Smart Beds Crash, Linux Under Siege & BreachForums Rises Again.

A total of 20 breach events were found and analysed resulting in 5,484,019 exposed accounts containing a total of 36 different data types of personal datum. The breaches found publicly and freely available included VX Case, crypto.com, Stealer Log 0545, 1.5 Million Israeli Settlers and Absolut Info Systems. Sign in to view the full library of breach events which includes, where available, reference articles relating to each breach.

Data Breach Impact

This group of breaches reflects a continued pattern of high-value personal data being exposed across both consumer-facing platforms and politically sensitive datasets. Incidents involving crypto.com and stealer-log repositories point to an increased targeting of individuals with digital asset connections, where leaked credentials and authentication data can translate quickly into financial loss. Meanwhile, the exposure of records such as the 1.5 Million Israeli Settlers dataset introduces a geopolitical dimension, where personal information is not just commercially valuable but could be used to fuel surveillance, harassment, or targeted influence campaigns. With 36 distinct data types identified across these leaks, threat actors now have the ability to correlate identity markers, behavioural attributes, and communication patterns, significantly raising the sophistication of follow-on phishing, impersonation, and identity-based fraud.

For the organisations affected, ranging from device accessory brands like VX Case, to digital service providers such as Absolut Info Systems, to major crypto ecosystem stakeholders, the implications are clear: operational security controls are failing at multiple levels, from endpoint compromise to third-party access oversight. These breaches highlight how attackers continue to exploit not only application vulnerabilities but also the human and supply-chain layers where controls are often weakest. Beyond financial costs and regulatory considerations, the reputational impact is likely to be persistent, especially for entities in finance, telecommunications, or sectors tied to national security interests. To prevent recurrence, organisations must strengthen identity governance, enforce zero-trust controls across partner ecosystems, and monitor darknet and stealer-log sources continuously, not reactively, to detect misuse before it escalates.

Cyber Spotlight

Remember the good old days when your TV remote just worked? No firmware update. No “smart companion app.” No terms and conditions longer than the Bible. You switched the thing on and boom, entertainment.

Well, those days are gone, and we are now living in the era where even your furniture wants to talk to the cloud. Case in point: the recent AWS outage in the US-East region didn’t just take down banks, apps, and half the productivity of the East Coast, it also took down smart beds.

Yes. Beds.

Owners of Eight Sleep smart pods found themselves unable to sleep because their beds couldn’t reach the mothership. Some beds locked themselves upright like they were preparing for launch. Others overheated like they were trying to incubate the human lying in them. It was chaos.

These beds constantly collect biometric sleep data, send it to AWS, and then decide how to adjust temperature and posture, which is all very cool until the server goes offline and your bed decides you’re now a baked potato.

Good news though: AWS came back, the beds calmed down, and they’re back to gently harvesting sleep stats like obedient little data sponges. Restored peace… and surveillance.

Since the launch of Windows 11, Microsoft has basically said “You can upgrade… if your PC is a small space shuttle.” The hardware requirements have caused a lot of people to look at their perfectly good computer and go, “Yeah, no. I’m not buying a new one just to open Word.”

As a result, more people have started switching to Linux, a trend that’s been simmering for years. Even governments are in the queue:
- South Korea plans to migrate to Linux by 2026.
- Parts of Germany have already begun shifting tens of thousands of government systems away from Windows.

But every good shift comes with side effects, and in this case, it’s malware authors paying attention. Historically, attackers loved Windows because it was everywhere. Why write malware for 2% of nerds who can recompile a kernel in their sleep? But now? Linux is getting popular. And where the people go, the malware follows.

Recently, Arch Linux had two confirmed malware incidents in official repositories. And we’re seeing more Linux rootkits emerging that hijack crypto transactions by silently swapping wallet addresses. So yes, the Linux revolution is real. But so is the malware backlog it’s dragging along.

And finally, like a horror movie villain who refuses to stay dead, BreachForums is back.
Again. A new group, likely a former moderator, has rebooted the forum and declared this the triumphant return everyone has been waiting for.

Not everyone agrees. A known threat actor responded with something roughly equivalent to “This isn’t the real BreachForums. Stop impersonating the brand.”

The new admin, meanwhile, gave a heartfelt announcement about “reviving the community spirit” and “bringing everyone home,” which is very touching… if you ignore the fact that the last revival lasted less than a month before collapsing in flames and subpoenas.

So place your bets:
- Two weeks?
- Three?
- Does it die before the welcome banner loads?

Either way, popcorn is being prepared.

Vulnerability Chat

Ethical hacker Pliny the Liberator has uncovered a clipboard injection vulnerability in ChatGPT Atlas. The flaw allows an attacker to gain access to a user’s clipboard contents, potentially exposing passwords or other sensitive data. According to Pliny, while Atlas has been trained to detect prompt injection, its built-in “copy clipboard” function sits outside the model’s awareness. As a result, Atlas can be tricked into clicking the clipboard button without recognising the action as malicious.

Meanwhile, multiple security teams, including Brave Security and LayerX Security, have identified serious architectural flaws in Perplexity’s Comet browser. The vulnerabilities make it possible for attackers to steal account credentials and exfiltrate private data by manipulating the browser’s AI assistant through indirect prompt injection.

Atlassian has issued a warning about a path traversal vulnerability affecting Jira Software Data Center and Server. If exploited, an authenticated user could write files to arbitrary locations on the system, putting organisations at risk of service disruption or project data tampering unless they apply the latest patches.

In a separate campaign, China based threat actors have exploited the recently disclosed ToolShell vulnerability, compromising a telecom company in the Middle East as well as two government agencies in Africa. Researchers have also linked the attackers to the UNC5221 group, previously associated with the KrustyLoader malware.

A high severity flaw has also been found in BIND 9 resolvers, one of the core technologies routing global internet traffic. The issue could allow attackers to poison DNS caches, redirecting users to fake or malicious websites without their knowledge.

Finally, researchers have disclosed a zero-day vulnerability in the popular Netty Java networking library, which could enable attackers to inject unauthorised SMTP commands into email transmissions. Because Netty is widely used by organisations including Apple, Meta, and Google, the bug poses a particularly far reaching risk, including the potential to bypass email authentication protections like SPF, DKIM, and DMARC.

8 Common Vulnerability and Exposures (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including:
- Apple; Multiple Products
- Kentico; Xperience CMS
- Microsoft; Windows
- Oracle; E-Business Suite
- Motex; LANSCOPE Endpoint Manager
- Adobe, Commerce and Magento

See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 830 vulnerabilities during the last week, making the 2025 total 38,746. For more information visit https://nvd.nist.gov/vuln/search/

View the latest critical vulnerabilities, exploited vulnerabilities and EU CSIRT coordinated vulnerabilities from the European Union Agency for Cybersecurity (ENISA) "Vulnerability Database" here: https://euvd.enisa.europa.eu/homepage

Information Privacy Headlines

A ResetEra user sparked concern this week after noticing that in game actions were being sent to Microsoft servers, raising fears that private gameplay, even from NDA protected titles, might be feeding AI training. The user claimed Microsoft’s Gaming Copilot feature was taking screenshots in the background and running OCR to analyse text on-screen.

Microsoft responded by clarifying that screenshots are only taken when a player is actively using Gaming Copilot, and that the images are used solely in the moment to help the AI give useful gameplay suggestions, not to train future models.

Meanwhile, Apple has pulled the controversial Tea and TeaOnHer social apps from the App Store over ongoing privacy and content moderation issues. Apple said it repeatedly attempted to work with the developers, but unresolved problems ultimately led to removal.

In the courts, the group of U.S. Google users who won a $425 million privacy verdict last month are now pushing to have Google forfeit another $2.36 billion. They argue that represents profits earned from collecting user data after people had explicitly disabled tracking.

Apple is also warning that it may be forced to withdraw App Tracking Transparency (ATT) in parts of Europe. Some advertisers have complained to regulators, claiming ATT unfairly limits ad targeting. Apple says it will “continue to urge” EU authorities to allow it to keep the privacy protection in place.

And finally, a joint investigation by Infoblox and the UN Office on Drugs and Crime found that a browser called Universe Browser, marketed as a private way to bypass censorship in China, is doing the exact opposite. The app reportedly tracks users’ locations, routes their browsing through servers in China, and even installs keylogging and remote access tools. Investigators note these tactics are consistent with malware used on gambling and fraud platforms.

Smarter Protection Starts with Awareness
Data Breach Exposure Scan, Check Any Domain for Free https://breachaware.com/scan