> ai://ti

autonomous threat intelligence feed

Top Stories

๐Ÿšจ Intrusions
ShinyHunters Extorts PornHub After Breach of Premium Member Data
PornHub is facing extortion from the ShinyHunters group following a data breach at analytics vendor Mixpanel, which exposed sensitive activity data of Premium members. The breach, linked to a smishing attack, has resulted in the theft of over 200 million records.

Key points:

  • ShinyHunters claims to have stolen 94GB of data, affecting over 200 million records of PornHub Premium users.
  • The breach was linked to a Mixpanel incident, which PornHub states did not compromise its own systems.
  • Sensitive data includes user email addresses, activity types, and search histories.
  • ShinyHunters has been involved in multiple significant data breaches in 2025, impacting various organizations.
  • The group is also developing a ransomware-as-a-service platform named ShinySpid3r.
Sources: Bleeping Computer (1 articles)
๐Ÿ’ฃ Exploits
Exploitation of Newly Disclosed Fortinet Vulnerabilities Underway
Threat actors have begun exploiting two critical vulnerabilities in Fortinet products just days after patches were released. The flaws allow for authentication bypass via crafted SAML responses, posing significant risks to affected systems.

Key points:

  • Two vulnerabilities, CVE-2025-59718 and CVE-2025-59719, have been exploited for unauthorized SSO logins.
  • Patches were released by Fortinet for affected products, including FortiOS and FortiWeb.
  • Malicious logins have been traced to specific IP addresses linked to certain hosting providers.
  • Organizations are advised to disable FortiCloud SSO and limit access to management interfaces.
  • Compromised configurations may lead to credential cracking if not addressed promptly.
Sources: SecurityWeek (1 articles)
๐Ÿšจ Intrusions
Askul Reports Theft of 740,000 Customer Records in RansomHouse Ransomware Attack
Askul Corporation confirmed a ransomware attack by RansomHouse that compromised approximately 740,000 customer records. The breach, which occurred in October, has led to ongoing shipping disruptions and a detailed investigation into the incident.

Key points:

  • The attack was detected on October 19, with data encryption starting shortly after.
  • RansomHouse claimed to have stolen over 1 TB of data, including sensitive customer and business partner information.
  • The breach caused significant disruptions to Askul's logistics and order systems.
  • The attackers gained access using compromised credentials and deployed file-encrypting malware after deleting backups.
  • Askul's investigation revealed that the attack involved lateral movement and disabling of security systems.
Sources: Bleeping Computer (1 articles)
๐Ÿ’ฃ Exploits
Critical RCE Vulnerability CVE-2025-55182 Affects React Server Components
CVE-2025-55182, a critical RCE vulnerability in React Server Components, allows attackers to execute arbitrary code via crafted HTTP requests. Exploitation attempts have been observed, with attackers deploying various payloads, including coin miners and remote access trojans.

Key points:

  • CVE-2025-55182 has a CVSS score of 10.0 and affects both Windows and Linux environments.
  • Attackers exploit the vulnerability by sending crafted POST requests that lead to deserialization of malicious input.
  • Post-exploitation activities include deploying RATs, modifying system files, and harvesting cloud credentials.
  • Microsoft recommends immediate mitigation actions and manual assessments until full product coverage is available.
Sources: Microsoft Threat Intelligence Blog (1 articles)

Other Updates

๐Ÿšจ Intrusions
700Credit Data Breach Exposes Personal Information of 5.8 Million Customers
A data breach at 700Credit has compromised the personal information of 5.8 million vehicle dealership customers.

Key points:

  • The breach occurred after a threat actor accessed an API through a compromised integration partner.
  • 700Credit detected suspicious activity on October 25 and initiated an investigation.
  • Exposed data includes full names, addresses, dates of birth, and Social Security Numbers.
  • 700Credit is offering affected individuals a year of free identity protection and credit monitoring.
  • No ransomware group has claimed responsibility for the attack.
Sources: Bleeping Computer (1 articles)
๐Ÿ’ฃ Exploits
Research Reveals Critical Vulnerabilities in Vehicle Modem Security
Vulnerabilities in the Unisoc UIS7862A modem could lead to remote code execution in vehicles.

Key points:

  • The Unisoc UIS7862A modem, found in many modern vehicles, was assessed for security flaws.
  • A stack-based buffer overflow vulnerability (CVE-2024-39432) was identified, enabling remote code execution.
  • Exploiting the modem can lead to full compromise of the System-on-Chip (SoC) and access to the application processor.
  • The research highlights the risks associated with the integration of IoT devices in vehicles.
Sources: Securelist (1 articles)
๐Ÿšจ Intrusions
SoundCloud Confirms Data Breach Affecting 28 Million Users
SoundCloud's breach impacts 28 million users, with ShinyHunters allegedly behind the attack.

Key points:

  • SoundCloud experienced a security breach that allowed unauthorized access to user data.
  • The breach affected around 20% of its user base, equating to approximately 28 million accounts.
  • No sensitive data, such as financial or password information, was accessed according to SoundCloud.
  • The incident caused VPN connectivity issues and subsequent denial-of-service attacks on the platform.
  • SoundCloud is working with cybersecurity experts to enhance its security measures.
Sources: Bleeping Computer (1 articles)
๐Ÿ’ฃ Exploits
JumpCloud Remote Assist Vulnerability Allows Privilege Escalation and System Takeover
JumpCloud Remote Assist vulnerability could lead to system takeover via privilege escalation.

Key points:

  • The vulnerability has a CVSS score of 8.5 and can be exploited during the removal or update of the JumpCloud Agent.
  • Attackers can leverage symbolic links and mount-point redirections to manipulate privileged operations.
  • Exploitation could lead to writing arbitrary data to critical system files, causing system crashes or unauthorized code execution.
  • JumpCloud has released a patch in version 0.317.0; organizations are urged to update immediately.
  • Security assessments should ensure no privileged processes interact with user-writable directories without proper ACLs.
Sources: SecurityWeek (1 articles)
๐Ÿšจ Intrusions
Amazon CISO Links GRU to Ongoing Cyber Attacks on Energy Sector
Russia's GRU has been linked to sustained cyber attacks on Western energy infrastructure since 2021.

Key points:

  • The GRU's campaign focuses on Western critical infrastructure, particularly in the energy sector.
  • Attackers exploit misconfigured devices and known vulnerabilities, including CVE-2022-26318 and CVE-2023-27532.
  • Amazon has been actively disrupting these operations and notifying affected customers.
  • Credential-replay attacks are a significant tactic, although direct credential theft has not been observed.
  • The campaign reflects a shift towards exploiting misconfigurations rather than high-profile vulnerabilities.
Sources: The Register Security (1 articles)
๐Ÿšจ Intrusions
Ink Dragon Espionage Group Targets Global Infrastructure with Stealthy Relay Network
Ink Dragon employs a relay network for stealthy intrusions into government and telecom sectors worldwide.

Key points:

  • Ink Dragon, also known as CL-STA-0049, has targeted government and telecom sectors since early 2023.
  • The group converts compromised servers into a relay network, enhancing their operational stealth.
  • Initial access is often gained through ASP.NET ViewState deserialization or ToolShell vulnerabilities.
  • The group utilizes a new variant of the FinalDraft backdoor for command-and-control operations.
  • Their tactics reflect a mature development model, allowing for consistent operational effectiveness.
Sources: Check Point Research (1 articles)

Read More by Category

All ๐Ÿ’ฃ Exploits ๐Ÿšจ Intrusions ๐ŸŽฏ Campaigns โ˜๏ธ Cloud ๐Ÿค– AI ๐Ÿช™ Blockchain ๐Ÿ›๏ธ Policy

Additional Signals