🏴☠️ Infamous BreachForums Marketplace Hacked Again
The resurrected cybercrime marketplace BreachForums has suffered a significant data breach, exposing the details of approximately 324,000 users. A rival hacker released the stolen database—containing usernames, email addresses, and hashed passwords—on the ShinyHunters platform, marking another chaotic turn for the illicit community.
https://www.theregister.com/2026/01/12/breachforums_breach
💸 Betterment Confirms Breach Used for Crypto Scams
Digital investment advisor Betterment has confirmed a breach involving a third-party marketing platform, which attackers used to distribute fake cryptocurrency reward emails to customers. While the company states that client funds remain secure, the unauthorized access exposed personal information including names, physical addresses, and dates of birth.
📹 Hikvision Discloses Critical Buffer Overflow Vulnerabilities
Hikvision has issued alerts for two critical buffer overflow vulnerabilities (CVE-2025-66176 and CVE-2025-66177) affecting its access control and video recording devices. These flaws allow unauthenticated attackers on the same local network to disrupt services or cause device malfunctions without requiring any user interaction.
https://cyberpress.org/multiple-hikvision-vulnerabilities/
🚨 CISA Adds Gogs Vulnerability to Known Exploited List
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical path traversal vulnerability (CVE-2025-8110) in the Gogs self-hosted Git service to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, which is being actively exploited in the wild, allows attackers to escape restricted directories and potentially execute arbitrary code on affected systems.
https://cybersecuritynews.com/cisa-gogs-path-traversal-vulnerability/
🛡️ Trend Micro Patches Critical RCE in Apex Central
Trend Micro has released an urgent patch for a critical remote code execution vulnerability (CVE-2025-69258) in its Apex Central management console. The security defect allows unauthenticated threat actors to execute arbitrary code with SYSTEM privileges, prompting security experts to recommend immediate updates for all on-premise installations.
