Early Warning for Data Breach Spots
Monitor dark web, criminal forums, and protect your business with instant alerts for data breaches.
Protect Your Business from Data Leaks and Breaches
We monitor public websites, criminal forums, and other platforms where compromised data is traded or exposed. By constantly scanning and indexing new data from these sources, we help ensure that no breach goes unnoticed, giving businesses access to timely and actionable information.
From credentials to intellectual property, across multiple sectors, ensuring that your organization stays ahead of emerging threats.
300B
Records recaptured
30B+
Total Passwords
50+
Breach sources daily
One Mission, Multiple Security Challenges
BreachSpot serves Penetration Testers, Red Teams, Enterprise Security, Incident Response, M&A Researchers, and Vulnerability Assessors, ensuring comprehensive protection.
Safeguard Client Data, Stop Breaches
Breachspot continuously monitors public databases, online criminal forums, and data markets for compromised information. Data collected is enriched with context, and sensitive information like hashed passwords can be decoded and indexed for further investigation.
Validate risks by testing plaintext credentials and enforcing password resets through Active Directory to mitigate threats proactively.
BreachSpot offers dark web monitoring, real-time asset alerts, breach data API access, and compromised credential validation services.
API access to historical breach data
Real-time alerts for client assets
Continuous dark web monitoring service
Test and reset compromised credentials
Latest News
Your source for timely updates on the latest data breaches.
Stay informed with the latest insights and strategies for defense.
Severe ThroughTek SDK Vulnerability Exposes Millions of IoT Devices to Spy Threats
A serious security flaw has been identified in multiple versions of the ThroughTek Kalay P2P Software Development Kit (SDK), potentially allowing remote attackers to gain control of vulnerable devices and execute harmful code. Labeled as CVE-2021-28372 (with a CVSS score of 9.6) and uncovered by FireEye Mandiant in late 2020, this issue involves improper access controls in ThroughTek’s point-to-point (P2P) products. If exploited, attackers could listen in on live audio, view real-time video streams, and compromise device credentials, leading to further attacks stemming from exposed functionalities. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), “successful exploitation of this vulnerability could enable remote code execution and unauthorized access to sensitive information, including audio/video feeds from cameras.” There are estimated to be 83 million active devices vulnerable to this flaw.
Severe Vulnerability in ThroughTek SDK Exposes Millions of IoT Devices to Potential Attacks On August 18, 2021, a significant security flaw was identified within multiple versions of the ThroughTek Kalay P2P Software Development Kit (SDK). This vulnerability, designated as CVE-2021-28372 with a CVSS score of 9.6, poses a serious risk…
Severe ThroughTek SDK Vulnerability Exposes Millions of IoT Devices to Spy Threats
A serious security flaw has been identified in multiple versions of the ThroughTek Kalay P2P Software Development Kit (SDK), potentially allowing remote attackers to gain control of vulnerable devices and execute harmful code. Labeled as CVE-2021-28372 (with a CVSS score of 9.6) and uncovered by FireEye Mandiant in late 2020, this issue involves improper access controls in ThroughTek’s point-to-point (P2P) products. If exploited, attackers could listen in on live audio, view real-time video streams, and compromise device credentials, leading to further attacks stemming from exposed functionalities. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), “successful exploitation of this vulnerability could enable remote code execution and unauthorized access to sensitive information, including audio/video feeds from cameras.” There are estimated to be 83 million active devices vulnerable to this flaw.
Chinese Hackers Exposed by U.S. Water Control System Decoy
August 5, 2013
A notorious hacking group from China, known as APT1 or Comment Crew, potentially affiliated with the Chinese military, has been caught infiltrating a simulated United States water control system, also referred to as a honeypot. Kyle Wilhoit, a researcher from Trend Micro, disclosed the findings at the BlackHat Conference this past Wednesday.
Back in December, the hackers targeted a water control system for a U.S. municipality, unaware it was a ruse set up by Wilhoit. The decoy utilized a Word document embedded with malicious software, allowing for complete access.
These honeypots closely resembled the ICS/SCADA devices employed in critical infrastructure for power and water facilities. The setup, which employed cloud software, produced realistic web-based login and configuration screens for local water plants, making them look as though they were based in various countries, including Ireland, Russia, Singapore, China, Japan, Australia, Brazil, and the U.S. Researchers have traced the activity back to the APT1 Group, which was previously linked to by the security firm Mandiant.
Chinese Hackers Compromised by Deceptive U.S. Water Control System Honeypots August 5, 2013 In a recent revelation, a prominent hacker group from China, identified as APT1 or the Comment Crew, has been implicated in an attempted breach of a simulated United States water control system that was, in fact, a…
Chinese Hackers Exposed by U.S. Water Control System Decoy
August 5, 2013
A notorious hacking group from China, known as APT1 or Comment Crew, potentially affiliated with the Chinese military, has been caught infiltrating a simulated United States water control system, also referred to as a honeypot. Kyle Wilhoit, a researcher from Trend Micro, disclosed the findings at the BlackHat Conference this past Wednesday.
Back in December, the hackers targeted a water control system for a U.S. municipality, unaware it was a ruse set up by Wilhoit. The decoy utilized a Word document embedded with malicious software, allowing for complete access.
These honeypots closely resembled the ICS/SCADA devices employed in critical infrastructure for power and water facilities. The setup, which employed cloud software, produced realistic web-based login and configuration screens for local water plants, making them look as though they were based in various countries, including Ireland, Russia, Singapore, China, Japan, Australia, Brazil, and the U.S. Researchers have traced the activity back to the APT1 Group, which was previously linked to by the security firm Mandiant.
Iranian Hackers Compromise Over 100 Embassy Email Accounts in Global Diplomat Phishing Campaign
Sep 03, 2025
Data Breach / Cyber Espionage
A group linked to Iran has been identified as the perpetrator of a “coordinated” and “multi-wave” spear-phishing campaign targeting embassies and consulates across Europe and beyond. Israeli cybersecurity firm Dream has attributed this activity to Iranian-aligned operators associated with a broader offensive cyber initiative known as Homeland Justice. “Phishing emails were sent to numerous government officials worldwide, masquerading as legitimate diplomatic correspondence,” the firm reported. “The evidence suggests a larger regional espionage strategy aimed at diplomatic and government institutions amid rising geopolitical tensions.” The attack tactics involve spear-phishing emails that reference geopolitical disputes between Iran and Israel, containing malicious Microsoft Word attachments that prompt recipients to “Enable Content” to execute embedded Visual Basic for Applications code.
Data Breach / Cyber Espionage
Iranian Hackers Target Diplomatic Communications of Embassies Worldwide In a sophisticated and coordinated cyberattack, a group associated with Iran has breached over 100 email accounts belonging to embassies and consulates globally, according to a report from Israeli cybersecurity firm Dream. The campaign, described as “multi-wave” and “spear-phishing,” specifically targets diplomatic…
Iranian Hackers Compromise Over 100 Embassy Email Accounts in Global Diplomat Phishing Campaign
Sep 03, 2025
Data Breach / Cyber Espionage
A group linked to Iran has been identified as the perpetrator of a “coordinated” and “multi-wave” spear-phishing campaign targeting embassies and consulates across Europe and beyond. Israeli cybersecurity firm Dream has attributed this activity to Iranian-aligned operators associated with a broader offensive cyber initiative known as Homeland Justice. “Phishing emails were sent to numerous government officials worldwide, masquerading as legitimate diplomatic correspondence,” the firm reported. “The evidence suggests a larger regional espionage strategy aimed at diplomatic and government institutions amid rising geopolitical tensions.” The attack tactics involve spear-phishing emails that reference geopolitical disputes between Iran and Israel, containing malicious Microsoft Word attachments that prompt recipients to “Enable Content” to execute embedded Visual Basic for Applications code.
Kaseya Releases Security Patches for Two New 0-Day Vulnerabilities in Unitrends Servers
Kaseya, a U.S. technology company, has issued security patches to address two zero-day vulnerabilities in its Unitrends enterprise backup and continuity solution, which could lead to privilege escalation and authenticated remote code execution. These flaws are part of a trio reported by researchers at the Dutch Institute for Vulnerability Disclosure (DIVD) on July 3, 2021. The vulnerabilities have been resolved in server software version 10.5.5-2, released on August 12. However, an undisclosed client-side vulnerability in Kaseya Unitrends remains unpatched. To mitigate associated risks, the company has provided firewall rules for traffic filtering and recommends not exposing servers to the internet.
Kaseya Releases Patches for Critical Zero-Day Vulnerabilities in Unitrends Servers On August 27, 2021, Kaseya, a prominent U.S. technology firm specializing in IT infrastructure management, announced the release of security updates aimed at rectifying two critical zero-day vulnerabilities within its Unitrends enterprise backup and continuity solution. These vulnerabilities pose significant…
Kaseya Releases Security Patches for Two New 0-Day Vulnerabilities in Unitrends Servers
Kaseya, a U.S. technology company, has issued security patches to address two zero-day vulnerabilities in its Unitrends enterprise backup and continuity solution, which could lead to privilege escalation and authenticated remote code execution. These flaws are part of a trio reported by researchers at the Dutch Institute for Vulnerability Disclosure (DIVD) on July 3, 2021. The vulnerabilities have been resolved in server software version 10.5.5-2, released on August 12. However, an undisclosed client-side vulnerability in Kaseya Unitrends remains unpatched. To mitigate associated risks, the company has provided firewall rules for traffic filtering and recommends not exposing servers to the internet.
Loading map data...
Download for free 2024 Data Security Whitepaper
Discover key insights into the latest trends in data security and practical strategies to protect your organization’s digital assets. Download our comprehensive 2024 Data Security Whitepaper to learn how to mitigate risks related to IoT, AI, and hybrid work environments, and stay compliant with global regulations like GDPR and NIS2.