![Cybersecurity News | Daily Recap [16 Dec 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [16 Dec 2025]")
Daily Recap, Fortinet flaws are being actively exploited to bypass SAML/SSO and steal configurations, while the critical React2Shell (CVE-2025-55182) is used to deploy backdoors like KSwapDoor and ZnDoor in campaigns linked to China, and patched FreePBX vulnerabilities require urgent updates. The threat landscape also features SantaStealer and PyStoreRAT campaigns, massive data breaches affecting Prosper, 700Credit, SoundCloud, PornHub, Jaguar LandRover, and Askul, plus state-backed espionage by Sandworm (APT44) and Salt Typhoon, alongside privacy/regulation concerns and AI-enabled phishing and scams. #Fortinet #FortiGate #React2Shell #KSwapDoor #ZnDoor #FreePBX #SantaStealer #PyStoreRAT #Prosper #700Credit #SoundCloud #PornHub #JaguarLandRover #Askul #SaltTyphoon #Sandworm #MI6 #UrbanVPNProxy #GoogleDarkweb #Texas #Soverli #WSL
Vulnerabilities & Exploits
- Threat actors are actively exploiting recently patched Fortinet flaws to bypass SAML/SSO and steal configurations, urging immediate patching and access restrictions β Fortinet Flaws, FortiGate Attack
- The critical React2Shell (CVE-2025-55182) is being exploited to deploy backdoors like KSwapDoor and ZnDoor, with multiple China-linked groups observed in widespread campaigns β React2Shell Exploits, Google Findings, Google Links
- Critical FreePBX vulnerabilities including SQLi, file-upload and auth bypasses enabling RCE have been patched; users must update and apply mitigations β FreePBX Patch
Malware & Info Stealers
- New memory-resident info stealer SantaStealer targets browsers and crypto wallets and is being marketed as MaaS, raising concerns about future evolution β SantaStealer
- Researchers warn of PyStoreRAT, an AI-lured GitHub campaign that targets OSINT and security pros with evasive RAT loaders and supply-chain techniques β PyStoreRAT
Data Breaches & Extortion
- Multiple breaches at fintech firms exposed personal and financial data affecting nearly 20 million users across Prosper, 700Credit and related services, prompting investigations and identity protection offers β Prosper/700Credit, 20M Affected, 700Credit Report
- SoundCloud confirmed a breach exposing ~28 million usersβ emails/profile data and is facing extortion tied to ShinyHunters, with recent config changes also blocking VPN users (403 errors) β SoundCloud Breach, SoundCloud VPN
- PornHub was extorted after attackers stole premium-member activity via a Mixpanel data incident, exposing watch/search histories but not payment data β PornHub Extortion
- Automaker Jaguar Land Rover confirmed staff data theft from an August breach that caused production halts and multi-hundred-million-dollar losses to the company and wider economy β JLR Breach
- Japanese retailer Askul suffered a ransomware attack by RansomHouse that stole ~740k customer records and disrupted shipments, highlighting supply-chain risk β Askul Ransomware
- Researchers found an unsecured 16TB MongoDB exposing ~4.3 billion professional records (LinkedIn-style data), amplifying social-engineering risks β 4.3B Leak
State-Linked Espionage & Threats
- AWS attributes a years-long cyber-espionage campaign targeting Western energy infrastructure to Russia-linked Sandworm (APT44), which exploited misconfigured edge devices for persistent access β Sandworm Espionage
- SentinelLabs details how group Salt Typhoon (ex-students) breached over 80 global telecom providers to steal intelligence from lawful-intercept and operator systems β Salt Typhoon
- MI6βs chief warns hybrid threats from Russia β cyberattacks, propaganda and sabotage β are expanding and signals intent to increase pressure on adversaries across domains β MI6 Warning
Privacy, Tools & Regulation
- A featured Chrome extension (Urban VPN Proxy) was caught intercepting and exfiltrating millions of usersβ AI chatbot prompts and conversations, undermining promised privacy β UrbanVPN Extension
- Google will discontinue its dark-web monitoring report tool by Feb 2026, saying it needs more actionable features to protect user privacy and security β Google Darkweb
- Texas sued five smart-TV makers over undisclosed ACR tracking, alleging deceptive disclosures and illegal collection/sale of viewersβ data β Texas TV Suit
Phishing, Scams & AI Misuse
- Indiaβs CBI dismantled a large-scale phishing SMS factory that sent millions of fraud messages daily, disrupting infrastructure that enabled loan and investment scams β Phishing SMS
- 2025 phishing trends show a rise in omni-channel attacks (social media, malvertising, push) and advanced Phishing-as-a-Service tools, forcing changes to defensive strategies β Phishing Trends
- Security experts warn militant and extremist groups are experimenting with AI β amplifying risks from deepfakes to automated propaganda and potential cyber/biological threats β Militant AI
Industry Updates & Miscellaneous
- Swiss startup Soverli raised $2.6 million to build a sovereign smartphone OS that runs isolated systems alongside Android/iOS for improved resilience β Soverli Funding
- Recent Windows 11 updates disrupted VPN connectivity for WSL users by breaking virtual network ARP handling, affecting enterprise VPNs like Cisco Secure Client and OpenVPN β admins should review recent patches and workarounds β WSL VPN Bug