VXU Threatened, Coinbase Whales Scammed, Google Fined Big, and Fresh Zero Days all Around.

A total of 26 breach events were found and analysed resulting in 28,611,135 exposed accounts containing a total of 30 different data types of personal datum . The breaches found publicly and freely available included ULP Alien TxT File - Episode 13, ULP 0019, Email Panther, ULP 0020 and Stealer Log 0526. Sign in to view the full library of breach events which includes, where available, reference articles relating to each breach.

Spotlight

VX-Underground, the team with arguably the largest malware archive outside of Fort Meade, just got an unexpected death threat. The group, known for archiving and sharing malware samples for research and reverse-engineering, received a poorly composed, geopolitically charged warning from a group identifying as “CyberAvengers”.

The message was posted to VXU’s channel: “Zionist baby killers something something… this is our last warning…”

The VX team noted that the threat actor seems to have no idea who they are or what they do, and it’s likely a case of someone confusing them for something else entirely. Still, it's a weird and slightly alarming reminder that, in the chaos of the internet, even niche malware archivists can find themselves the target of confused geopolitical rage. Nerds in the line of fire, what a timeline.
Google has taken some big hits over the years, but this might be the heaviest domestic punch yet. The State of Texas has fined the company a record-breaking $1.375 billion over two key issues:
1. Biometric Data Theft, Google allegedly collected fingerprints, facial scans, and voiceprints without user consent, all used to turbocharge its advertising algorithms.
2. Persistent Location Tracking, Users who thought they were in “Incognito Mode” or had disabled location tracking were still being followed.

Texas Attorney General Ken Paxton, who previously went after spyware backed apps hiding under driving aids and weather widgets, seems to be making a sport out of curb stomping tech giants. His office implied that Google could face similar charges globally, and they might even offer support to other nations interested in making Google sweat. Maybe the era of “free data” is starting to look a little expensive.

Coinbase is in hot water yet again. A targeted breach hit some of its wealthiest clients, and depending on the source, victims are estimated to have lost between $180 million and $400 million. The attackers didn’t hack Coinbase itself, but ran a highly coordinated social engineering campaign that fooled users into voluntarily transferring their funds, supposedly for “regulatory” reasons.

How’d they pull it off? The gang paid third-party contractors outside the U.S. to obtain internal information about customers. This included government IDs, names, and account details, but not passwords or credentials.

On May 11, Coinbase reportedly received an email from the group, claiming they were in possession of internal documents and customer info. So far, Coinbase hasn’t confirmed the full extent of the damage, but the scale and sophistication suggest this wasn’t your average phishing op, more Ocean’s Eleven, less “Nigerian prince.”

Vulnerability Chat

Intel has disclosed ten new security vulnerabilities impacting a broad spectrum of its GPU drivers and associated software. Nearly every Intel GPU and integrated graphics solution dating back to the 6th generation Core processors is affected by at least one of the flaws. Users are urged to install the latest Intel graphics drivers to mitigate the risks.

Google has issued emergency patches for a high-severity vulnerability in the Chrome browser, which, if exploited, could result in full account compromise. The issue, identified by Solidlab researcher Vsevolod Kokorin, stems from insufficient policy enforcement within Chrome’s Loader component. By crafting malicious HTML pages, remote attackers could exploit the flaw to leak cross-origin data.

Ivanti has rolled out updates for Endpoint Manager Mobile (EPMM) software to fix two security vulnerabilities that have already been exploited in the wild. The flaws, when chained, can allow unauthenticated attackers to execute arbitrary code remotely on vulnerable devices, underscoring the need for immediate patching.

Security researcher Bartosz Reginiak has uncovered a DOM-based cross-site scripting (XSS) vulnerability in VMware Aria Automation. The flaw also impacts VMware Cloud Foundation and VMware Telco Cloud Platform. In response, Broadcom has published a detailed advisory and released patched versions of the affected software to address the issue.

10 Common Vulnerability and Exposures (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including:
- TeleMessage, TM SGNL
- Microsoft, Windows
- Fortinet, Multiple Products
- SAP, NetWeaver
- DrayTek, Vigor Routers
- Google, Chromium
See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 1,139 vulnerabilities during the last week, making the 2025 total 18,681. For more information visit https://nvd.nist.gov/vuln/search/

The European Union Agency for Cybersecurity (ENISA) "Vulnerability Database" has gone live in Beta. The website displays three core tables listing:
1. Critical Vulnerabilities
2. Exploited Vulnerabilities
3. EU CSIRT Coordinated Vulnerabilities.

ENISA are actively seeking collaboration in reporting any inaccurate or incomplete information via their link to "Provide feedback". See https://euvd.enisa.europa.eu/homepage

Information Privacy Headlines

Computer scientists from universities in Germany, Hong Kong, and the United Kingdom have introduced a method for making location data claims verifiable while maintaining privacy. Their concept, Zero-Knowledge Location Privacy (ZKLP), enables the use of location data without compromising personal information, allowing applications to benefit from the data’s accuracy and utility without exposing individuals.

Ascension Health is alerting nearly 440,000 patients to a data breach tied to a former business partner and the exploitation of a third-party software vulnerability. This incident adds to a series of recent breaches experienced by the Missouri-based Catholic hospital chain, many of which also involve third-party systems.

Dior has confirmed a data breach that resulted in the compromise of personal customer information. The French luxury fashion house has contacted those affected, acknowledging the incident and its implications for customer privacy.

A class-action lawsuit has been filed in Illinois against Coinbase by a group of users who allege that the crypto exchange’s identity verification process violates the state’s Biometric Information Privacy Act (BIPA). The suit claims Coinbase failed to inform users in writing about the collection, use, and retention of their biometric data, and did not specify its intended use or storage timeline.

The Brussels Court of Appeal has ruled that the consent framework used by much of the online advertising industry is unlawful under EU privacy law. The court found the Transparency and Consent Framework failed to meet GDPR requirements, particularly in how it obtains and manages user consent. Amnesty International welcomed the decision as a significant win for digital privacy and a strong push toward more ethical advertising models.

Scan Any Domain for Free https://breachaware.com/scan