Ransomware Slumps, RaidForums Relaunches & VAS Crackdown Success.

A total of 17 breach events were found and analysed resulting in 2,686,286 exposed accounts containing a total of 30 different data types of personal datum. The breaches found publicly and freely available included France Travail, Miljodata, Corporate Mails Dump, 1 Million Pholoniex Email List [Sample] and Emirates Philatelic Association - EPA. Sign in to view the full library of breach events which includes, where available, reference articles relating to each breach.

Data Breach Impact

This breach cluster highlights how institutional, professional, and interest based communities are increasingly being drawn into the broader data exposure ecosystem. The involvement of France Travail is particularly significant, as employment related data carries high exploitation value, attackers can leverage it for job offer scams, benefits fraud, or impersonation of government services. Datasets like Corporate Mails Dump and the Pholoniex email sample reinforce how professional and crypto adjacent identities continue to overlap, making individuals more susceptible to targeted phishing and account compromise across work and financial platforms. Meanwhile, organisations such as Miljodata and the Emirates Philatelic Association show that even specialised or niche groups are not immune; their members’ data can still be repurposed for fraud or social engineering when combined with broader breach material. With 30 different data types exposed, attackers gain enough context to move beyond generic scams and into highly personalised exploitation.

For the organisations affected, the implications centre on trust erosion and governance gaps, rather than just technical failure. Public, facing or quasi, government entities like France Travail are expected to maintain strong safeguards, and any exposure risks undermining confidence among citizens who rely on these services. Professional and membership based organisations face a different challenge: reassuring users that their participation won’t lead to unwanted targeting or misuse of personal information. The appearance of corporate email dumps suggests weak controls around internal data handling and credential hygiene, which can cascade into further breaches if not addressed. Collectively, this breach set highlights that data protection responsibilities don’t scale linearly with organisational size or prominence, any entity holding rich personal or professional data must invest in disciplined data lifecycle management, continuous monitoring, and clear accountability to prevent quietly accumulated datasets from becoming public liabilities.

Cyber Spotlight

Turns out ransomware gangs aren’t immune to a downturn either. According to a FinCEN report, ransomware payments pulled in $1.1 billion last year, but this year’s earnings have slumped to a comparatively humble $734 million. Tough times, you hate to see it.

The drop isn’t accidental. Governments are finally swinging the bat: countries like the US and UK have introduced bans on paying ransoms, while law enforcement has gotten much better at disrupting operations, seizing infrastructure, and generally making life uncomfortable for cybercriminals.

Between 2022 and 2024, organisations still paid a jaw dropping $2.1 billion to ransomware gangs. Since 2013, the grand total sits at around $4.5 billion, at which point you start wondering if some nations might quietly factor ransomware groups into their GDP calculations.

The report identified 267 active ransomware gangs.
- Akira claimed the most victims
- BlackCat took home the biggest payday at $395 million
- LockBit followed behind with $252.4 million

Not bad for an industry that insists it’s “on the brink of collapse” every year.

In the latest episode of “Surely This Will Work This Time”, RaidForums v2 has officially launched. The site is being run by a former moderator of the original forum, who promises this reboot is different, really, honestly, pinky swear.

According to the admin, the new forum is a 1:1 replica of the original RaidForums, rebuilt with a focus on:
- Better security
- No IP logging
- Stronger password hashing
- “Much, much more” (always reassuring)

Technically speaking, most modern cybercrime forums, including BreachForums and its many reincarnations, trace their lineage back to RaidForums anyway. The real question isn’t what they’ve built, but how long it lasts. History suggests the countdown timer has already started. We’ll keep watching… popcorn ready.

While cybercriminals were busy rebooting forums, OTF GRIMM has been busy knocking on doors, a lot of them. The Europol-backed task force has made 193 arrests in just six months as part of a major crackdown on Violence-as-a-Service (VAS). Because why intimidate, torture, or threaten someone yourself when you can outsource it like a food delivery?

Launched in April 2025 after a surge in VAS recruitment, OTF GRIMM’s results so far include:
- 63 perpetrators arrested, stopping imminent attacks
- 40 enablers detained
- 84 recruiters arrested
- 6 instigators caught, including five high-value targets

That’s a lot of disrupted plans and a lot of suddenly very quiet messaging apps. One imagines the GRIMM team will be raising a glass this Christmas Eve, preferably somewhere warm, well lit, and without burner phones.

Vulnerability Chat

Google has pushed out a new security update for Chrome after confirming that a zero-day vulnerability is being actively exploited in the wild. Details are scarce for now, but Google has classified the flaw as high severity, which is usually a strong signal that users should update as soon as possible.

Meanwhile, researchers at Nozomi Networks Labs have uncovered seven vulnerabilities in CLICK Plus devices from AutomationDirect. These PLCs show up in a wide range of environments, from factory floors and building automation systems to remote process control setups and even amusement park ride controllers. According to the researchers, the flaws map to several impact categories within the MITRE ATT&CK framework for industrial control systems, highlighting the real-world risks involved.

CISA has also issued a critical alert about an actively exploited zero-day vulnerability in Microsoft Windows. The issue affects the Windows Cloud Files Mini Filter Driver and stems from a use-after-free flaw. If exploited, it allows an authorised attacker to escalate their privileges locally on a compromised system, potentially gaining far more control than intended.

Fortinet is warning customers about a serious vulnerability in its FortiSandbox analysis appliances and has released a critical patch to address it. The flaw is an OS command injection issue, which essentially means the system doesn’t properly validate commands before running them. That kind of weakness can open the door to attackers executing arbitrary commands on the underlying operating system.

Finally, Notepad++ has fixed a severe security issue in its update mechanism. The vulnerability could have allowed attackers to hijack network traffic and deliver malicious executables while posing as legitimate software updates. With the fix now in place, users are strongly encouraged to update to ensure they’re protected.

7 Common Vulnerability and Exposures (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including:
- D-Link; Routers
- Array Networks; ArrayOS AG
- RARLAB; WinRAR
- Microsoft; Windows
- OSGeo; GeoServer
- Sierra Wireless; AirLink ALEOS
- Google; Chromium

See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 1,605 vulnerabilities during the last week, making the 2025 total 45,247. For more information visit https://nvd.nist.gov/vuln/search/

View the latest critical vulnerabilities, exploited vulnerabilities and EU CSIRT coordinated vulnerabilities from the European Union Agency for Cybersecurity (ENISA) "Vulnerability Database" here: https://euvd.enisa.europa.eu/homepage

Information Privacy Headlines

A Kenyan court has stepped in to halt the rollout of a massive $2.5 billion health aid deal signed with the United States just last week, after concerns were raised about data privacy. The interim ruling prevents Kenyan authorities from moving forward with the agreement, at least where it involves the transfer, sharing, or dissemination of medical, epidemiological, or other sensitive personal health data.

Over in the consumer tech space, Ray-Ban Meta smart glasses have delivered their first meaningful revenue boost this year, thanks in large part to their built in AI features. Still, analysts are urging caution. Privacy concerns, combined with a growing number of competitors entering the market, could slow future growth. As Kleanthi Sardeli, a lawyer with European digital rights group NOYB, put it, “AI smart glasses raise significant privacy concerns,” particularly around how people’s personal data is used to train AI models and how transparent companies are with bystanders who may be captured by these devices.

In the Netherlands, regulators are sounding the alarm about the safety and privacy of imported tech products. The Dutch Digital Infrastructure Inspectorate has warned that around 70 percent of the more than one billion packages Dutch consumers order each year from Asian platforms fail to meet technical or privacy standards. The agency oversees everything from Wi-Fi routers and smart home devices to measurement instruments, and says non-compliance is widespread.

Meanwhile in Canada, the privacy commissioner has launched an investigation into the use of facial detection technology on digital billboards near Toronto’s Union Station. The billboards are used for targeted advertising and, according to their owner Cineplex Digital Media, only analyse the age and gender of passersby. The company says no personal data or images are stored and that all processing happens within milliseconds, but regulators are now taking a closer look at whether those assurances are enough.

Smarter Protection Starts with Awareness

Data Breach Exposure Scan, Check Any Domain for Free https://breachaware.com/scan