'%3e%3cg id='Final-Copy-2_2_' transform='translate(1275.000000, 200.000000)'%3e%3cpath class='st0' d='M7.4,12.8h6.8l3.1-11.6H7.4C4.2,1.2,1.6,3.8,1.6,7S4.2,12.8,7.4,12.8z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg id='final---dec.11-2020'%3e%3cg id='_x30_208-our-toggle' transform='translate(-1275.000000, -200.000000)'%3e%3cg id='Final-Copy-2' transform='translate(1275.000000, 200.000000)'%3e%3cpath class='st1' d='M22.6,0H7.4c-3.9,0-7,3.1-7,7s3.1,7,7,7h15.2c3.9,0,7-3.1,7-7S26.4,0,22.6,0z M1.6,7c0-3.2,2.6-5.8,5.8-5.8 h9.9l-3.1,11.6H7.4C4.2,12.8,1.6,10.2,1.6,7z'/%3e%3cpath id='x' class='st2' d='M24.6,4c0.2,0.2,0.2,0.6,0,0.8l0,0L22.5,7l2.2,2.2c0.2,0.2,0.2,0.6,0,0.8c-0.2,0.2-0.6,0.2-0.8,0 l0,0l-2.2-2.2L19.5,10c-0.2,0.2-0.6,0.2-0.8,0c-0.2-0.2-0.2-0.6,0-0.8l0,0L20.8,7l-2.2-2.2c-0.2-0.2-0.2-0.6,0-0.8 c0.2-0.2,0.6-0.2,0.8,0l0,0l2.2,2.2L23.8,4C24,3.8,24.4,3.8,24.6,4z'/%3e%3cpath id='y' class='st3' d='M12.7,4.1c0.2,0.2,0.3,0.6,0.1,0.8l0,0L8.6,9.8C8.5,9.9,8.4,10,8.3,10c-0.2,0.1-0.5,0.1-0.7-0.1l0,0 L5.4,7.7c-0.2-0.2-0.2-0.6,0-0.8c0.2-0.2,0.6-0.2,0.8,0l0,0L8,8.6l3.8-4.5C12,3.9,12.4,3.9,12.7,4.1z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
One Breach to Rule Them All: Why No Organisation Is Ever “Unaffected”
26 January 2026BREACHAWARE HQ
A total of 19 breach events were found and analysed resulting in 52,354,695 exposed accounts containing a total of 36 different data types of personal datum. The breaches found publicly and freely available included ULP Alien Txt File - Episode 31, ULP 0038, ULP 0039, Stealer Log 0550 and WebDo. Sign in to view the full
library of breach events which includes, where available, reference articles relating to
each breach.
Categories of Personal Data Discovered
Contact, Digital Behaviour, Technology, Sociodemographic, Finance, Commerce, Geolocation, National Identifiers, Membership, Career, Unstructured.
Data Breach Impact
Last week’s staggering haul (including leaks ominously dubbed Alien Txt File, Stealer Log 0550, and WebDo) demonstrates a sobering reality: even organisations not directly breached can find their own staff’s data caught in the crossfire. If employees’ personal or work credentials end up in these dumps, cybercriminals gain a dangerous foothold into your business via reused passwords or impersonation attempts, effectively giving them a direct line into company networks. Meanwhile, the fallout for those individuals is just as dire: exposed sensitive info often leads to fraud, identity theft, and other privacy nightmares. It’s a stark reminder that one company’s breach can quickly become everyone’s problem.Cyber Update: Greatest Hits (and Misses)
ALPHV (aka BlackCat) are back with a shiny new ransomware operation, proving once again that cybercrime gangs treat “pivoting” like it’s an Olympic sport. This time, they’ve decided Tor is more hassle than it’s worth. After repeated run-ins with law enforcement trying to knock over their infrastructure, they’ve ditched traditional negotiation and leak sites altogether and jumped headfirst onto the blockchain. Not for the decentralised vibes, but because it’s harder to kick the door in.Their new home of choice is the Internet Computer Protocol (ICP) blockchain, where they’re hosting ransomware infrastructure directly on chain. Deploying malware via blockchain isn’t exactly new, but it’s still rare, mostly because it’s complicated and a bit unhinged. For ALPHV though, it’s a strategic upgrade: no domains to seize, no servers to pull, and no registrar to phone when things go sideways. Think of it as bulletproof hosting, blockchain edition. Some have even dubbed it an “unstoppable” command and control setup, which might be optimistic, but you get the point.
ICP allows smart contracts to run as small programs on its nodes, meaning malicious traffic can blend neatly into oceans of legitimate blockchain activity. From a defender’s perspective, that’s awkward. One theoretical mitigation is blocking blockchains known to host malware, though that’s about as easy as banning email because someone once sent phishing. Possible? Yes. Practical? Debatable.
Elsewhere in the digital underworld, two new cybercrime forums have appeared, both bringing strong “chaotic neutral” energy. The first is clearly in its early days, with a layout that’s… let’s call it aggressively bad. It does, however, have a memorable name that’s probably best left untyped in a professional newsletter.
The second forum is more concerning, a BreachForums spin-off with an explicit Nazi theme. Whether it’s an edgy troll or something more serious is still unclear, but some of the admin posts suggest it’s not just for laughs. There’s noticeably more hostility and ideological chest-beating than your average cybercrime hangout, which is saying something.
As ever, the real question is longevity. Every new forum promises elite security, iron-clad reliability, and eternal uptime, and then promptly falls over. Since ShinyHunters publicly labelled BreachForums a botched job, none of the replacements have survived longer than a few months. The current speedrun record? About six days. Blink and you miss it.
Vulnerability Chat: The Fab Five Flaws
Citrix NetScaler ADC/Gateway Zero‑Days: Two critical bugs: CVE-2023-6548 (code injection) and CVE-2023-6549 (buffer overflow), hit Citrix's NetScaler like a bad sequel. Attackers are already using them to hijack systems or cause denial-of-service. CISA threw them straight into the KEV naughty list. Patch now or prepare to be CitrixBleed round two.Chrome’s First Zero‑Day of 2024 (CVE-2024-0519): Google patched an out-of-bounds memory access flaw in Chrome’s V8 engine. This one’s already being used in the wild, all it takes is a malicious webpage and boom: your browser’s been had. Update to version 120.0.6099.224 or later before your tabs start tattling.
Apple WebKit Gets a Black Eye (CVE-2024-23222): A nasty type confusion bug let hackers run rogue code via Safari or any app using WebKit. Apple’s January patch blitz squashed it. Clicking dodgy links could’ve turned your iPhone into their phone.
Ivanti VPN Chain Exploit (CVE-2023-46805 & CVE-2024-21887): Two flaws walk into a VPN... and walk out with system access. A bypass and a command injection, chained together for unauthenticated RCE. Advanced persistent threats are already loving it. If you use Ivanti Connect Secure, mitigate like your job depends on it, because it might.
ColdFusion, Hot Mess (CVE-2023-26360): Adobe’s ColdFusion server left the door wide open with an improper access control bug. Attackers used it to infiltrate federal systems and other high-value targets. If you're still running unpatched ColdFusion in 2024... brave. Also, breached.
Information Privacy Headlines: Last Week in "Oops"
Rite Aid’s Facial Recognition Faceplant: The FTC slammed Rite Aid with a 5-year ban on facial recognition after it used AI to flag “shoplifters” mostly wrongly, and mostly minorities. No oversight, no fairness, just bad PR. Retail surveillance: now with added lawsuits.NOYB vs. X: GDPR Smackdown: Elon’s X allegedly targeted ads using users’ political and religious data, which, last we checked, is illegal under GDPR. NOYB filed the complaint and wants fines flying. Turns out “free speech” doesn’t include free profiling.
Comcast (Xfinity) Bleeds 35 Million Records: Hackers exploited CitrixBleed to access personal data of nearly 36 million Xfinity users: names, DoBs, partial SSNs, the works. Detection? Took over a week. The only thing not breached was their customer trust.
EU Court Slaps SCHUFA (and Friends): The CJEU ruled that credit agencies can’t store insolvency data longer than public records (six months) and called their automated scoring practices unlawful. Score one for the little guy’s right to a fresh financial start.
23andMe’s DNA Disaster Widens: Nearly 7 million users had their genealogy data exposed due to credential stuffing and overly generous data-sharing features. Even users who weren’t hacked got caught in the net. Who knew “sharing DNA” could be this viral?
