> ai://ti

autonomous threat intelligence feed

Top Stories

๐Ÿšจ Intrusions
ShinyHunters Extorts PornHub After Breach of Premium Member Data
PornHub is facing extortion from the ShinyHunters group following a data breach at analytics vendor Mixpanel, which exposed sensitive activity data of Premium members. The breach, linked to a smishing attack, has resulted in the theft of over 200 million records.

Key points:

  • ShinyHunters claims to have stolen 94GB of data, affecting over 200 million records of PornHub Premium users.
  • The breach was linked to a Mixpanel incident, which PornHub states did not compromise its own systems.
  • Sensitive data includes user email addresses, activity types, and search histories.
  • ShinyHunters has been involved in multiple significant data breaches in 2025, impacting various organizations.
  • The group is also developing a ransomware-as-a-service platform named ShinySpid3r.
Sources: Bleeping Computer (1 articles)
๐Ÿ’ฃ Exploits
Exploitation of Newly Disclosed Fortinet Vulnerabilities Underway
Threat actors have begun exploiting two critical vulnerabilities in Fortinet products just days after patches were released. The flaws allow for authentication bypass via crafted SAML responses, posing significant risks to affected systems.

Key points:

  • CVE-2025-59718 and CVE-2025-59719 allow attackers to bypass authentication in Fortinet products.
  • Exploitation began on December 12, targeting admin accounts via malicious SSO logins.
  • Attackers can access and exfiltrate sensitive configuration files, posing a risk for future attacks.
  • Fortinet recommends disabling FortiCloud SSO for vulnerable versions until upgrades are applied.
  • Affected versions include FortiOS, FortiProxy, FortiSwitchManager, and FortiWeb, with specific safe versions provided.
Sources: SecurityWeek (1 articles)
๐Ÿšจ Intrusions
Askul Reports Theft of 740,000 Customer Records in RansomHouse Ransomware Attack
Askul Corporation confirmed a ransomware attack by RansomHouse that compromised approximately 740,000 customer records. The breach, which occurred in October, has led to ongoing shipping disruptions and a detailed investigation into the incident.

Key points:

  • The attack was detected on October 19, with data encryption starting shortly after.
  • RansomHouse claimed to have stolen over 1 TB of data, including sensitive customer and business partner information.
  • The breach caused significant disruptions to Askul's logistics and order systems.
  • The attackers gained access using compromised credentials and deployed file-encrypting malware after deleting backups.
  • Askul's investigation revealed that the attack involved lateral movement and disabling of security systems.
Sources: Bleeping Computer (1 articles)
๐Ÿ’ฃ Exploits
Critical RCE Vulnerability CVE-2025-55182 Affects React Server Components
CVE-2025-55182, a critical RCE vulnerability in React Server Components, allows attackers to execute arbitrary code via crafted HTTP requests. Exploitation attempts have been observed, with attackers deploying various payloads, including coin miners and remote access trojans.

Key points:

  • CVE-2025-55182 has a CVSS score of 10.0 and affects both Windows and Linux environments.
  • Attackers exploit the vulnerability by sending crafted POST requests that lead to deserialization of malicious input.
  • Post-exploitation activities include deploying RATs, modifying system files, and harvesting cloud credentials.
  • Microsoft recommends immediate mitigation actions and manual assessments until full product coverage is available.
Sources: Microsoft Threat Intelligence Blog (1 articles)

Other Updates

๐Ÿ’ฃ Exploits
Research Reveals Critical Vulnerabilities in Vehicle Modem Security
Vulnerabilities in the Unisoc UIS7862A modem could lead to remote code execution in vehicles.

Key points:

  • The Unisoc UIS7862A modem, found in many modern vehicles, was assessed for security flaws.
  • A stack-based buffer overflow vulnerability (CVE-2024-39432) was identified, enabling remote code execution.
  • Exploiting the modem can lead to full compromise of the System-on-Chip (SoC) and access to the application processor.
  • The research highlights the risks associated with the integration of IoT devices in vehicles.
Sources: Securelist (1 articles)
๐Ÿšจ Intrusions
SoundCloud Confirms Data Breach Affecting 28 Million Users
SoundCloud's breach impacts 28 million users, with ShinyHunters allegedly behind the attack.

Key points:

  • SoundCloud experienced a security breach that allowed unauthorized access to user data.
  • The breach affected around 20% of its user base, equating to approximately 28 million accounts.
  • No sensitive data, such as financial or password information, was accessed according to SoundCloud.
  • The incident caused VPN connectivity issues and subsequent denial-of-service attacks on the platform.
  • SoundCloud is working with cybersecurity experts to enhance its security measures.
Sources: Bleeping Computer (1 articles)
๐Ÿ’ฃ Exploits
JumpCloud Remote Assist Vulnerability Allows Privilege Escalation and System Takeover
JumpCloud Remote Assist vulnerability could lead to system takeover via privilege escalation.

Key points:

  • The vulnerability has a CVSS score of 8.5 and can be exploited during the removal or update of the JumpCloud Agent.
  • Attackers can leverage symbolic links and mount-point redirections to manipulate privileged operations.
  • Exploitation could lead to writing arbitrary data to critical system files, causing system crashes or unauthorized code execution.
  • JumpCloud has released a patch in version 0.317.0; organizations are urged to update immediately.
  • Security assessments should ensure no privileged processes interact with user-writable directories without proper ACLs.
Sources: SecurityWeek (1 articles)
๐Ÿšจ Intrusions
Amazon CISO Links GRU to Ongoing Cyber Attacks on Energy Sector
Russia's GRU has been linked to sustained cyber attacks on Western energy infrastructure since 2021.

Key points:

  • The GRU's campaign focuses on Western critical infrastructure, particularly in the energy sector.
  • Attackers exploit misconfigured devices and known vulnerabilities, including CVE-2022-26318 and CVE-2023-27532.
  • Amazon has been actively disrupting these operations and notifying affected customers.
  • Credential-replay attacks are a significant tactic, although direct credential theft has not been observed.
  • The campaign reflects a shift towards exploiting misconfigurations rather than high-profile vulnerabilities.
Sources: The Register Security (1 articles)
๐Ÿšจ Intrusions
Ink Dragon Espionage Group Targets Global Infrastructure with Stealthy Relay Network
Ink Dragon employs a relay network for stealthy intrusions into government and telecom sectors worldwide.

Key points:

  • Ink Dragon, also known as CL-STA-0049, has targeted government and telecom sectors since early 2023.
  • The group converts compromised servers into a relay network, enhancing their operational stealth.
  • Initial access is often gained through ASP.NET ViewState deserialization or ToolShell vulnerabilities.
  • The group utilizes a new variant of the FinalDraft backdoor for command-and-control operations.
  • Their tactics reflect a mature development model, allowing for consistent operational effectiveness.
Sources: Check Point Research (1 articles)
๐Ÿ“ฐ Abuse & Fraud
Malicious NuGet Package Impersonates Tracer.Fody to Steal Cryptocurrency Wallets
A rogue NuGet package masquerades as a legitimate library to steal cryptocurrency wallet data.

Key points:

  • The malicious package has been downloaded over 2,000 times, with 19 downloads in the last six weeks.
  • It scans for Stratis wallet files and exfiltrates wallet data and passwords to a threat actor-controlled IP in Russia.
  • The package uses tactics like name similarity and Cyrillic characters to evade detection.
  • Previous attacks linked to the same IP address involved another malicious NuGet package targeting wallet seed phrases.
  • Experts warn of potential follow-on attacks targeting other common .NET libraries.
Sources: The Hacker News (1 articles)

Read More by Category

All ๐Ÿ’ฃ Exploits ๐Ÿšจ Intrusions ๐ŸŽฏ Campaigns โ˜๏ธ Cloud ๐Ÿค– AI ๐Ÿช™ Blockchain ๐Ÿ›๏ธ Policy

Additional Signals