Trickbot Kingpin Doxxed, Google Outage, BreachForums Sold.

A total of 24 breach events were found and analysed resulting in 5,426,979 exposed accounts containing a total of 34 different data types of personal datum. The breaches found publicly and freely available included Darty, Stealer Log 0533, Shadow, Stealer Log 0532 and EloBuddy. Sign in to view the full library of breach events which includes, where available, reference articles relating to each breach.

Data Breach Analysis

Several incidents, like Stealer Log 0532 and Stealer Log 0533, are classic infostealer collections. These logs typically include stolen login credentials, session cookies, browser-saved passwords, and sometimes payment or crypto wallet info. Once leaked or sold, they’re quickly repurposed for account takeovers, fraud, or ransomware attacks.

Darty, a popular French retailer known for electronics and home appliances, appears among the breached entities. A compromise here could expose customer account details, purchase histories, and support interactions, potentially enabling scams disguised as legitimate customer service outreach.

Shadow is recognised for providing high-performance cloud PC services. A breach involving Shadow accounts could put user credentials, device access tokens, or billing details at risk, a tempting target for attackers seeking remote entry points.

EloBuddy serves the online gaming community, offering tools and scripts for games like League of Legends. Breaches in gaming-focused services often lead to theft of gaming accounts, virtual assets, or misuse of payment data tied to subscriptions.

For individuals and companies, this broad exposure increases the risk of fraud, phishing, and unauthorised account access if credentials are reused or multi-factor protections are absent.

Spotlight

A new Telegram channel is turning the underworld upside down by naming and shaming notorious cyber criminals, not just low-level operators, but alleged kingpins behind gangs like Conti, Black Basta, and Trickbot.

One of their first big reveals? The supposed mastermind behind Trickbot, a banking trojan turned infostealer that’s been plaguing banks and individuals for years. This doxx wasn’t half-baked either, it included:
- A driver’s license
- Passport number
- Shell company connections
- Multiple personal photos

It didn’t stop there: the US has had a $10 million bounty on Conti operators for a while. Two weeks after the doxx dropped, German police issued a red notice via Europol, suggesting the leak helped connect some serious dots.

For criminals who’ve been able to hide behind keyboards for a decade, this channel is a brutal reality check: betrayal and exposure now come from insiders, not just law enforcement.

On June 12th, huge chunks of the internet went dark for a few hours, Spotify, Twitch, Google Cloud, and more, all thanks to a flawed Google update.

The incident report shows the timeline:
- May 25th: Google quietly rolled out a new feature to Service Control, the system that checks policies for API endpoints.
- Unfortunately, the feature bypassed some guardrails and failed to handle errors properly.
- On June 12th, an innocuous policy update triggered the bug, breaking service controls globally.

In plain English? A small code tweak messed up the entire permission system, knocking out countless services that rely on Google Cloud.

Luckily, Google engineers rolled back the change quickly, and everything was back within hours. Still, it’s a sobering reminder that even tech giants can break the internet with one misconfigured feature flag.

The zombie forum BreachForums has died, again, but not without squeezing out a last bit of cash.

After reappearing online for just three days, the admin, Shiny Hunters, quietly listed the forum for sale at $2,500. It didn’t take long: the site went dark, hinting at a quick sale.

In a final twist, Shiny Hunters also sold the login credentials to their Telegram channel, which was snapped up by a rival dark web forum. This means the competitor now has a direct line to thousands of BreachForums’ users, a cunning move in the endless cat-and-mouse of the cybercrime scene.

With BreachForums gone (again), the community has scattered, migrating to whichever shady corner of the dark web feels safe... for now.

Vulnerability Chat

Security researcher Yohann Sillam has found a flaw in Apache Traffic Server that could let remote attackers crash servers by draining memory. The problem is buried in how the ESI plugin handles nested content, there aren’t enough controls to stop someone from stacking up requests in a way that eats up all the system’s resources.

IBM’s QRadar SIEM has also landed in the spotlight for the wrong reasons. Multiple high-severity bugs could let attackers run arbitrary commands or peek at sensitive data. The most dangerous of the bunch allows privileged users to upload malicious files and execute them directly on the system. IBM has urged customers to patch up fast.

Meanwhile, security researchers Marcio Almeida and Justin Steven uncovered a vulnerability in the popular Insomnia API Client. The issue comes from how Insomnia uses the Nunjucks templating engine: it processes input that can be manipulated by bad actors, opening the door for exploits if not handled properly.

In the hardware world, a newly disclosed bug in Asus’ Armoury Crate software could give attackers low-level control over Windows systems, but there’s a catch. Hackers need to have already compromised the target machine, usually through malware or phishing, before they can abuse this flaw to get deeper access and take over the operating system.

Mattermost has also alerted its users about serious vulnerabilities that could allow remote code execution via path traversal attacks. They’re urging everyone to keep an eye on their Security Bulletin for quick updates and patch instructions.

NetScaler ADC and Gateway products (previously Citrix ADC and Gateway) have been hit with two new vulnerabilities too, potentially exposing networks to data leaks and security breaches.

In the VPN arena, a buffer overflow has been spotted in OpenVPN’s data channel offload driver for Windows. Local attackers could crash affected Windows systems by sending specially crafted messages, so updating is highly recommended.

Lastly, the Noma Security research team has raised the alarm about “AgentSmith,” a vulnerability in Prompt Hub, a public collection of community-made prompts inside LangSmith. LangSmith is a platform for testing and monitoring LLM (large language model) apps. This bug could open the door to malicious prompt injection or abuse if left unchecked.

3 Common Vulnerability and Exposures (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including:
- TP-Link; Multiple Routers
- Apple; Multiple Products
- Linux; Kernel

See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 1,023 vulnerabilities during the last week, making the 2025 total 22,841. For more information visit https://nvd.nist.gov/vuln/search/

View the latest critical vulnerabilities, exploited vulnerabilities and EU CSIRT coordinated vulnerabilities from the European Union Agency for Cybersecurity (ENISA) "Vulnerability Database" here: https://euvd.enisa.europa.eu/homepage

Information Privacy Headlines

Chris Bayer, an editor at ZDNet, has raised the alarm about the hidden risks of smart TVs’ automatic content recognition (ACR) technology. He warns that if the massive amounts of data these TVs quietly collect fall into the wrong hands, it could lead to serious privacy breaches or even identity theft. According to The Markup, ACR can grab and analyse up to 7,200 images an hour, that’s about two snapshots every second, all while viewers binge their favourite shows, often without realising they’re being tracked.

Speaking at a separate event, Takashi Nakano, VP of content and programming at Samsung TV Plus, highlighted the industry’s growing dilemma: TV operating system owners are under pressure to get better at selling ads, which means collecting more data about viewers’ habits. But that comes with an obvious tension. “Do you want your data sold out there and everyone to know exactly what you’ve been watching? The answer is generally no,” Nakano said. “Yet, advertisers want all of this data. They wanna know exactly what you ate for breakfast.”

In the UK, the new Data (Use & Access) Bill has officially become law, four years after it was first proposed. The government says the reforms modernise data use and sharing, but critics like the Open Rights Group warn that the changes weaken people’s control over their personal data and could even threaten the UK’s data adequacy agreement with the EU, which enables frictionless data transfers.

Meanwhile, the European Commission has published draft guidelines to strengthen online safety for young people under the Digital Services Act. While digital rights groups like the EFF (Electronic Frontier Foundation) support the goal of keeping kids safer online, they’re worried about the growing push for age verification technologies. They argue that these tools often bring more surveillance, bias, and censorship instead of genuine protection.

In the U.S., a federal judge in Texas, Matthew Kacsmaryk, has overturned a rule from the Biden administration that expanded privacy protections for women seeking abortions and for patients receiving gender-affirming care. The ruling is a setback for advocates who say strong privacy protections are critical for people in vulnerable situations.

Smarter Privacy Starts with Awareness
Data Breach Scan, Check Any Domain for Free https://breachaware.com/scan