A total of 26 breaches were found and analysed resulting in 10,232,404 leaked accounts containing a total of 34 different data types. The breaches found publicly and freely available included Chinese Software Developer Network (CSDN), Club Penguin Rewritten, Doxbin Paste, Stealer Log 0505 and bombuj. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

A prominent Chinese company specialising in networking infrastructure for enterprise clients—ranging from governments and universities to critical facilities like airports—has found itself in the spotlight. This comes after Team82, a group of security researchers, published a compelling article uncovering ten vulnerabilities in the company’s products, including one enabling remote code execution (RCE). What stood out most was the focus on cloud-connected routers used in airports, which are operated remotely. Typically, public Wi-Fi networks bring concerns of local threats, such as man-in-the-middle (MITM) attacks, where bad actors can eavesdrop, perform packet sniffing, or inject malicious code. While such risks might feel distant as you sip coffee in a quaint Spanish café, this new revelation is much more alarming.

The researchers, after purchasing one of these routers, uncovered that its password is derived by reversing the device’s serial number and hashing it using SHA-256. Alarmingly, the routers broadcast their serial numbers, which can be easily intercepted using sniffing tools. Exploiting another vulnerability, the researchers demonstrated the ability to execute arbitrary code on the devices. This means bad actors can bypass NAT or firewall protections remotely and gain control of any router supplied by the company, provided they know its serial number—which, remember, is broadcasted. Previously, concerns about public networks revolved around local attackers, but this new avenue opens the door to remote exploitation. The prospect of an attacker sitting on a public network’s access point with the ability to remotely execute code is, frankly, chilling.

In other news, drama is brewing around Session, the end-to-end encrypted (E2EE) messaging app. Within the piracy-conscious community, claims about Session’s security architecture have sparked heated debates. A security researcher recently published a blog post outlining alleged vulnerabilities, prompting a swift response from the company in the form of a counter-article defending its practices. This back-and-forth has stirred anxiety among users about the app’s ability to protect their anonymity. While opinions remain divided—with some claiming Session "glows" (a term implying CIA involvement) and others rallying to its defence — we’ll keep you updated as the dust settles.

VULNERABILITY CHAT

Severe vulnerabilities have been uncovered in several Git-related projects, including GitHub Desktop, Git Credential Manager, Git LFS, and GitHub Codespaces. The flaws stem from improper handling of text-based protocols, potentially allowing attackers to leak user credentials.

A critical flaw in Meta’s Llama Stack, an open-source tool for building generative AI (GenAI) applications, has been identified. The vulnerability arises from unsafe deserialisation of Python objects via the `pickle` module, enabling remote attackers to execute arbitrary code on compromised servers.

AMD has confirmed a microcode-related security vulnerability in some of its microprocessors. The flaw was inadvertently exposed when a fix appeared in a beta BIOS update from PC maker Asus earlier this month.

Users of the search platform Apache Solr, especially those running instances on Windows systems, are on high alert due to a newly disclosed vulnerability. The issue, found in the `configset` upload API, stems from improper input validation in ZIP archive uploads.

SonicWall has disclosed a **critical pre-authentication remote code execution vulnerability** in the Secure Mobile Access (SMA) 1000 series administrative tools. The flaw, affecting the Appliance Management Console (AMC) and Central Management Console (CMC), is actively being exploited.

A significant vulnerability has been identified in Elastic’s Fleet Server, affecting versions 8.13.0 through 8.15.0. This issue logs sensitive data at the INFO and ERROR levels, potentially exposing confidential information depending on the enabled integrations.

Security researchers at Kaspersky uncovered 13 vulnerabilities in the first-generation Mercedes-Benz User Experience (MBUX) infotainment system. Some of these could be exploited to launch denial-of-service (DoS) attacks, escalate privileges, or steal user data.

A group of academics has disclosed over 100 vulnerabilities in LTE and 5G implementations, detailed in their study titled "RANsacked: A Domain-Informed Approach for Fuzzing LTE and 5G RAN-Core Interfaces." These flaws could potentially be exploited to disrupt or manipulate next-generation communication networks.

Security researchers Sam Curry and Shubham Shah revealed a method to hack and track millions of Subaru vehicles equipped with the Starlink digital platform. Exploiting vulnerabilities in a staff-focused Subaru website, attackers could hijack employee accounts, reassign control of vehicles, and access real-time vehicle location data, including details on engine starts.

2 Common Vulnerability and Exposure (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including JQuery (JQuery). See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 885 vulnerabilities last week, making the 2025 total 3,593. For more information visit https://nvd.nist.gov/vuln/search/

INFORMATION PRIVACY HEADLINES

Privacy campaigners have raised alarms over a new app designed to store UK citizens’ driving licenses, passports, and benefits documents. Critics, including James Baker from the Open Rights Group, fear it could pave the way for a mandatory ID scheme. Baker warns, “Do you end up in a world where it’s meant to be voluntary but becomes so widely accepted that you can’t live without it? The concern is it may evolve into a national identity database, tracking every interaction and posing significant privacy risks.”

Privacy group NOYB (None of Your Business) has expressed concerns about a rollback under former US President Donald Trump, threatening the legality of thousands of companies’ transatlantic data flows. NOYB founder Max Schrems noted, “There were long discussions about the functionality and independence of these oversight mechanisms. Unfortunately, they may not withstand scrutiny, even in the early days of a Trump administration.”

China’s DeepSeek AI model marks a groundbreaking advancement in the country’s AI capabilities, but its potential misuse is raising red flags. The model’s real-time processing of massive datasets positions it as a powerful tool for identifying system vulnerabilities, amplifying concerns about its implications for cyberattacks and data privacy.

Egypt has authorised indefinite surveillance of its citizens’ private communications. An amendment to Article 79 of the Criminal Procedures Code, passed by the country’s lower house of parliament, grants prosecutors the power to monitor written, audio, and audiovisual correspondence across the nation.

A survey by the tech governance and digital trust association ISACA reveals troubling trends in European data privacy initiatives. Over 40% of privacy professionals believe their organisations are underfunding data privacy efforts, and 54% anticipate even less funding in 2025, raising concerns about the region’s ability to address growing privacy challenges effectively.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan