BreachForums, a notorious cybercrime marketplace and successor to RaidForums, experienced a sudden outage on April 15, 2025, after law enforcement leveraged an undisclosed 0-day vulnerability in the MyBB forum software to infiltrate its infrastructure. Although administrators assert that no data was compromised or exfiltrated, the operation disrupted platform availability and triggered a comprehensive internal review. Users were unable to access forums or exchange illicit services throughout the shutdown period, resulting in significant community unrest and reputational damage. Despite the absence of a confirmed data breach, the incident exposed critical weaknesses in the unpatched MyBB codebase and underscored the persistent threat posed by advanced law enforcement tactics. Administrators have since completed a detailed audit, identified the PHP exploit responsible, and initiated a full back-end rewrite to mitigate any future exploits. This unplanned interruption not only affected transaction flows and forum governance but also prompted members to temporarily migrate to alternative platforms, fragmenting the user base and diluting centralized control. The downtime incurred indirect costs associated with incident response efforts and technical remediation, leaving administrators with the dual challenge of restoring service and rebuilding confidence.
Source: https://cybersecuritynews.com/breachforums-mybb-0-day/
"id": "rel716042825",
"linkid": "reliaquest",
"type": "Vulnerability",
"date": "4/2025",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"