'%3e%3cg id='Final-Copy-2_2_' transform='translate(1275.000000, 200.000000)'%3e%3cpath class='st0' d='M7.4,12.8h6.8l3.1-11.6H7.4C4.2,1.2,1.6,3.8,1.6,7S4.2,12.8,7.4,12.8z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg id='final---dec.11-2020'%3e%3cg id='_x30_208-our-toggle' transform='translate(-1275.000000, -200.000000)'%3e%3cg id='Final-Copy-2' transform='translate(1275.000000, 200.000000)'%3e%3cpath class='st1' d='M22.6,0H7.4c-3.9,0-7,3.1-7,7s3.1,7,7,7h15.2c3.9,0,7-3.1,7-7S26.4,0,22.6,0z M1.6,7c0-3.2,2.6-5.8,5.8-5.8 h9.9l-3.1,11.6H7.4C4.2,12.8,1.6,10.2,1.6,7z'/%3e%3cpath id='x' class='st2' d='M24.6,4c0.2,0.2,0.2,0.6,0,0.8l0,0L22.5,7l2.2,2.2c0.2,0.2,0.2,0.6,0,0.8c-0.2,0.2-0.6,0.2-0.8,0 l0,0l-2.2-2.2L19.5,10c-0.2,0.2-0.6,0.2-0.8,0c-0.2-0.2-0.2-0.6,0-0.8l0,0L20.8,7l-2.2-2.2c-0.2-0.2-0.2-0.6,0-0.8 c0.2-0.2,0.6-0.2,0.8,0l0,0l2.2,2.2L23.8,4C24,3.8,24.4,3.8,24.6,4z'/%3e%3cpath id='y' class='st3' d='M12.7,4.1c0.2,0.2,0.3,0.6,0.1,0.8l0,0L8.6,9.8C8.5,9.9,8.4,10,8.3,10c-0.2,0.1-0.5,0.1-0.7-0.1l0,0 L5.4,7.7c-0.2-0.2-0.2-0.6,0-0.8c0.2-0.2,0.6-0.2,0.8,0l0,0L8,8.6l3.8-4.5C12,3.9,12.4,3.9,12.7,4.1z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
VPN Cracks, Dark Web Upgrades & Meta’s Make or Break Trial.
14 April 2025A total of 28 breaches were found and analysed resulting in 27,088,911 leaked accounts containing a total of 29 different data types. The breaches found publicly and freely available included ULP Alien TxT File - Episode 9, ULP 0013, Breach.VIP, Boulanger and V-Tight Gel. Sign in to view the full
BreachAware
Breach Index which includes, where available, reference articles relating to
each breach.
SPOTLIGHT
Those clever souls saving a fortune on YouTube Premium by spoofing their location via VPN, your luck might be running out. YouTube has finally clocked on to the growing crowd pretending to live in Argentina (where Premium costs just 62p a month) or Ukraine (£1.82), all while enjoying content from their actual, far more expensive locations.
For comparison:
- UK: £11.99/month
- Switzerland: £15.52/month (ouch)
- Argentina: £0.62/month (bargain of the century)
This price difference is based on purchasing power parity, but YouTube seems less amused by the global game of digital musical chairs. Accounts using VPNs to exploit regional pricing are now being suspended or warned, with an ultimatum to disable VPN access or lose their Premium perks altogether.
This isn't happening in a vacuum. The tech world is shifting toward maximising revenue by region, and YouTube isn’t alone. Even Nintendo is charging users $20/year extra just to use a button on their new controllers. Welcome to the monetisation arms race.
While law enforcement plays catch-up, Breach Forums has hit the gas. Despite several run-ins with Europol and the FBI last year, the infamous English-speaking dark web forum is not only still up, it's thriving.
Their latest move?
A brand-new automated escrow system. That’s right, threat actors can now buy and sell stolen data without ever interacting with forum staff.
This brings two major perks for criminals:
1. Reduced risk of extra charges if arrested (admins can now claim they weren’t involved).
2. Built-in dispute resolution, because even cybercriminals hate poor customer service.
The forums continue to evolve into a decentralised cybercrime marketplace, tightening operations just as law enforcement tries to loosen their grip. It’s like watching Amazon grow, just significantly more illegal.
The Federal Trade Commission vs. Meta antitrust trial kicks off Monday, April 14, and it could be a game-changer. The FTC is gunning for a forced break-up of Meta, potentially splitting off WhatsApp and Instagram from Facebook’s core empire.
Meta’s had a good run, with a $1 trillion market cap driven mostly by its advertising machine, but this case could take a sledgehammer to that. It’s the third major antitrust case in recent years targeting big tech monopolies in the U.S., and it's one that’s been a long time coming.
In response? Zuckerberg’s been getting cozy with Trump’s camp, no coincidence, given how much influence the next administration could have over the tech sector. Meta is fighting tooth and nail to avoid the split, but if the FTC gets its way, it could redraw the entire map of social media power.
The antitrust laws at play were designed to break up monopolies. Meta fits the bill almost too perfectly.
VULNERABILITY CHAT
A new security vulnerability has been identified in certain versions of Google Chrome. Hackers can exploit this issue to execute arbitrary code and cause the system to crash, reported the Indian Computer Emergency Response Team (CERT-In). Google has acknowledged the issue and has rolled out the update to affected versions whilst offering a $4000 (approximately ₹3,44,386) reward to Sven Dysthe for detecting the vulnerability.
Meta has warned, and subsequently patched, a vulnerability in the Microsoft Windows version of its WhatsApp messaging platform that could leave users at risk of falling victim to a variety of cyber attacks, up to and including ransomware incidents.
Researchers have discovered that suspected state-backed hackers could exploit a vulnerability in software from Slovakia-based cybersecurity firm ESET to secretly infect targeted devices with malicious code. It allows attackers to plant a malicious dynamic-link library (DLL) and execute it through the ESET antivirus scanner, according to a report by Kaspersky. The campaign has been attributed to a hacker group known as ToddyCat.
Microsoft's Threat Intelligence Center (MSTIC) and Security Response Center (MSRC) have discovered post-compromise exploitation of a zero-day elevation of privilege vulnerability in the Windows Common Log File System (CLFS). Targets include organisations in the information technology and real estate sectors in the United States, the financial sector in Venezuela, a Spanish software company, and the retail sector in Saudi Arabia. Microsoft is attributing the exploitation activity to Storm-2460, which also used PipeMagic to deploy ransomware.
Federal cybersecurity officials as well as incident responders at cyber companies say hackers are exploiting a vulnerability within the popular file transfer tool CrushFTP. Defenders have warned that hackers are now actively exploiting the bug, and recently, the Kill ransomware gang claimed it had obtained significant volumes of sensitive data and will begin extorting victims immediately.
AMD has confirmed a flaw within its signature verification for microcode updates in Zen 1 to Zen 5 CPUs. This security flaw, dubbed EntrySign, enables attackers to gain kernel-level access. AMD has rolled out a fix for the vulnerability to motherboard vendors via the ComboAM5PI 1.2.0.3c AGESA update.
Wordfence has received a report about a flaw in the Ottokit (formerly SureTriggers) plugin from security researcher 'mikemyers', who earned a bounty of $1,024 for the discovery. However, hackers have already started exploiting the flaw, which allows bypassing authentication. Researchers at WordPress security platform Patchstack are warning that the first exploitation attempts in the wild were logged only a few hours after the disclosure of the flaw.
4 Common Vulnerability and Exposure (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including:
- CrushFTP; CrushFTP
- Microsoft; Windows
- Gladinet; CentreStack
- Linux; Kernel
See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 932 vulnerabilities during the last week, making the 2025 total 13,996. For more information visit https://nvd.nist.gov/vuln/search/
INFORMATION PRIVACY HEADLINES
Microsoft has begun rolling out the Copilot+ Recall feature, currently available in preview mode for select users with Microsoft's AI-powered PCs and laptops. While the tech giant has confirmed a global rollout is on the horizon, users in the European Union will need to wait until later in 2025. Privacy campaigner Dr. Kris Shrishak told the BBC that although the opt-in mechanism is “an improvement,” there are still concerns about potential misuse.
Robin Wilton, senior director for internet trust at the Internet Society, expressed confusion over the UK government’s approach with Apple regarding access to user data. This follows a legal development last week where the Home Office lost its bid to keep Apple's legal action against the government under wraps.
The Irish Data Protection Commission (DPC) has launched an investigation into the artificial intelligence models developed by xAI, commonly known as Grok. The inquiry will scrutinise whether personal data was lawfully processed in training the Grok AI model.
Veronika Cifrová Ostrihoňová has submitted a formal question to the European Union’s executive body responsible for tech regulation and law enforcement, seeking clarification on whether WhatsApp's AI assistant complies with EU standards. Despite recent backlash over the inability to disable the tool, Joshua Breckman, WhatsApp’s International Communications Director, stated that the majority of user feedback has been positive.
Ethereum co-founder Vitalik Buterin has laid out a refined roadmap aimed at boosting Layer-1 privacy across the blockchain. His proposal homes in on four key areas: making on-chain payments private, partially concealing user actions within decentralised applications, hiding read-access data from the blockchain, and anonymising communications at the network level.
Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan
Data Categories Discovered
Contact, Digital Behaviour, Geolocation, Communication Logs, Sociodemographic, Technology, Career, Academic, Unstructured, Finance, National Identifiers, Commerce.
