'%3e%3cg id='Final-Copy-2_2_' transform='translate(1275.000000, 200.000000)'%3e%3cpath class='st0' d='M7.4,12.8h6.8l3.1-11.6H7.4C4.2,1.2,1.6,3.8,1.6,7S4.2,12.8,7.4,12.8z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg id='final---dec.11-2020'%3e%3cg id='_x30_208-our-toggle' transform='translate(-1275.000000, -200.000000)'%3e%3cg id='Final-Copy-2' transform='translate(1275.000000, 200.000000)'%3e%3cpath class='st1' d='M22.6,0H7.4c-3.9,0-7,3.1-7,7s3.1,7,7,7h15.2c3.9,0,7-3.1,7-7S26.4,0,22.6,0z M1.6,7c0-3.2,2.6-5.8,5.8-5.8 h9.9l-3.1,11.6H7.4C4.2,12.8,1.6,10.2,1.6,7z'/%3e%3cpath id='x' class='st2' d='M24.6,4c0.2,0.2,0.2,0.6,0,0.8l0,0L22.5,7l2.2,2.2c0.2,0.2,0.2,0.6,0,0.8c-0.2,0.2-0.6,0.2-0.8,0 l0,0l-2.2-2.2L19.5,10c-0.2,0.2-0.6,0.2-0.8,0c-0.2-0.2-0.2-0.6,0-0.8l0,0L20.8,7l-2.2-2.2c-0.2-0.2-0.2-0.6,0-0.8 c0.2-0.2,0.6-0.2,0.8,0l0,0l2.2,2.2L23.8,4C24,3.8,24.4,3.8,24.6,4z'/%3e%3cpath id='y' class='st3' d='M12.7,4.1c0.2,0.2,0.3,0.6,0.1,0.8l0,0L8.6,9.8C8.5,9.9,8.4,10,8.3,10c-0.2,0.1-0.5,0.1-0.7-0.1l0,0 L5.4,7.7c-0.2-0.2-0.2-0.6,0-0.8c0.2-0.2,0.6-0.2,0.8,0l0,0L8,8.6l3.8-4.5C12,3.9,12.4,3.9,12.7,4.1z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
Russian forums seized, BreachForums implodes & Microsoft blames China.
28 July 2025BREACHAWARE HQ
A total of 23 breach events were found and analysed resulting in 28,161,553 exposed accounts containing a total of 28 different data types of personal datum. The breaches found publicly and freely available included Free, ULP Alien TxT File - Episode 19, Santa Lucia, Stealer Log 0537 and Stealer Log 0536. Sign in to view the full
library of breach events which includes, where available, reference articles relating to
each breach.
Categories of Personal Data Discovered
Contact, Digital Behaviour, Sociodemographic, Relationships, Commerce, Finance, Academic, Career, Geolocation, Health and Environment, Technology, Unstructured.
Data Breach Impact
Adversaries could rebuild user identities across platforms, enabling deep impersonation, synthetic identity creation, and bypassing KYC verification. This diversity amplifies exposure for both individuals and enterprises, especially when combined with data from previous breaches.Whereas, impacted entities could face regulatory investigations, customer attrition, and operational disruption, especially in markets sensitive to data protection compliance. The inclusion of “Free,” a major telecom provider, indicates telecommunications infrastructure remains an attractive target, with downstream risks for large-scale account takeover and SIM-swap fraud.
Cyber Spotlight
So, the cybercrime rumour mill is in full swing, and this time it’s about one of the longest-running Russian-speaking hacking forums. This place has been around since 2013, quietly doing its thing, until last week when, bam! Its cleanet site suddenly displayed a domain seizure banner. And not just from one group, but a whole alphabet soup of agencies: France’s Junalco (the economic and financial crime squad), BL2C (Paris’s cybercrime brigade), Ukraine’s SBU cyber department, and Europol for good measure. Basically, the Avengers of cybercrime enforcement showed up.Now, this isn’t just any shady corner of the internet, this forum is the hangout for Russian-speaking cybercriminals. Think less “script kiddies” and more “grizzled veterans of the digital underworld.” From what’s been pieced together, a monitor in Ukraine was nabbed, the cleanet site got seized, then mysteriously came back online, only to go down again a few hours later, redirecting visitors to Google. A new onion address is now floating around, which, for the moment, is still up and running.
Oh, and there’s a screenshot going around of a chat between two Russian threat actors. The highlight?
“Everybody is arrested.”
“Mods, admin…”
“…hosting admin, hosting ISP provider.”
Translation: someone in Kyiv, likely the moderator with access to their self-hosted Jabber server and domain, got scooped up by law enforcement. Which explains the seizure banner. Bottom line? The forum’s still limping along on the dark web, but someone in Ukraine is probably regretting all their life choices right about now.
Speaking of cybercriminal drama, over in the BreachForums camp, it’s basically a soap opera. Staff members say the community is in full meltdown mode. A new forum, allegedly run by some ex-BreachForums staff, announced via Telegram that the admin team had changed, but “everything’s fine, don’t panic.” Spoiler alert: 24 hours later, they admitted the previous admin was “definitely arrested,” all infrastructure logins were changed, and one of their moderators had gone completely MIA. New admins then posted, “Something’s happened… something’s definitely going on,” which is about as reassuring as a pilot announcing, “We’ve lost an engine, but don’t worry.”
The forum even went down for “maintenance,” popped back up, and was briefly listed for sale, like a cursed house everyone’s too scared to live in. Moral of the story? The BreachForums revival crew might have been a little too confident in their OPSEC, and law enforcement was already waiting for them with open arms.
Meanwhile, Microsoft has its own headache: they’re pointing fingers at Chinese state-backed groups, Linen Typhoon and Violet Typhoon, for exploiting SharePoint vulnerabilities. The suspicion? A data leak from Microsoft’s own Active Protections Program (MAPP) might have given these groups an early peek at unpatched flaws. To make matters worse, the U.S. National Nuclear Security Administration (NNSA) was among the victims. Officials insist no classified nuclear secrets were leaked, which is comforting… sort of.
Vulnerability Chat
Amazon Web Services has revealed a security flaw in its Client VPN software for Windows that could let attackers escalate privileges and run malicious code with full administrative rights. The issue has been fixed in AWS Client VPN Client version 5.2.2, which is now available for download.In a separate discovery, Eye Security uncovered a vulnerability in Microsoft Copilot Enterprise that allowed unauthorised users to gain root access to its backend container. The problem traces back to an April 2025 update introducing a live Python sandbox powered by Jupyter Notebook, intended to let code run more smoothly but inadvertently opening the door to potential abuse.
Meanwhile, Cisco Talos’ Vulnerability Discovery & Research team disclosed five critical flaws in Bloomberg’s Comdb2 open-source database. These vulnerabilities could let attackers trigger denial-of-service attacks simply by sending specially crafted network packets. Bloomberg has already patched all five issues, following Cisco’s third-party vulnerability disclosure guidelines.
6 Common Vulnerability and Exposures (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including:
- SysAid; SysAid On-Prem
- Google; Chromium
- CrushFTP; CrushFTP
- Microsoft; SharePoint
See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 830 vulnerabilities during the last week, making the 2025 total 26,967. For more information visit https://nvd.nist.gov/vuln/search/
View the latest critical vulnerabilities, exploited vulnerabilities and EU CSIRT coordinated vulnerabilities from the European Union Agency for Cybersecurity (ENISA) "Vulnerability Database" here: https://euvd.enisa.europa.eu/homepage
Information Privacy Headlines
Researchers at the University of Texas at Austin have introduced a wearable e-tattoo that can wirelessly track brain activity, giving real-time insights into cognitive load and even predicting mental fatigue before it sets in. But the idea of continuous brain monitoring is already stirring ethical debates, especially in the workplace. Dr. Nanshu Lu, who led the research, admitted, “We have not addressed data privacy in the current work, but I agree it is important.”Some U.S. states are already acting to safeguard this kind of data. Colorado, California, and Montana now require protection of brain data gathered by non-medical devices. Yet a report from the Neurorights Foundation paints a worrying picture: of 30 neurotech companies selling products online, 29 have access to users’ brain data, and almost none place meaningful limits on how that information can be used or shared with third parties.
Chile took an early lead on this front, becoming the first country in 2021 to adopt a constitutional amendment enshrining “neurorights,” ensuring human rights guide the use of neurotechnology and neural data. UNESCO has also warned that, together, neurotechnology and AI could threaten core aspects of human identity and autonomy.
In other privacy news, Uganda’s Personal Data Protection Office (PDPO) has secured its first-ever criminal conviction under the Data Protection and Privacy Act of 2019. Ronald Mugulusi, director of the digital lending company Nano Loans Microfinance and operator of the Quickloan app, was convicted of failing to register his company and unlawfully processing individuals’ data without consent or a legal basis.
Meanwhile, the UK has rolled out one of the world’s strictest age-verification laws for online pornography in an effort to protect minors. The move, however, has triggered a backlash, with VPN searches in the UK surging by more than 700% and privacy advocates voicing strong concerns about digital freedom and data security.
Smarter Protection Starts with Awareness
Data Breach Scan, Check Any Domain for Free https://breachaware.com/scan
