CyberSecurityBoard
Sponsor Register Login

BreachForums Reveals Law Enforcement Crackdown Exploiting MyBB 0-Day

BreachForums, a notorious cybercrime marketplace and successor to RaidForums, has confirmed that its platform was the target of a sophisticated law enforcement operation exploiting a previously unknown vulnerability, commonly referred to as a “0-day”, in the MyBB forum software. This vulnerability, which had not been previously disclosed or patched at the time of the attack, allowed attackers to potentially bypass standard security controls and gain unauthorized access to the underlying system. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The announcement, signed by the BreachForums administration, follows weeks of speculation and rumors about the site’s sudden outage and potential compromise by global law enforcement agencies. BreachForums has been a recurring target, with previous takedowns and arrests, including the 2023 arrest of its founder, “Pompompurin” (Conor Brian Fitzpatrick)-leading to repeated shutdowns and revivals of the platform. For example, an attacker could send a malicious private message exploiting XSS to an administrator, which, when opened, would trigger a file write vulnerability and plant a PHP shell on the server. In past incidents, attackers have chained together vulnerabilities such as persistent cross-site scripting (XSS) and file write flaws to achieve full server compromise. Using a 0-day vulnerability demonstrates the increasing technical sophistication of law enforcement operations targeting high-profile cybercriminal infrastructure. The administration also warned users against engaging with BreachForums clones, labeling them as potential honeypots operated by law enforcement or scammers. Such exploits can allow attackers to execute arbitrary code on the server, potentially granting full control over the forum infrastructure. To prevent future incidents, BreachForums is actively working on a complete rewrite of its backend, moving away from the compromised MyBB codebase.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 28 Apr 2025 15:10:00 +0000


Cyber News related to BreachForums Reveals Law Enforcement Crackdown Exploiting MyBB 0-Day

BreachForums Reveals Law Enforcement Crackdown Exploiting MyBB 0-Day - BreachForums, a notorious cybercrime marketplace and successor to RaidForums, has confirmed that its platform was the target of a sophisticated law enforcement operation exploiting a previously unknown vulnerability, commonly referred to as a ...
2 months ago Cybersecuritynews.com
Leak Site BreachForums Springs Back to Life Weeks After FBI Takedown - Barely two weeks after the FBI and the US Department of Justice shut down BreachForums, the notorious data leak site appears to be back online, hawking personal and payment card data purportedly belonging to more than 500 million Live ...
1 year ago Darkreading.com Hunters
Law Firms and Legal Departments Get Singled Out For Cyberattacks - Cyberattackers are doubling down on their attacks against law firms and corporate legal departments, moving beyond their historical activity of hacking and leaking secrets to targeting the sector with financial attacks, such as ransomware and ...
1 year ago Darkreading.com LockBit
The law enforcement operations targeting cybercrime in 2023 - In 2023, we saw numerous law enforcement operations targeting cybercrime operations, including cryptocurrency scams, phishing attacks, credential theft, malware development, and ransomware attacks. While some of these operations were more successful ...
1 year ago Bleepingcomputer.com
FBI seize BreachForums hacking forum used to leak stolen data - The FBI has seized the notorious BreachForums hacking forum used to leak and sell stolen corporate data to other cybercriminals. The seizure occurred on Wednesday morning, soon after the site was used last week to leak data stolen from a Europol law ...
1 year ago Bleepingcomputer.com Hunters
BreachForums admin jailed for flouting pretrial rules The Register - The cybercriminal behind BreachForums was this week arrested for violating the terms of his pretrial release and will now be held in custody until his sentencing hearing. He was granted pretrial release on a $300,000 bond under a number of ...
1 year ago Go.theregister.com
BreachForums admin jailed for flouting pretrial rules The Register - The cybercriminal behind BreachForums was this week arrested for violating the terms of his pretrial release and will now be held in custody until his sentencing hearing. He was granted pretrial release on a $300,000 bond under a number of ...
1 year ago Theregister.com
Feds seize BreachForums platform, Telegram page - The website and Telegram page for the notorious BreachForums platform, a popular bazaar for stolen data and cybercriminal tools, appears to have been seized. On Wednesday morning, the BreachForums website was replaced by a takedown banner featuring ...
1 year ago Therecord.media
BreachForums admin jailed again for using a VPN, unmonitored PC - The administrator behind the notorious BreachForums hacking forum has been arrested again for breaking pretrial release conditions, including using an unmonitored computer and a VPN. The BreachForums admin, Conor Fitzpatrick, was arrested on March ...
1 year ago Bleepingcomputer.com
BreachForums hacking forum admin sentenced to 20 years supervised release - Conor Brian Fitzpatrick was sentenced to 20 years of supervised release today in the Eastern District of Virginia for operating the notorious BreachForums hacking forum, known for the sale and leaking of personal data for hundreds of millions of ...
1 year ago Bleepingcomputer.com
Law Firms are Raising the Bar on Cybersecurity - Corresponding with recent increases in threat actor activity in the legal industry, law firms are investing more time and attention in modernizing security operations. Both midsize and large law firms are increasingly engaging with cybersecurity ...
2 years ago Bluevoyant.com
Victory! Grand Jury Finds Sacramento Cops Illegally Shared Driver Data - For the past year, EFF has been sounding the alarm about police in California illegally sharing drivers' location data with anti-abortion states, putting abortion seekers and providers at risk of prosecution. We thus applaud the Sacramento County ...
1 year ago Eff.org
Data leak site BreachForums is back, boasting Live Nation/Ticketmaster user data. But is it a trap? - Notorious data leak site BreachForums appears to be back online after it was seized by law enforcement a few weeks ago. At least one of BreachForums domains and its dark web site are live again. Questions have been raised over whether it is a genuine ...
1 year ago Malwarebytes.com Hunters
Understanding the Seizure of Dark Web Sites Linked to the Hive Ransomware - Recently, law enforcement seized several dark web sites linked to the Hive ransomware. The Hive ransomware is a potent form of malware that cybercriminals use to target organizations and individual computer users in order to demand a ransom for ...
2 years ago Bleepingcomputer.com
FBI disrupts Blackcat ransomware operation, creates decryption tool - The Department of Justice announced today that the FBI successfully breached the ALPHV ransomware operation's servers to monitor their activities and obtain decryption keys. On December 7th, BleepingComputer first reported that the ALPHV, aka ...
1 year ago Bleepingcomputer.com LockBit Noescape
Law enforcement conducts 'largest ever' botnet takedown - In the latest high-profile law enforcement action against cybercrime, agencies disrupted several notorious botnets and malware droppers widely used in ransomware attacks. Europol on Thursday announced that an international law enforcement action, ...
1 year ago Techtarget.com LockBit
10 of the biggest zero-day attacks of 2023 - Here are 10 of the biggest zero-day attacks of 2023 in chronological order. Zero-day attacks started strong in 2023 with CVE-2023-0669, a pre-authentication command injection vulnerability in Fortra's GoAnywhere managed file transfer product. ...
1 year ago Techtarget.com CVE-2023-0669 CVE-2023-34362 CVE-2023-36884 CVE-2023-4863 CVE-2023-41992 CVE-2023-41991 CVE-2023-41993 CVE-2023-22515
BreachForums administrator detained after violating parole - The administrator behind defunct cybercrime haven BreachForums was arrested after violating his parole, according to court documents filed this week. Conor Brian Fitzpatrick was arrested on January 2 by FBI officers after officials told a judge that ...
1 year ago Therecord.media
How Cybersecurity for Law Firms has Changed - The public nature of the legal system makes law firms particularly vulnerable to a growing number of cybersecurity risks. Law firms have unique access to highly confidential client information and as a result, face a growing number of federal, ...
1 year ago Securityboulevard.com
Dozens of Rogue California Police Agencies Still Sharing Driver Locations with Anti-Abortion States - SAN FRANCISCO-California Attorney General Rob Bonta should crack down on police agencies that still violate Californians' privacy by sharing automated license plate reader information with out-of-state government agencies, putting abortion seekers ...
1 year ago Eff.org
Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
1 year ago Securityaffairs.com CVE-2024-23222 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109
Telegram revealed it shared U.S. user data with law enforcement - Independent website 404 Media first revealed that in 2024 Telegram has fulfilled more than a dozen law enforcement data requests from the U.S. authorities. At the end of September, Telegram updated its privacy policy informing users that it will ...
9 months ago Securityaffairs.com
Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada. They also demoed exploits and vulnerability chains targeting zero-days in Xiaomi's 13 Pro ...
1 year ago Bleepingcomputer.com
Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine - Apple has patched an actively exploited zero-day bug in its WebKit browser engine for Safari. Actively Exploited Apple yesterday described the vulnerability as something an attacker could exploit to execute arbitrary code on affected systems. ...
1 year ago Darkreading.com CVE-2024-23222
US charged 19 suspects linked to xDedic cybercrime marketplace - The U.S. Department of Justice announced the end of a transnational investigation into the dark web xDedic cybercrime marketplace, charging 19 suspects for their involvement in running and using the market's services. An international operation ...
1 year ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)