BreachForums, the serially resurrected cybercrime marketplace, has tripped over itself after a data breach spilled details tied to about 324,000 user accounts. The latest incarnation of the notorious hacking forum was burgled in August 2025, exposing email addresses, usernames, and hashed passwords, according to Have I Been Pwned, which added the incident to its database on January 10. The breach occurred before law enforcement's October 2025 takedown of the BreachForums domain READ MORE...
The Illinois Department of Human Services (IDHS), one of Illinois' largest state agencies, accidentally exposed the personal and health data of nearly 700,000 residents due to incorrect privacy settings. The agency discovered the data breach on September 22 when it found that maps created by the IDHS Division of Family and Community Services for resource allocation decisions were publicly viewable on a mapping website due to misconfigured privacy controls. READ MORE...
Russian state-sponsored group APT28 has been targeting organizations associated with energy research, defense collaboration, and government communication in a new credential-harvesting campaign, Recorded Future reports. Active since at least 2004 and also known as BlueDelta, Fancy Bear, Forest Blizzard, Sednit, and Sofacy, APT28 has been linked to the Russian General Staff Main Intelligence Directorate (GRU). READ MORE...
Deepfake-generating software has been evolving from a toy into a legitimate fraud threat, but evidence suggests that progression is happening more slowly than predicted. World Economic Forum (WEF) researchers reviewed 17 open source (OSS) and commercially available deepfake programs that were available online between July 2024 and April 2025. They evaluated each tool's approach and ability to undermine facial-recognition algorithms. READ MORE...
Nation-state involvement in crypto increased in 2025, signaling a shift in how on-chain crime operates. Research from Chainalysis shows that crypto-related crime has grown more organized over recent years, with illicit groups running large-scale on-chain infrastructure to support cross-border criminal networks, procure services, and launder funds. Wallets identified as being associated with illicit activity received at least $154 billion in cryptocurrency during 2025. READ MORE...
The volume of ransomware attacks on telecommunications companies around the world increased fourfold from 2022 to 2025, according to a report that the threat intelligence firm Cyble published this week. Cyble also identified 444 incidents involving data theft from telecom firms, including 133 listings of stolen databases that could contain sensitive customer data or operational information. READ MORE...
Instagram says it fixed a bug that allowed threat actors to mass-request password reset emails, amid claims that data from more than 17 million Instagram accounts was scraped and leaked online. "We fixed an issue that allowed an external party to request password reset emails for some Instagram users," a Meta spokesperson told BleepingComputer. "We want to reassure everyone there was no breach of our systems and people's Instagram accounts remain secure." READ MORE...