svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief December 16, 2025

Private VPN — just $1.2/mo

Askul Confirms Data Theft in RansomHouse Attack

Japanese e-commerce firm Askul confirmed 740k customer records were stolen in an October ransomware attack by RansomHouse. Attackers leveraged compromised credentials of an outsourced partner’s admin account lacking MFA, disabled EDR, and encrypted systems. Multiple ransomware variants were deployed simultaneously.
Impact: Data breach affecting business/individual customers, partners, and employees; operational disruptions continue.
Mitigation: Reset admin passwords, enforce MFA, isolate infected systems, and update EDR signatures.
Source: BleepingComputer

SantaStealer Malware Targets Browser Data and Crypto Wallets

A new MaaS stealer, SantaStealer, rebranded from BluelineStealer, is advertised on Telegram with Basic ($175/month) and Premium ($300/month) tiers. It steals browser data (passwords, cookies), crypto wallets, and documents, evading Chrome’s App-Bound Encryption. Samples analyzed show poor anti-analysis features.
Impact: Data theft from browsers, crypto wallets, and files; targets Windows users via phishing/pirated software.
Mitigation: Avoid unverified email attachments/links, monitor for suspicious PowerShell activity.
Source: BleepingComputer

PornHub Premium Members’ Activity Data Stolen via Mixpanel Breach

ShinyHunters extorted PornHub after stealing 94GB of historical analytics data (201M records) from Mixpanel. Data includes search/watch history, email addresses, and video metadata of Premium users. PornHub confirmed no passwords/payment details were exposed.
Impact: Sensitive user activity exposed; potential blackmail/phishing risks.
Mitigation: Monitor accounts for suspicious activity; avoid reusing credentials.
Source: BleepingComputer

700Credit API Breach Exposes 5.8M Dealer Customers

A compromised API via a third-party partner exposed names, SSNs, addresses, and DOBs of 5.8M individuals. Attackers exploited May–October 2025 data before 700Credit terminated the API.
Impact: High-risk identity theft; targeted automotive/finance sector.
Mitigation: Free credit monitoring offered; enforce API request validation.
Source: SecurityWeek

React2Shell Exploited by 5 Chinese APTs for Malware Delivery

Google linked UNC6600, UNC6586, UNC6588, UNC6603, and UNC6595 to exploiting CVE-2025-55182 (React RCE). Attacks delivered MINOCAT, SNOWLIGHT, COMPOOD, HISONIC, and ANGRYREBEL.LINUX. Shadowserver tracks 116k vulnerable IPs, primarily in the US.
Impact: Unauthenticated RCE via HTTP requests; widespread malware deployment.
Mitigation: Patch React/Next.js; monitor for suspicious HTTP traffic.
Source: SecurityWeek

FreePBX Authentication Bypass and RCE Flaws Patched

Critical flaws in FreePBX included CVE-2025-66039 (AUTHTYPE bypass), CVE-2025-61675 (SQLi), and CVE-2025-61678 (file upload to RCE). Default configs are safe, but webserver AUTHTYPE is risky.
Impact: Unauthenticated admin access; full system compromise.
Mitigation: Update to FreePBX 16.0.44/17.0.23; disable webserver AUTHTYPE.
Source: TheHackerNews

Urban VPN Chrome Extension Secretly Harvests AI Chat Data

The “Featured” Urban VPN extension (6M users) intercepted ChatGPT, Claude, and Gemini chats via injected JavaScript. Data was sent to analytics.urban-vpn[.]com. Parent company BiScience previously collected browsing history via SDK.
Impact: Sensitive AI prompts/responses exfiltrated; potential privacy violations.
Mitigation: Uninstall Urban VPN/related extensions; audit third-party SDKs.
Source: TheHackerNews

VolkLocker Ransomware Master Key Exposed

The pro-Russian CyberVolk group’s VolkLocker RaaS had a critical flaw: hard-coded AES-256 master keys saved in %TEMP%. The Go-based ransomware targets Windows/Linux, encrypts files (.locked/.cvolk), and wipes data after 48 hours.
Impact: Free decryption possible; initial test builds were flawed.
Mitigation: Check for system_backup.key; block Telegram C2 communications.
Source: TheHackerNews

French Interior Ministry Email Servers Hacked

Attackers breached French Interior Ministry email servers, accessing documents. Origin unknown (foreign/activist/cybercrime). The ministry oversees police/internal security.
Impact: Potential data theft; operational disruption.
Mitigation: Tighten access controls; investigate spear-phishing origins.
Source: BleepingComputer

Phantom Stealer Targets Russian Finance via ISO Phishing

Operation MoneyMount-ISO used bank transfer lures to deliver Phantom Stealer via malicious ISO files. The malware steals crypto wallets, browser data, and credentials, exfiltrating via Telegram/Discord.
Impact: Financial sector targeted; session/cookie theft risks.
Mitigation: Block ISO attachments; monitor for CreativeAI.dll executions.
Source: TheHackerNews

Apple Patches WebKit Zero-Days Linked to Chrome Flaw

CVE-2025-14174 (memory corruption) and CVE-2025-43529 (use-after-free) in WebKit were exploited in targeted iOS attacks. CVE-2025-14174 also affects Chrome’s ANGLE library (patched Dec 5).
Impact: Arbitrary code execution via malicious web content.
Mitigation: Update iOS/macOS/Safari; patch Chromium-based browsers.
Source: SecurityWeek

Share this brief: https://svo.bz/lmwE

If you want to support us, you can donate here: Donate