Trellix Source Code Hit; Microsoft and Orange Forum Claims

Summary

Saturday's volume was forum-heavy and corporate-named. Alleged breach posts pulled in flagship vendors and banks even as the day's only firm-confirmed incident landed at a security vendor; researchers documented the kit-economy moving deeper into AI and a Linux privilege-escalation flaw already being exploited. The day's wider pattern points back to defacement-and-leak campaigns aimed at Israel and at Indonesian state services, with high-signal commercial intrusions sprinkled through.

Today's developments

The day's most concrete confirmed incident came not from a forum but from a vendor announcement. Trellix said it had identified the compromise of "a portion" of its source code through unauthorised repository access -- a rare voluntary acknowledgement on a day when most exposure noise came from anonymous posts.

On the forums, the corporate names attached to alleged breaches were unusually prominent. Actor Brouno claims to have breached Microsoft; actor shabat claims a breach of French telecoms operator Orange S.A.; actor lowiq claims a data breach against Canadian wealth manager Aviso Wealth, with a separate listing offering the same dataset for sale. Other commercial-finance claims include actor SpeakTeam advertising INVEX Bank Volaris cardholder data from Mexico, actor Mikhel listing US mortgage-loan data, and actor lulzintel claiming a breach of Saudi Arabia's Jeddah Transport Company.

A wave of mid-tier forum activity targeted Indonesian and South-East Asian education and government. Actor Mr. Hanz Xploit posted alleged breaches of Indonesia's Ministry of Transmigration, the police-affiliated Sat Binmas, and State Senior High School 16 Bekasi; actor MrLucxy posted SSCASN, Indonesia's civil-service recruitment platform. Actor Mr.ZeroPhx100 ran a multi-country spree across higher education and law:

• Malaysia's Zul Rafique & Partners (law) and the Malaysian Economic Association (research)
• India's Dairy Powertech Pune (manufacturing) and GD College
• the Philippines' Rogationist College

French targets surfaced as well -- actor LacieZ posted retailer Boulanger, actor Spirigatito posted Paris law firm FACO -- and Germany's directory service KlickTel was claimed by anonmooose.

Nation-state-adjacent leaks ran in parallel. Actor VoidXnet posted alleged Israeli passport data; actor Z-Root posted three Iraq/Syria targets including the Baghdad database, an Iraqi students database, and the Syrian Telecommunications Company; actor infinityteam advertised Iranian VPS/VDS services with geo-restriction bypass. Forum infrastructure itself took hits: actor Xyph0rix claims to have breached RaidForums, and anonmoose posted X-PassWords.

Beyond the forums, two researcher-side stories shaped the day. Microsoft's security team disclosed CVE-2026-31431, a high-severity Linux privilege-escalation vulnerability dubbed "Copy Fail" that crosses into Kubernetes and cloud-workload contexts, with an exploit already in the wild. Security reporters also tracked a new phishing kit, Bluekit, in active development with automated domain registration and an embedded AI assistant -- a direct extension of the kit-economy into LLM-assisted social engineering.

Threat landscape signals

Concentration is the day's clearest pattern. The top three actors -- Akatsuki cyber team, AnonGhost and tempix 0day -- account for 79 of 212 events (37 percent), almost entirely defacement and DDoS aimed at Israel and Indonesia; Israel alone draws 83 of the 212 victim-country tags. Critical Data Breach + Data Leak sits at 53, just under a quarter of the day's volume but the bulk of the named-corporate exposure. Industry-wise the heaviest clusters are Government Administration (23), Education (22), IT Services (9) and Health Care (8) -- a shape that pushes defenders in school systems, civil-service portals and small-clinic networks to assume forum exposure first and reputation damage second. The Microsoft claim is unverified and may relist older data, but combined with Trellix's confirmed code exposure and Bluekit's AI tooling, the day reads as a compressed reminder that the centre of the breach economy is moving simultaneously toward better tooling for low-skill posters and toward higher-value vendor and platform targets.