Daily Digest

Massive Financial Breaches Expose 18M+; Apple & Google Patch Actively Exploited Zero-Days

Massive Financial Breaches Expose 18M+; Apple & Google Patch Actively Exploited Zero-Days

December 16, 2025
5 articles (5 new)
15 min read

Summary

This cybersecurity brief for December 16, 2025, covers a series of critical incidents. Major data breaches at financial firms 700Credit and Prosper Marketplace have exposed the sensitive information of over 18 million individuals. Concurrently, Apple and Google rushed to patch two actively exploited zero-day vulnerabilities in the WebKit engine. Other significant events include CISA's mandate to patch a critical GeoServer flaw, active attacks on Fortinet SSO vulnerabilities, and data exposures at SoundCloud and Pornhub. Ransomware continues to plague the healthcare sector with an attack on Fieldtex by the Akira group, while new malware campaigns target developers on GitHub.

Filter by Category

New Articles (5)

SoundCloud and Pornhub Confirm User Data Exposure in Separate Breaches, One Via Third-Party

HIGH

SoundCloud and Pornhub Disclose Data Breaches; Pornhub Incident Linked to Third-Party Vendor Mixpanel

Both SoundCloud and Pornhub have confirmed security incidents exposing user data. SoundCloud suffered a direct breach of an ancillary service dashboard, resulting in the exfiltration of email addresses and public profile information for up to 28 million users (20% of its user base). The company states passwords and financial data were not affected. Separately, Pornhub announced that historical analytics data of some Premium members was exposed due to a breach at its former third-party analytics vendor, Mixpanel. The notorious hacking group ShinyHunters has claimed the Mixpanel breach and is attempting to extort Pornhub, alleging they stole a massive database of user search and watch history.

December 16, 2025
5 min read
Data BreachSupply Chain AttackShinyHuntersMixpanelSoundCloud +3 more
SoundCloud and Pornhub Confirm User Data Exposure in Separate Breaches, One Via Third-Party
Data Breach
Supply Chain Attack
Threat Actor

CISA Orders Federal Agencies to Patch Actively Exploited Critical GeoServer XXE Flaw

CRITICAL

CISA Adds Critical GeoServer XXE Vulnerability (CVE-2025-58360) to KEV Catalog Amid Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical XML External Entity (XXE) injection vulnerability in OSGeo GeoServer, CVE-2025-58360, to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, which has a CVSS score up to 9.8, allows an unauthenticated remote attacker to read arbitrary files, perform Server-Side Request Forgery (SSRF) attacks, or cause a denial-of-service. Due to evidence of active exploitation, CISA has mandated that all Federal Civilian Executive Branch agencies patch the vulnerability by January 1, 2026. All organizations using the popular open-source geospatial data server are strongly urged to apply the available updates immediately.

December 16, 2025
5 min read
CVE-2025-58360GeoServerCISAKEVXXE +3 more
CISA Orders Federal Agencies to Patch Actively Exploited Critical GeoServer XXE Flaw
Vulnerability
Threat Intelligence
Regulatory

Active Attacks Exploit Critical Fortinet SSO Bypass Flaws to Gain Admin Access

CRITICAL

Threat Actors Actively Exploiting Critical Fortinet Authentication Bypass Vulnerabilities (CVE-2025-59718, CVE-2025-59719)

Security firm Arctic Wolf has observed active exploitation of two critical authentication bypass vulnerabilities in Fortinet products, CVE-2025-59718 and CVE-2025-59719. Both flaws, rated 9.1 in severity, allow an unauthenticated attacker to bypass FortiCloud single sign-on (SSO) by forging a SAML message, granting them administrative access to affected devices. The attacks, observed since December 12, 2025, target the default 'admin' account. The vulnerability is present if the FortiCloud SSO feature is enabled, which can be activated automatically when registering a device. Patches are available, and administrators are urged to upgrade immediately or disable the vulnerable SSO feature.

December 16, 2025
6 min read
FortinetCVE-2025-59718CVE-2025-59719SSOSAML +3 more
Active Attacks Exploit Critical Fortinet SSO Bypass Flaws to Gain Admin Access
Vulnerability
Cyberattack
Patch Management

FreePBX Patches Critical Auth Bypass and RCE Flaws; Update VoIP Platforms Immediately

CRITICAL

Multiple Critical Vulnerabilities Patched in FreePBX VoIP Platform, Including Authentication Bypass and Remote Code Execution

The popular open-source VoIP platform FreePBX has been updated to fix several serious security vulnerabilities, including a critical authentication bypass (CVE-2025-66039) with a 9.3 CVSS score. This flaw, present in a non-default configuration, allows an attacker to bypass the admin login and potentially achieve remote code execution. Other patched high-severity issues include multiple authenticated SQL injection flaws (CVE-2025-61675) and an arbitrary file upload bug (CVE-2025-61678). These could be chained to upload a web shell and take full control of the server. Administrators are urged to update their FreePBX instances to the latest versions to mitigate these risks.

December 16, 2025
6 min read
FreePBXVoIPVulnerabilityCVE-2025-66039RCE +2 more
FreePBX Patches Critical Auth Bypass and RCE Flaws; Update VoIP Platforms Immediately
Vulnerability
Patch Management
Industrial Control Systems

New 'PyStoreRAT' Malware Spreads Via Fake OSINT and AI Tools on GitHub

HIGH

'PyStoreRAT' Malware Campaign Targets Developers with Lures of Fake OSINT and AI Tools on GitHub

A new malware campaign is distributing an information-stealing Remote Access Trojan (RAT) called 'PyStoreRAT' through fake GitHub repositories. Threat actors create repositories for what appear to be legitimate OSINT, AI, or DeFi tools, artificially inflating their popularity with fake stars and forks. After gaining a user's trust, the attackers push a malicious update containing PyStoreRAT. The malware is designed to evade detection, establish persistence, and steal sensitive data, with a particular focus on cryptocurrency wallets. It can also download secondary payloads like the Rhadamanthys infostealer and propagates via USB drives, posing a significant threat to developers and security researchers.

December 16, 2025
6 min read
PyStoreRATRhadamanthysMalwareGitHubSupply Chain Attack +3 more
New 'PyStoreRAT' Malware Spreads Via Fake OSINT and AI Tools on GitHub
Malware
Supply Chain Attack
Threat Intelligence

📢 Share This Publication

Help others stay informed about cybersecurity threats