Shiny Hunters Level Up, Crypto Thugs Jailed & Cloudflare Shakes the Internet.

A total of 10 breach events were found and analysed resulting in 380,308 exposed accounts containing a total of 23 different data types of personal datum. The breaches found publicly and freely available included Millicom.com, L’ Assurance Retraite, Conasems (Conselho Nacional de Secretarias Municipais de Saúde), Secretariat of Public Education (SEP) - Mexico and Nemopro. Sign in to view the full library of breach events which includes, where available, reference articles relating to each breach.

Data Breach Impact

This cluster of breaches shows how even a relatively small number of exposed accounts can carry outsized risk when the organisations involved sit close to people’s financial, health, or governmental identities. Incidents linked to Millicom, L’Assurance Retraite, and Mexico’s Secretariat of Public Education (SEP) indicate that sensitive demographic, contact, and administrative data are leaking from sectors where trust is essential and the information is difficult, if not impossible, to replace. The involvement of Conasems suggests that public health related data may have been caught up in the exposure, which increases the risk of targeted scams exploiting civic or medical services. Even with “only” 380,308 accounts exposed, the presence of 23 distinct data types means individuals face a heightened likelihood of social-engineering attempts, bureaucratic impersonation, and scams tailored to government or healthcare interactions.

For the organisations tied to these leaks, the implications centre on credibility, regulatory compliance, and operational resilience. Government and quasi-government entities, in particular, operate under strict expectations for stewardship of citizen data, and any hint of mishandling can erode public trust and invite regulatory scrutiny. Companies like Millicom.com and platforms such as Nemopro may also experience business impact if users perceive systemic weaknesses in their security posture. Collectively, these breaches highlight a growing pressure on public institutions and large service operators to modernise their data governance, strengthen access controls, and continuously monitor for downstream exposure. In environments where the relationship with citizens or customers is built on obligation rather than choice, maintaining confidence in data protection becomes as critical as delivering the service itself.

Cyber Spotlight

The notorious Shiny Hunters have expanded their criminal portfolio by launching a new Ransomware-as-a-Service (RaaS) operation dubbed ShinySp1d3r. Samples of the malware have already appeared on VirusTotal, and analysts note something unusual: Shiny Hunters appear to have built the ransomware from scratch, rather than repurposing leaked LockBit code like so many other groups have recently.

When a machine becomes infected, victims are greeted with the following message “Your files are currently inaccessible, sourced under an active encryption protocol. ShinySp1d3r ransomware is responsible for this data security event. To proceed with data recovery, locate and open the instruction file.”

The group also claims their malware won’t infect healthcare targets, specifically listing hospitals, insurance companies, and pharmaceutical firms. This suggests the malware may include keyword-based exclusions during targeting, a modern spin on the old “we don't attack hospitals” PR stance many ransomware groups pretended to follow during COVID.

Still, ethics from ransomware operators are worth about as much as their promises.

Three men in the UK have been sentenced at Sheffield Crown Court after a brutal crypto motivated home invasion in June 2024. Armed with machetes, the men stormed a property and forced the victim to empty his hardware wallet, a haul totalling £3.4 million.

One of the attackers was eventually identified thanks to evidence uncovered during an independent investigation and later handed to police. Thanks to that work, the Metropolitan Police have so far recovered half of the stolen funds.

It finally happened: a Pakistani newspaper accidentally published the tail end of an LLM prompt in its print edition. The published text included artefacts such as “If you want, I can also create an even snappier ‘front-page-style’ …”

It’s unclear how it slipped through editorial review, possibly deadline pressure, but it shows how normalised AI assisted writing has become, and how easily digital artefacts can end up in physical media.

Cloudflare’s recent large-scale outage caused a cascade of service disruptions across the internet, a reminder of how centralised and fragile the modern web has become. Around 20% of all websites rely on Cloudflare services, including several prominent clearnet cybercrime forums. Even they weren’t immune, with some temporarily knocked offline despite their security focused branding.

The silver lining? The outage wasn’t caused by an attack, just an internal issue.

But that raises the uncomfortable question: If an accidental misconfiguration can cause this level of global disruption, how bad would things get if a threat actor ever managed to compromise Cloudflare itself?

Vulnerability Chat

Security researchers have uncovered a major privacy weakness in WhatsApp that exposes the phone numbers of more than 3 billion users. The issue, discovered by the University of Vienna and SBA Research, stems from WhatsApp’s contact discovery mechanism, which asks users for permission to match numbers in their address book against the app’s central database. Researchers found this design allows large scale enumeration of user phone numbers worldwide.

The Southwest Research Institute has identified a vulnerability in a standard protocol used for communication between electric vehicles and charging stations. By analysing security gaps in the SLAC process, SwRI researchers developed a machine-in-the-middle attack capable of compromising the communication link. After validating the attack in simulation, they successfully reproduced it against real EVs and charging hardware, demonstrating practical exploitation risks for EV charging infrastructure.

CISA has issued an alert that a critical vulnerability in Oracle Identity Manager is now being actively exploited. The flaw enables remote, unauthenticated attackers to execute arbitrary code, posing an immediate threat to organisations relying on the platform for identity and access management.

NVIDIA has shipped fixes for two critical code injection vulnerabilities in its Isaac-GR00T robotics platform. If left unpatched, the flaws could enable an attacker with local system access to run malicious code, escalate privileges, or manipulate sensitive robotics data—potentially jeopardising entire robotic systems and supporting infrastructure.

A critical security flaw has also been disclosed in Emerson Appleton’s UPSMON-PRO software, which manages uninterruptible power supplies. Attackers can exploit the issue by sending a specially crafted UDP packet to the software’s default port (2601), triggering a buffer overflow that overwrites memory. If UPSMONProService messages are not properly validated, this can allow unauthenticated remote code execution with SYSTEM-level privileges.

New research from CrowdStrike has revealed a striking behaviour in DeepSeek-R1’s coding performance. When evaluating system prompts with politically neutral modifiers, the model produced vulnerable code in only 19% of cases. But when references to topics considered sensitive by the CCP, such as Tibet, Falun Gong, or Uyghurs, were added, the vulnerability rate increased dramatically. Code labeled as “based in Tibet,” for instance, contained vulnerabilities 27.2% of the time, representing nearly a 50% jump over baseline.

3 Common Vulnerability and Exposures (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including:
- Fortinet; FortiWeb
- Google; Chromium V8
- Oracle; Fusion Middleware

See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 755 vulnerabilities during the last week, making the 2025 total 42,277. For more information visit https://nvd.nist.gov/vuln/search/

View the latest critical vulnerabilities, exploited vulnerabilities and EU CSIRT coordinated vulnerabilities from the European Union Agency for Cybersecurity (ENISA) "Vulnerability Database" here: https://euvd.enisa.europa.eu/homepage

Information Privacy Headlines

Campaigners in the UK are pushing back against a drone survey project that began on 17 November, calling it an invasion of privacy and saying it feels like “spying.” The drones are being used to survey the planned 114-mile (183km) route for new electricity pylons. The National Grid argues the operation is non-intrusive and actually reduces disruption for local residents. According to Rowley Cory-Wright, head of flight operations at StirlingX, the drones can cover the entire route in six days instead of the months it would take on foot. “We’re here to look at the potential construction corridor, not people’s properties,” he said, adding that the drones fly too high to identify anyone personally.

Spain’s parliament is set to investigate Meta for potential privacy violations involving Facebook and Instagram users, Prime Minister Pedro Sánchez announced on Wednesday. The probe follows international research that uncovered a hidden mechanism used to track the web activity of Android users. “In Spain, the law is above any algorithm or any large technology platform,” Sánchez said. “And anyone who violates our rights will pay the consequences.”

Malaysia’s plan to ban social media accounts for children aged 16 and under starting next year is facing heavy criticism. Experts warn that unclear rules, privacy issues, and practical enforcement challenges could undermine the policy before it even launches. The proposal comes after a series of troubling incidents, including bullying videos circulating online, teens sharing explicit clips, and scam attempts targeting minors. Teachers have also reported students accessing violent or self-harm content during school hours.

Smarter Protection Starts with Awareness
Data Breach Exposure Scan, Check Any Domain for Free https://breachaware.com/scan