Dec 17, 2025

Subject: Russia switches up tactics in cyberattacks on energy companies, Amazon

Sender: info@metacurity.comD

Key points:

– Russian government-backed hackers (linked to GRU) have shifted tactics against energy companies in North America, Europe, and the Middle East by targeting misconfigured or vulnerable internet routers and devices rather than zero-day exploits.

– Attacks focus on stealing legitimate employee credentials to establish long-term espionage access and move laterally within networks.

– Amazon detected these coordinated operations via persistent connections to vulnerable devices hosted on Amazon Web Services.

– Other notable incidents:

– ShinyHunters extortion on PornHub after Mixpanel breach exposing over 200 million records of premium user analytics data (search, watch history, emails, locations, etc.).

– Minnesota hacker admitted guilt for credential stuffing attack on DraftKings affecting ~1,600 accounts and theft of ~$600,000 in 2022.

– German Bundestag email outage caused by technical overload, though suspicions of cyberattack lingered amid US-Ukraine talks.

– Iranian Handala group is doxxing Israeli defense personnel and offering bounties, spreading threats to families.

– New malware-as-a-service called SantaStealer advertised, promising in-memory data theft with basic and premium subscriptions.

Additional notes:

– UK government delays decision on classifying China as major national security threat despite espionage concerns.

– New MI6 head warns of ongoing Russian cyber and hybrid warfare threats demanding whole-of-nation responses.

– Google shutting down Dark Web Report feature as it did not provide useful next steps to users.

– SoundCloud breach exposed 20% of users (~28 million), mostly emails and profiles; VPN access disruptions ongoing.

– US company Fieldtex disclosed ransomware attack affecting 238,615 individuals’ protected health info.

– Cloudflare reports 19% internet traffic growth in 2025; mobile traffic steady at 43%.

– US federal government launches US Tech Force to hire ~1,000 tech employees for modernization projects including AI.

– Bitdefender uncovers Agent Tesla malware spread via fake Leonardo DiCaprio movie torrent.

– Silent Push acquires Canadian firm Hyas to better detect proxy traffic sources.

Subject: It’s time for Zero Trust Everywhere + AIs

Sender: news@securityweek.comD

Summary:

– Zscaler promotes “Zero Trust Everywhere,” a security approach unifying protection across users, branches, and clouds to eliminate reliance on firewalls and reduce complexity and cost.

– Zero Trust Everywhere enables secure access for employees, contractors, suppliers, IoT/OT devices, and workload communications within/across clouds.

– The solution helps organizations defend against ransomware and AI-driven cyberattacks and facilitates modern workforce enablement and business acceleration.

– Related resources include guides and brochures on data security in remote work, AI model data protection, and Microsoft security integrations.

Subject: Venezuela blames the US for disruptive cyberattack on state-owned oil company | The CyberWire 12.16.25

Sender: editor@newsletter.n2k.comD

Highlights:

– Venezuelan state-owned oil firm PDVSA suffered a weekend ransomware attack that forced suspension of oil cargo deliveries. Venezuelan officials accuse the US and domestic collaborators. US has not commented.

– Iran-linked hacker group Handala continues doxxing Israeli academics, defense personnel with photos, contact details publicly posted; offers $30,000 bounties for air defense system engineers/technicians.

– Arctic Wolf reports active exploitation of critical Fortinet vulnerabilities (CVE-2025-59718 & CVE-2025-59719) affecting FortiOS, FortiProxy, FortiSwitchManager, and FortiWeb via SSO bypass, urging immediate patching.

Additional information:

– German Parliament email outage amidst US-Ukraine talks raised cyberattack suspicions but was due to technical overload.

– PornHub faces extortion after data theft from Mixpanel analytic breach.

Subject: SoundCloud Hacked, User Data Compromised

Sender: news@securityweek.comD

Summary:

– SoundCloud experienced a security breach affecting an ancillary service dashboard exposing user email addresses and profile info for approximately 20% of users (~28 million accounts).

– Breach caused recent outages and VPN connection problems, including 403 errors.

– Company activated incident response and confirms unauthorized access blocked, no ongoing platform risk, but VPN connectivity timeline remains unclear.

– Additional cybersecurity topics in the newsletter include third-party risk evolution with AI, boardroom cyber conversations, recent Patch releases, vulnerabilities, and emerging threats.

– Sponsored content promotes Zero Trust Everywhere and expert insights on evolving cyber risks.

Stay Well!