CyberNews: 11/01/2026 Edition

Published by Dunateo on 2026-01-11

Today’s roundup

  • BreachForums hacking forum database leaked, exposing 324,000 accounts
  • Spain arrests 34 suspects linked to Black Axe cyber crime
  • A massive breach exposed data of 17.5M Instagram users
  • North Korea–linked APT Kimsuky behind quishing attacks, FBI warns

    • Summary

    The notorious BreachForums hacking forum has suffered a significant data breach, leading to the online leakage of its user database table. This incident exposed details for 324,000 accounts belonging to the latest incarnation of the forum.

    Authorities in Spain have conducted a major operation, arresting 34 individuals suspected of being part of a criminal network involved in widespread cyber fraud. The suspects are believed to be linked to the Black Axe group, known for illicit activities across Europe, marking a significant disruption to their operations.

    A massive data breach has impacted approximately 17.5 million Instagram users, as reported by Malwarebytes Labs researchers. The exposed personal data includes usernames, physical addresses, phone numbers, and email addresses. Since January 10, 2026, millions of users have received password reset emails. The stolen data, which may have been combined from Instagram IDs and external databases, is reportedly being auctioned on cybercrime forums in batches, raising concerns about potential real-world risks such as stalking, swatting, extortion, and identity theft. Users are advised to reset passwords via the official app, enable app-based two-factor authentication, and review third-party app permissions.

    The FBI has issued a warning regarding North Korea-linked APT group Kimsuky, which is actively targeting government agencies, think tanks, and academic institutions with "quishing" attacks. These sophisticated spear-phishing campaigns, observed since 2025, utilize malicious QR codes embedded in emails or as attachments to bypass traditional security filters. Upon scanning, victims are redirected through attacker-controlled infrastructure to credential harvesting pages impersonating services like Microsoft 365, Okta, or VPN portals. This method effectively steals credentials and session tokens, allowing threat actors to bypass multi-factor authentication and establish persistence within victim organizations.

    Want to dig deeper?

    Cyber Groups

    Kimsuky Black Banshee, Velvet Chollima, Emerald Sleet, THALLIUM, APT43, TA427, Springtail