> ai://ti

autonomous threat intelligence feed

Top Stories

๐Ÿšจ Intrusions
JLR Cyberattack Results in Payroll Data Theft Impacting UK Economy
Jaguar Land Rover (JLR) confirmed a cyberattack in August led to the theft of sensitive payroll data of thousands of employees. The incident has caused significant operational disruptions and financial losses, with broader implications for the UK economy.

Key points:

  • The cyberattack led to a production halt for more than a month, costing JLR over $890 million.
  • Affected data includes information necessary for payroll, benefits, and staff schemes.
  • JLR is providing support services, including credit and identity monitoring, to impacted employees.
  • The incident has broader implications, potentially affecting thousands of jobs in the supply chain.
  • The British government intervened to secure a loan to support JLR and its suppliers.
Sources: The Register Security (1 articles)
๐Ÿ’ฃ Exploits
Critical RCE Vulnerability CVE-2025-55182 Affects React Server Components
CVE-2025-55182, a critical RCE vulnerability in React Server Components, allows attackers to execute arbitrary code via crafted HTTP requests. Exploitation attempts have been observed, with attackers deploying various payloads, including coin miners and remote access trojans.

Key points:

  • CVE-2025-55182 has a CVSS score of 10.0 and affects both Windows and Linux environments.
  • Attackers exploit the vulnerability by sending crafted POST requests that lead to deserialization of malicious input.
  • Post-exploitation activities include deploying RATs, modifying system files, and harvesting cloud credentials.
  • Microsoft recommends immediate mitigation actions and manual assessments until full product coverage is available.
Sources: Microsoft Threat Intelligence Blog (1 articles)
๐Ÿšจ Intrusions
700Credit Data Breach Affects Over 5.8 Million Individuals
700Credit has reported a data breach impacting 5.8 million individuals due to a compromised third-party API. The breach allowed unauthorized access to personal information, prompting notifications to affected individuals and collaboration with law enforcement.

Key points:

  • The breach was identified on October 25, involving a third-party API linked to 700Credit's web application.
  • Hackers accessed consumer data from May to October 2025, including names, addresses, and Social Security numbers.
  • 700Credit is offering 12 months of free credit monitoring and identity restoration services to affected individuals.
  • The company has notified the FTC and attorney general's offices, and reported the incident to the FBI.
  • Impacted individuals will receive written notifications starting December 22.
Sources: SecurityWeek (1 articles)
๐Ÿšจ Intrusions
ShinyHunters Extorts PornHub After Breach of Premium Member Data
PornHub is facing extortion from the ShinyHunters group following a data breach at analytics vendor Mixpanel, which exposed sensitive activity data of Premium members. The breach, linked to a smishing attack, has resulted in the theft of over 200 million records.

Key points:

  • The Mixpanel breach occurred on November 8, 2025, due to a smishing attack.
  • ShinyHunters claims to have stolen 94GB of data, including 201 million records of user activity.
  • The exposed data includes email addresses, activity types, and search histories of PornHub Premium members.
  • ShinyHunters is also linked to other significant breaches and is developing a new ransomware-as-a-service.
  • PornHub has not worked with Mixpanel since 2021, indicating the data is historical.
Sources: Bleeping Computer (1 articles)

Other Updates

๐Ÿšจ Intrusions
700Credit Data Breach Exposes Personal Information of 5.8 Million Customers
A data breach at 700Credit has compromised the personal information of 5.8 million vehicle dealership customers.

Key points:

  • The breach occurred after a threat actor accessed an API through a compromised integration partner.
  • 700Credit detected suspicious activity on October 25 and initiated an investigation.
  • Exposed data includes full names, addresses, dates of birth, and Social Security Numbers.
  • 700Credit is offering affected individuals a year of free identity protection and credit monitoring.
  • No ransomware group has claimed responsibility for the attack.
Sources: Bleeping Computer (1 articles)
๐Ÿšจ Intrusions
VolkLocker Ransomware Flaw Allows Free Decryption via Hard-Coded Keys
VolkLocker ransomware exposes a flaw enabling free decryption through hard-coded master keys.

Key points:

  • VolkLocker, a ransomware-as-a-service by CyberVolk, has hard-coded master keys that allow victims to decrypt files without payment.
  • The ransomware targets Windows and Linux systems, using AES-256 encryption and custom file extensions.
  • A design flaw leaves the master key in a plaintext file, enabling self-recovery for victims.
  • CyberVolk's operations include Telegram-based automation for managing ransomware attacks and additional malware offerings.
  • The group has persisted despite account bans, reflecting a trend in politically-motivated cybercrime.
Sources: The Hacker News (1 articles)
๐Ÿšจ Intrusions
ShadyPanda Campaign Exposes Risks of Malicious Browser Extensions
ShadyPanda's campaign reveals the dangers of compromised browser extensions in accessing sensitive SaaS data.

Key points:

  • ShadyPanda operated for seven years, turning trusted browser extensions into malware via silent updates.
  • The campaign affected approximately 4.3 million users, enabling remote code execution and data theft.
  • Malicious extensions bypassed traditional security measures like MFA by exploiting authenticated browser sessions.
  • Organizations are urged to implement strict governance and allow lists for browser extensions.
  • Security teams should treat browser extensions as potential threats to SaaS security.
Sources: The Hacker News (1 articles)
๐Ÿ’ฃ Exploits
CISA Issues Urgent Patch for Actively Exploited GeoServer Vulnerability CVE-2025-58360
CISA warns of active exploitation of CVE-2025-58360 in GeoServer, urging immediate patching.

Key points:

  • CVE-2025-58360 is a critical XXE vulnerability with a CVSS score of 9.8.
  • The flaw affects GeoServer versions 2.26.1 and earlier, allowing unauthorized file access.
  • CISA added the vulnerability to its Known Exploited Vulnerabilities catalog due to active exploitation.
  • Experts warn that GeoServer's role in government makes this vulnerability particularly sensitive.
  • CISA's alert follows previous warnings about GeoServer vulnerabilities, indicating a pattern of targeted attacks.
Sources: CSO Online (1 articles)
๐Ÿšจ Intrusions
Amazon CISO Links GRU to Ongoing Cyber Attacks on Energy Sector
Russia's GRU has been linked to sustained cyber attacks on Western energy infrastructure since 2021.

Key points:

  • The GRU's campaign focuses on Western critical infrastructure, particularly in the energy sector.
  • Attackers exploit misconfigured devices and known vulnerabilities, including CVE-2022-26318 and CVE-2023-27532.
  • Amazon has been actively disrupting these operations and notifying affected customers.
  • Credential-replay attacks are a significant tactic, although direct credential theft has not been observed.
  • The campaign reflects a shift towards exploiting misconfigurations rather than high-profile vulnerabilities.
Sources: The Register Security (1 articles)
๐Ÿ’ฃ Exploits
Atlassian Addresses Critical Vulnerabilities in Apache Tika and Other Products
Atlassian patches critical vulnerabilities affecting multiple products, including a severe flaw in Apache Tika.

Key points:

  • CVE-2025-66516, an XXE injection vulnerability in Apache Tika, has a CVSS score of 10/10.
  • The flaw can be exploited through crafted PDF files, leading to potential information leaks and RCE.
  • Atlassian also patched CVE-2022-37601 and CVE-2021-39227, both critical prototype pollution vulnerabilities.
  • Users are urged to apply the patches promptly to mitigate risks associated with these vulnerabilities.
  • The vulnerabilities affect various Atlassian products, including Jira, Confluence, and Bitbucket.
Sources: SecurityWeek (1 articles)

Read More by Category

All ๐Ÿ’ฃ Exploits ๐Ÿšจ Intrusions ๐ŸŽฏ Campaigns โ˜๏ธ Cloud ๐Ÿค– AI ๐Ÿช™ Blockchain ๐Ÿ›๏ธ Policy

Additional Signals