Ransomware Rockstars, Bitcoin Billionaires & Chat Fails.

A total of 32 breaches were found and analysed resulting in 90,224,933 leaked accounts containing a total of 34 different data types. The breaches found publicly and freely available included ULP Alien TxT File - Episode 6, ULP Alien TxT File - Episode 7, ULP 0010, ULP 0011 and Groupe LDLC. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

There’s a new ransomware gang in town, and they’re not here to play. Arkana Ransomware has made quite the entrance by compromising Wide Open West (WOW!), one of the top ten internet providers in the United States.

Their victory lap? A montage video of them casually poking around WOW’s backend servers, all set to some ominous Eastern European banger. Nothing says "cyber menace" quite like hacking to the soundtrack of a villain's nightclub scene.

According to VX Underground, the breach is far more severe than initially thought. The most eyebrow-raising part? Arkana seemingly came out of nowhere. Brand new ransomware gangs typically start with smaller targets, not a top-tier U.S. ISP. Either they got incredibly lucky, or someone very experienced is pulling the strings.

In "things you probably shouldn’t say out loud" news, Michael Saylor's company now owns 2.4% of the entire Bitcoin supply, that’s a staggering 506,137 BTC, valued at over £33 billion.

Watcher.Guru broke the news on X (formerly Twitter), and while that’s an impressive flex, it’s also a giant neon "Hack Me" sign. Every cybercriminal from Lazarus Group (the North Korean hackers who recently stole $1.5 billion from Bybit) to bored script kiddies is probably plotting ways to have a go.

Good luck, Michael. Maybe invest in some serious OPSEC before someone decides to "redistribute" that wealth for you.

In a cybersecurity blooper that even Hollywood couldn’t script, a Signal group chat filled with security personnel from the Trump administration, discussing military strikes on Houthi rebels was leaked.

At first, people blamed Signal, but turns out, the breach had nothing to do with end-to-end encryption. Nope. It was just good old-fashioned human error. One of the 19 members of the chat accidentally added a journalist. Whether it was an honest mistake or an intentional leak is anyone’s guess.

Some speculated it might have been a QR phishing attack (where a victim is tricked into scanning a malicious QR code), but Signal requires manual approval when linking new devices.

Mike Waltz, one of the chat members, offered a masterful technical explanation of what happened “His number got sucked into my phone.”

Yes, folks, that’s his official reasoning. Maybe someone should suck out all the classified documents before his phone decides to share them with the next unlucky bystander. Perhaps it’s time for Mr. Waltz to give his phone a deep clean, or just stop discussing military ops in group chats.

VULNERABILITY CHAT

Dell Technologies has issued a security advisory highlighting multiple critical vulnerabilities affecting its Dell Unity storage systems and related software. These flaws, if exploited, could enable attackers to gain unauthorised access, execute arbitrary commands, or even compromise entire systems. Dell acknowledged the contributions of Prowser and the Ubisectech Sirius Team in identifying these vulnerabilities.

Google has responded to a severe zero-day security vulnerability in its Chrome browser by releasing a critical security patch. The flaw, discovered by Kaspersky, allows attackers to bypass Chrome’s sandbox protection, compromising user systems without any further interaction. The patch aims to mitigate the immediate risk posed by this exploit.

Mozilla has followed suit, releasing security updates to fix a critical flaw in its Firefox browser for Windows. The company noted that, in light of Chrome’s recent sandbox escape, Firefox developers identified a similar vulnerability within the browser’s inter-process communication (IPC) code, prompting the swift release of a patch.

Wiz Research has reported a series of unauthenticated Remote Code Execution (RCE) vulnerabilities in the Ingress Nginx Controller for Kubernetes. According to researchers Nir Ohfeld, Ronen Shustin, Sagi Tzadik, and Hillai Ben-Sasson, approximately 43% of cloud environments, including those operated by Fortune 500 companies — are vulnerable. The team has urged immediate patching to mitigate the critical risk.

The Qualys Threat Research Unit (TRU) has uncovered three vulnerabilities within Ubuntu's unprivileged user namespace restrictions. These flaws, disclosed to the Ubuntu Security Team in January, could potentially allow a local attacker to gain full administrative control.

Meanwhile, GreyNoise Intelligence researchers have warned that three older vulnerabilities in DrayTek routers are being actively exploited. The vulnerabilities, initially disclosed by Faraday Security, have led DrayTek to urge customers to update their firmware immediately to prevent buffer overflow attacks. The company has acknowledged Faraday Security’s role in identifying the issues.

CrushFTP has alerted customers to a critical authentication bypass vulnerability, advising immediate patching. In a recent email, the company cautioned that “an exposed HTTP(S) port could lead to unauthenticated access,” but noted that systems with the DMZ feature enabled are protected against the exploit.

A newly identified vulnerability in PHP’s libxml streams may affect web applications that rely on the DOM or SimpleXML extensions for HTTP requests. Attackers can exploit this flaw to manipulate document parsing by taking advantage of improper charset detection. Developers using the affected components are encouraged to apply patches as soon as possible.

In a proactive move, OpenAI has raised its maximum bug bounty reward to $100,000 for the discovery of exceptional critical security vulnerabilities. The company reiterated its commitment to security as its products and AI models continue to evolve. Details about the program can be found on the crowdsourced security platform BugCrowd https://bugcrowd.com/engagements/openai

4 Common Vulnerability and Exposure (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including:
- Reviewdog; action-setup GitHub Action
- Sitecore; CMS and Experience Platform (XP)
- Google; Chromium Mojo
See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 1,876 vulnerabilities during the last 2 week, making the 2025 total 11,666. For more information visit https://nvd.nist.gov/vuln/search/

INFORMATION PRIVACY HEADLINES

The Privacy Commissioner for Personal Data (PCPD) has introduced a Checklist on Guidelines for the Use of Generative AI by Employees. The guidelines advise companies to clearly define which generative AI tools, whether publicly accessible or internally developed, are permitted for workplace use. This move aims to promote responsible AI deployment while ensuring employee and company data remain secure.

In a significant step toward strengthening privacy protections, China has announced a ban on the installation of image-collecting devices in sensitive locations, including bed-and-breakfasts, dormitories, and fitting rooms. The new regulations are designed to prevent invasive surveillance and safeguard individuals’ privacy in private or personal spaces.

The Information Commissioner’s Office (ICO) has fined IT service provider Advanced £3.1 million over its failure to prevent a ransomware attack in 2022. Hackers gained access to systems operated by one of Advanced’s subsidiaries via a compromised customer account that lacked multi-factor authentication (MFA). The substantial fine underscores the importance of robust cybersecurity measures in protecting sensitive data, particularly in the healthcare sector.

Meanwhile, the New York Police Department (NYPD) has expanded its use of drones for emergency response operations, adding a new layer of aerial surveillance over the city. While law enforcement officials tout the technology’s potential for enhancing public safety, privacy advocates have voiced strong concerns. According to Recorder Future News, critics argue that the increased use of drones risks infringing on citizens’ privacy rights, raising questions about surveillance oversight and accountability.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan