust Initiative (VTI) are raising alarms about proposed French legislation seeking to weaken encryption and limit internet freedoms. A parallel proposal in Sweden would give law enforcement access to message histories from encrypted apps like Signal. Whittaker warned such a law would force Signal to exit Sweden, citing the company’s commitment to privacy.

The FTC is notifying nearly 3.7 million Avast customers who purchased antivirus software between 2014 and 2020. The FTC determined that Avast sold users’ browsing data to over 100 third parties via its subsidiary Jumpshot, violating consumer privacy. The $16.5 million settlement will be distributed as compensation to affected customers.

The Office of the Privacy Commissioner of Canada is investigating whether X (formerly Twitter) unlawfully used Canadians’ personal data to train artificial intelligence models. Brian Masse, an NDP lawmaker, stressed the importance of transparency, stating that Canadians deserve to know if their data is fuelling AI systems that could shape public discourse.

Firefox users are criticising Mozilla following an update to its Terms of Use, which now grants Mozilla a broad license over content inputted through the browser. Users expressed frustration after Mozilla quietly removed language from its FAQs that previously reassured users that Firefox would "never sell your data."

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan