Ransomware Forums Fall, AI Fumbles Rise, and Breaches Keep Winning

A total of 30 breach events were found and analysed resulting in 69,419,585 exposed accounts containing a total of 47 different data types of personal datum. The breaches found publicly and freely available included ULP Alien Txt File - Episode 32, Chronopost, Cultura, Crunchbase and LinkedIn [Spain, Madrid]. Sign in to view the full library of breach events which includes, where available, reference articles relating to each breach.

Data Breach Impact

From corporate giants to niche platforms, the digital debris included everything from ULP's usual chaos to leaks tied to household names like Crunchbase and LinkedIn. What’s most alarming? This data was all just sitting out there, ripe for the picking. For third parties, it’s a wake-up call, your organisation might not be named in the headlines, but your employees could still be in the blast radius. And for individuals, it’s another notch on the belt of digital identity risk: think impersonation, phishing, or worse. When breaches go wide, no one stays safely on the sidelines.

Cyber Update

First up, a long-running resident of the cybercrime underworld has finally met its maker. Ramp4U, a forum that proudly zigged where others zagged, has been seized by the US Department of Justice and the FBI. While most cybercrime forums ran a mile from ransomware, largely because it attracts law enforcement attention like moths to a flamethrower, Ramp leaned all the way in. Its “ransomware welcome here” attitude dates back to around 2021, when several major Russian forums outright banned ransomware following global outrage over high-profile attacks, including those targeting a children’s hospital and the Colonial Pipeline.

Ramp happily filled that gap, becoming the go-to watering hole for ransomware gangs to recruit affiliates, promote their brands, and compare notes. In hindsight, it was less a question of if Ramp would be seized, and more when. The cherry on top? The seizure banner proudly displays Ramp’s own slogan: “THE ONLY PLACE RANSOMWARE ALLOWED!” now repurposed by the feds with delicious irony. Arrests, however, remain unlikely unless the admins decide to holiday somewhere without an extradition shield. Russia, as ever, remains the ultimate get-out-of-jail-free card.

Next, a reminder that policy documents exist for a reason. The newly elected Director of the US Cybersecurity and Infrastructure Security Agency (CISA), Madhu Gottumukkala, is facing scrutiny after it emerged he uploaded sensitive government documents to ChatGPT on four separate occasions. The files were marked FOUO (For Official Use Only), a clear violation of Department of Homeland Security data handling rules. ChatGPT is explicitly blocked on DHS networks, with staff directed to use an approved internal alternative known as DHSChat. Mr. Gottumukkala reportedly requested special access to use ChatGPT anyway, because apparently rules are more of a vibe than a requirement. The breaches were uncovered during a routine audit, which confirmed multiple guideline violations. Not exactly the look you want when running a national cyber defence agency.

Finally, over in Redmond, Microsoft is having a moment, and not the good kind. The company’s stock has dropped 11.21% this month, marking its worst market reaction in nearly 13 years. While much of the blame is being pinned on aggressive internal AI investment, some observers are pointing to a more familiar sore spot: Windows. Ending support for Windows 10 and nudging millions of users toward Windows 11, complete with higher hardware requirements, has forced organisations to upgrade perfectly functional machines or splash out on new ones. The result? A noticeable uptick in users eyeing Linux and wondering why their operating system suddenly needs the power of a small data centre. Call it market forces, call it karma, either way, the numbers aren’t lying.

Software Vulnerabilities

Ivanti VPN Double Trouble (CVE-2023-46805 & CVE-2024-21887): Ivanti’s Connect Secure and Policy Secure appliances were hit with a double zero-day combo: one authentication bypass, one command injection. Together, they let attackers slide in with no creds and full control. State-backed groups wasted no time throwing shells and lifting creds. These bugs left the front door wide open, and the hackers didn’t even have to knock.

Confluence OGNL RCE (CVE-2023-22527): A legacy Atlassian Confluence vulnerability allowed unauthenticated remote code execution via OGNL injection. CVSS 9.8. Exploitation attempts shot up days after the patch dropped, classic "patch or perish" scenario. An old Confluence version gave attackers a blank canvas to paint malware masterpieces.

Cisco UC Remote Code Execution (CVE-2024-20253): Cisco's comms suite was found to have a bug that let unauthenticated attackers run commands just by sending a poisoned request. CVSS 9.9, and even Cisco sounded mildly panicked. A networking bug so bad it nearly maxed the CVSS, say hello to conference call carnage.

VMware vCenter Heap Overflow (CVE-2023-34048): Turns out a Chinese APT had been exploiting this critical vCenter bug for years before VMware patched it. Lateral movement, credential theft, ESXi compromise, you name it. This zero-day was like an invisibility cloak for espionage, and no one noticed until it was too late.

Citrix NetScaler Reloaded (CVE-2023-6548 & CVE-2023-6549): Just when you thought CitrixBleed was the worst of it, Citrix dropped two more zero-days. One led to code execution, the other to denial-of-service, and both were being exploited. Citrix is bleeding again, someone give it a digital tourniquet already.

Data & Privacy Headlines

The “Mother of All Breaches” (MOAB) Drops 26 Billion Records: A jaw-dropping 12-terabyte dataset containing over 26 billion records from thousands of past breaches was discovered sitting wide open. This Frankenleak included data from LinkedIn, Twitter, Tencent, and more, likely combining both known and previously unseen info. The culprit? A breach lookup service that accidentally left the vault door ajar. One leak to rule them all, and possibly to pwn them all too.

Yahoo Fined €10M for Cookie Consent Shenanigans: France’s data regulator CNIL dished out a €10 million fine to Yahoo for playing dirty with ad cookies. Yahoo reportedly dropped trackers even when users clicked “no” and designed interfaces that practically begged you to give up trying to opt out. Yahoo got dunked for trying to sneak cookies into the jar after bedtime.

TSA’s Face Scan Expansion Takes Off (But Privacy’s Still in the Overhead Bin): The TSA announced plans to roll out its facial recognition tech to over 400 U.S. airports. While it’s pitched as “voluntary” and “secure,” privacy advocates aren’t convinced, especially with concerns over racial bias, data retention, and a lack of legal safeguards. Smile for the scanner, but you might be frowning when your face ends up in a government dataset.

23andMe Confirms 6.9 Million DNA Profiles Were Exposed: In a serious plot twist, 23andMe revised its breach numbers from 14,000 to 6.9 million users affected. Sensitive data including family trees, ancestry reports, and genetic matches were compromised, all thanks to credential stuffing and a bit too much “sharing” via their DNA Relatives feature. Turns out your cousin’s password habits might just leak your family tree.

X (Twitter) Accused of Using Sensitive Data for Targeted Ads: Privacy crusader noyb hit Musk’s X with a GDPR complaint for allegedly targeting ads based on users’ political and religious beliefs, something even X’s own policies say is a no-no. The kicker? The campaign in question was run by the European Commission itself. When even the regulators break their own rules, you know it’s peak GDPR drama.

Smarter Protection Starts with Awareness

Third-party exposure is now a first-order risk. You can’t patch what you can’t see.
Free Data Breach Exposure Scan: Check any domain in seconds: https://breachaware.com/scan