U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

The Turmoil Following BreachForums Shutdown: Confusion, Risks, and a New Beginning

BreachForums, a major data leak marketplace, shut down on April 15 after a MyBB 0-day exploit allowed law enforcement infiltration. On April 15, BreachForums, one of the top marketplaces for stolen data, abruptly shut down, fueling widespread speculation. Rumors ranged from FBI raids and the arrest of the administrator. In the aftermath, several alternative forums […]

breachforums Free data breach

Source X

BreachForums, a major data leak marketplace, shut down on April 15 after a MyBB 0-day exploit allowed law enforcement infiltration.

On April 15, BreachForums, one of the top marketplaces for stolen data, abruptly shut down, fueling widespread speculation. Rumors ranged from FBI raids and the arrest of the administrator.

In the aftermath, several alternative forums emerged, some demanded entry fees, fueling confusion and raising the risk of scams or government-run honeypots.

BreachForums was an English-language cybercrime forum that emerged in March 2022 as a successor to the dismantled RaidForums. It served as a marketplace for threat actors to buy and sell stolen data, hacking tools, and compromised credentials. The forum was founded by Conor Brian Fitzpatrick, known online as “pompompurin,” who had previously claimed responsibility for the 2021 FBI email hack. ​

After Fitzpatrick’s arrest in March 2023, the forum’s administration changed hands multiple times, including to the hacking group ShinyHunters and later to an individual known as “Baphomet.” Despite efforts to keep it operational, BreachForums faced repeated shutdowns and domain seizures by law enforcement agencies, including the FBI.

According to a statement published by BreachForums, the forum ceased operations after the discovery of a zero-day vulnerability in the open-source forum software MyBB that was used by the platform. Law enforcement agencies may have exploited the flaw to infiltrate the forum. For this reason, the operators behind the platform shutdown it to start the incident response procedure.

“In or around April 15, we received confirmation of information that we had been suspecting since day 1 – a MyBB 0day. This confirmation came through trusted contacts that we are in touch with, which revealed that our forum (http://breachforums.st) is subject to infiltration by various agencies and other global law enforcement bodies.” reads the statement. “Upon learning of this, we immediately took action by shutting down our infrastructure and initiating our incident response procedures.”

Administrators pointed out that no data compromise occurred.

“Our findings indicate that, fortunately, our infrastructure were NOT compromised, and no data was infiltrated.” continues the statement. “Subsequently, we began auditing the MyBB source code and we believe we have identified the PHP exploit.”

The administrators confirmed no arrests and that their infrastructure is intact. They warned users that emerging clones are untrustworthy, likely honeypots set up to lure users. They urged caution, advising users to verify trusted sources and avoid engaging with fake sites.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data leak forum)