Private Leak Markets, GitHub Chaos & The Rise of Silent Supply-Chain Hacks.

A total of 17 breach events were found and analysed resulting in 1,921,587 exposed accounts containing a total of 28 different data types of personal datum. The breaches found publicly and freely available included Stealer Log 0560, European Union (EU), Gites-de-France, Belambra and Canada Beauty Salon Database. Sign in to view the full library of breach events which includes, where available, reference articles relating to each breach.

Data Breach Impact

From hospitality and tourism platforms to regional consumer databases and the ever reliable stealer log ecosystem, the leaks continue to show how widely personal information gets recycled once it escapes into the wild. For third-party organisations, it’s a reminder that even smaller breaches can create outsized risks when employee data is involved. And for individuals, every exposed record adds another breadcrumb for scammers, fraudsters, and opportunists looking to stitch together a convincing attack. Small numbers don’t always mean small problems.

Cyber Update

Several dark web forums have recently experienced instability and downtime, but interestingly, the data trade itself doesn’t appear to be slowing down. If anything, it’s becoming more direct, more exclusive, and arguably more expensive.

The latest trend? Private leak channels. Hardly a day passes without advertisements appearing for paid-access Telegram or dark web channels offering “exclusive” stolen datasets. Prices vary wildly:
- Lower-tier access can reportedly start around $500 per year
- Elite circles, such as alleged ShinyHunters private channels — have seen reported entry prices reaching $10,000

Naturally, the scam rate is through the roof. The underground ecosystem is now flooded with:
- Fake “VIP” channels
- Repackaged old leaks
- Script kiddies pretending to be data brokers
- Threat actors selling access to data they don’t even possess

But beneath the nonsense, there may be a genuine structural shift happening. Historically, cybercrime forums monetised Ppremium memberships, reputation systems, escrow services and forum status and trust-building. Now? Threat actors increasingly seem to prefer “Cut the b*ll*cks. Just give me the data.” Less community. More marketplace.

Meanwhile, over in developer-land, GitHub appears to be going through one of those periods where everything happens at once. Reports circulating online suggest the platform’s uptime dropped as low as 86.68% over the past 90 days, alongside a string of security incidents and outages. Naturally, the community responded with humour “GitHub isn’t online long enough to be hacked.”

Well. About that. The threat actor group TeamPCP has resurfaced yet again, this time claiming to possess GitHub internal repositories, private source code and internal organisational data. Their post on a BreachForums clone stated “We are here today to advertise Github’s source code and internal orgs for sale.”

And then, because subtle extortion apparently isn’t fashionable anymore “We are not interested in under 50k.” According to the claims, roughly 4,000 private repositories are involved. But perhaps the most unsettling line was this “This is not a ransom… 1 buyer and we shred the data.”

Which is essentially cybercrime for “No hard feelings, just business.” They also threatened to leak the data publicly if no buyer emerged.

Shortly afterwards, GitHub itself posted publicly “We are investigating unauthorized access to GitHub’s internal repositories…” Importantly, GitHub stated there was currently no evidence customer repositories or enterprise environments were impacted, though investigations remain ongoing.

Still, the mere possibility of internal repository compromise is enough to make developers everywhere collectively inhale through their teeth. Because if private source code at GitHub scale genuinely leaked, the downstream implications could become extremely messy.

The alleged entry point? Another supply-chain attack. This time involving Nx Console, a Visual Studio Code extension. And here’s the uncomfortable part:
- VS Code extensions often update automatically,
- Developers trust them implicitly,
- Malicious updates can propagate silently at scale.

Meaning malicious code could theoretically spread into developer environments without anyone clicking anything suspicious at all. That’s the real danger with modern supply-chain compromises, you don’t hack the target directly. You compromise something they already trust and let automation do the rest.

Software Vulnerabilities

Citrix Bleed refuses to die.
Like a horror film villain nobody properly finished off, Citrix Bleed-style exploitation continued surfacing across enterprise environments this week. Threat actors were still targeting unpatched appliances, forgotten edge infrastructure and organisations whose patch strategy appears to rely heavily on optimism.

Security firms observed renewed activity involving:
- Session hijacking
- Credential theft
- Lateral movement after edge compromise

Some vulnerabilities stop being “new threats” and simply become part of the internet’s weather system.

Microsoft cloud token abuse escalates further.
Researchers highlighted increasingly sophisticated attacks abusing OAuth applications, refresh tokens and Entra ID trust relationships.

Attackers are learning a valuable lesson, why smash the window when you can borrow the keys? Several campaigns bypassed traditional detections entirely because activity appeared “legitimate” from the platform’s perspective. Identity has officially become the new perimeter. Unfortunately, the perimeter occasionally clicks “Accept”.

Open-source ecosystem hit by stealthier malware packages.
Another wave of malicious NPM, PyPI and GitHub-hosted tooling …targeted developers and CI/CD pipelines. The evolution this week wasn’t scale, it was quality. Packages featured:
- Cleaner documentation,
- Legitimate-looking commit histories,
- Better social engineering,
- Delayed payload execution to evade detection.

Supply chain attacks are becoming less “suspicious van” and more “well-dressed corporate infiltration”.

VPN and firewall scanning reaches industrial scale.
Mass internet scanning campaigns intensified against Palo Alto, Fortinet, SonicWall and Ivanti appliances. The interesting bit? Attackers increasingly automated:
- Vulnerability validation,
- Credential testing,
- Exploit chaining.

Meaning, the gap between disclosure and exploitation keeps shrinking dangerously. By the time the patch note reaches your inbox, someone’s probably already knocking on the firewall.

Mobile malware campaigns target banking apps with overlay attacks.
Android malware operators ramped up campaigns using:
- Fake login overlays,
- Accessibility abuse,
- Screen capture tooling.

Several families specifically targeted banking apps crypto wallets and MFA prompts. Mobile devices are now fully integrated into the financial attack chain, and users still largely trust their phones far more than they should.

Data & Privacy Headlines

DNA testing firm data-sharing backlash intensifies.
Consumer pressure mounted against genetic testing companies over:
- Data retention practices,
- Research partnerships,
- Potential future commercial use of DNA datasets.

Consumers are slowly realising “Discover your Viking ancestry” occasionally translates into “your genetic profile may outlive civilisation itself.” Genetic data is among the most sensitive categories imaginable, and many users clicked through consent forms like they were software EULAs.

Vehicle manufacturers criticised for excessive telemetry collection.
New reports highlighted connected vehicles collecting astonishing amounts of information, including driving behaviour, GPS history, in-car interactions and device pairings. Modern cars increasingly behave like smartphones with seatbelts. And many drivers have no realistic way to opt out without disabling core functionality.

Educational platforms accused of over-monitoring students.
Privacy advocates raised concerns around educational software tracking:
- Student engagement,
- Screen activity,
- Behavioural patterns,
- Attention metrics.

Because apparently children can no longer simply be bored in peace. The normalisation of surveillance at young ages has long-term societal implications nobody seems especially eager to discuss.

Data broker ecosystem continues quietly thriving.
Investigations showed location and behavioural data marketplaces remain extremely active despite mounting regulatory scrutiny. Data sources included mobile apps, retail analytics, ad-tech ecosystems and public records.

There is still an enormous industry built around selling variations of “People who visited a gym once and immediately bought protein powder.”

AI-generated impersonation fraud becomes frighteningly convincing.
Security researchers observed fraud campaigns using AI-generated voice cloning, executive impersonation and customer support scams. The quality leap is becoming noticeable. The old warning signs:
- Bad grammar,
- Weird phrasing,
- Obvious formatting.

…are quietly disappearing. Publicly available personal content is increasingly becoming raw material for impersonation engines.

Smarter Protection Starts with Awareness

Third-party exposure is now a first-order risk. You can’t patch what you can’t see.
Free Data Breach Exposure Scan: Check any domain in seconds: https://breachaware.com/scan