- \n
- A vulnerability in a JavaScript library was used to steal cryptocurrency.<\/li>\n
- Hackers threatened to expose data on Pornhub premium users.<\/li>\n
- Hackers promoted the new SantaStealer malware.<\/li>\n
- Amazon warned about a large-scale clandestine cryptomining campaign.<\/li>\n<\/ul>\n<\/div>\n
A JavaScript library vulnerability used to steal cryptocurrency<\/h2>\n
Instances of loading malware to drain crypto wallets have increased of late. It infiltrates websites via a flaw in React, a popular JavaScript library for building user interfaces, Cointelegraph<\/a> reported.<\/p>\n
On December 3 the React team said<\/a> white-hat hacker Lachlan Davidson had found a vulnerability enabling unauthenticated remote code execution. A patch was released the same day.<\/p>\n
According to the non-profit cybersecurity organisation Security Alliance (SEAL<\/a>), attackers are exploiting this flaw to surreptitiously add wallet-drainer code to cryptocurrency sites.<\/p>\n
Web3<\/a> protocols are not the only targets, SEAL stressed<\/a>; all websites are at risk. Users were urged to exercise extreme caution when signing any transactions or approvals.<\/p>\n
Hackers threatened to expose data on Pornhub premium users<\/h2>\n
Users of the adult platform Pornhub faced extortion from the ShinyHunters group, the company\u2019s management said<\/a>.<\/p>\n
The letter states the platform was impacted by a breach at third-party analytics provider Mixpanel. The incident occurred on November 8, 2025 following smishing<\/span>.<\/p>\n
According to BleepingComputer<\/a>, Pornhub has not worked with Mixpanel since 2021, which helps date the incident.<\/p>\n
The contractor confirmed the breach affected \u201ca limited number\u201d of clients, among whom OpenAI and CoinTracker had previously been named.<\/p>\n
In comments to BleepingComputer, representatives said they did not consider their system the source of the leak:<\/p>\n
\n
\u201cWe find no evidence that this data was stolen from Mixpanel during the November incident or otherwise. The last time this information was accessed was by a legitimate account of an employee of Pornhub\u2019s parent company in 2023.\u201d<\/em><\/p>\n<\/blockquote>\n
BleepingComputer learned ShinyHunters began blackmailing Mixpanel\u2019s clients last week, sending emails with ransom demands.<\/p>\n
In an ultimatum sent to Pornhub, the hackers claimed to have stolen 94GB of data containing more than 200m records of personal information.<\/p>\n
The group later confirmed to the outlet that the database includes 201,211,943 premium-subscriber accounts.<\/p>\n
Hackers provided the publication with a sample of the stolen data containing sensitive information:<\/p>\n
- \n
- user email address;<\/li>\n
- type of activity (viewing, downloading, visiting a channel);<\/li>\n
- location;<\/li>\n
- video URL and title;<\/li>\n
- keywords associated with the video;<\/li>\n
- exact event timestamp.<\/li>\n<\/ul>\n
Hackers tout new SantaStealer malware<\/h2>\n
The new data-stealing malware SantaStealer is being actively advertised on Telegram and underground forums. It is distributed under a CaaS<\/a> model, researchers<\/a> at Rapid7 said.<\/p>\n
According to them, SantaStealer is a rebrand of the BluelineStealer malware. It operates solely in memory to evade antivirus detection.<\/p>\n
The developer is running an active marketing campaign ahead of a full launch slated for year-end.<\/p>\n
![\"image\"](\"https:\/\/forklog.com\/wp-content\/uploads\/img-f53ecf9a46bc5337-1389616914247309-1024x683.png\")
Source: Rapid7.<\/figcaption><\/figure>\n The monthly CaaS subscription is offered in two tiers:<\/p>\n
- \n
- basic \u2014 $175;<\/li>\n
- premium \u2014 $300.<\/li>\n<\/ul>\n
Rapid7 specialists analysed several SantaStealer samples and gained access to the affiliate interface. Despite numerous data-theft mechanisms, the malware falls short of the advertised detection-evasion capabilities.<\/p>\n
The research shows the stealer\u2019s control panel is user-friendly, allowing \u201cclients\u201d to configure builds\u2014from full-scale theft to compact, targeted payloads.<\/p>\n
SantaStealer uses 14 separate data-collection modules, each running in its own thread. Stolen data is written to memory, archived into a ZIP file and exfiltrated in 10MB chunks to the command server.<\/p>\n
According to the researchers, SantaStealer can be used to steal:<\/p>\n
- \n
- browser passwords, cookies, browsing history and saved payment cards;<\/li>\n
- data from Telegram, Discord and Steam;<\/li>\n
- data from Web3 applications and crypto-wallet extensions;<\/li>\n
- documents from a device;<\/li>\n
- screenshots of a user\u2019s desktop.<\/li>\n<\/ul>\n
Amazon warned of a large-scale clandestine cryptomining campaign<\/h2>\n
Amazon GuardDuty security specialists discovered<\/a> a covert cryptomining campaign targeting Elastic Compute Cloud (EC2) and Elastic Container Service (ECS), which run virtual machines and application containers.<\/p>\n
By deploying cryptominers on the infrastructure, attackers profit at the expense of AWS<\/span> customers and Amazon itself, which shoulder the compute costs.<\/p>\n
The attack used an image from Docker<\/span> Hub created in late October, which had more than 100,000 downloads at the time of discovery. Amazon emphasised that the attackers did not compromise the software itself but accessed customer accounts using stolen credentials.<\/p>\n
![\"image\"](\"https:\/\/forklog.com\/wp-content\/uploads\/img-e115b30c2a26ab32-1389614946817165.webp\")
Source: Amazon.<\/figcaption><\/figure>\n According to the report, a distinguishing feature of this campaign was a setting that prevented administrators from remotely shutting down machines. This forced security teams to first disable the protection manually and only then stop the mining.<\/p>\n
Amazon warned affected customers to rotate compromised credentials. The malicious image was removed from Docker Hub, though specialists cautioned it could be reuploaded under different accounts or names.<\/p>\n
Investor loses savings in AI-enabled romance scam<\/h2>\n
A bitcoin investor lost his funds after falling victim to a \u201cpig-butchering\u201d scam, according to The Bitcoin Adviser consultant Terence Michael.<\/p>\n
\n
I have a Bitcoin client
who just lost all his Bitcoin.<\/p>\nHe isn’t wealthy.
He finally made it to 1 BTC.
I celebrated with him over the phone.<\/p>\nBut within days of him finally leaving Coinbase to setup a distributed multi-key security and inheritance protocol, he was approached by\u2026 pic.twitter.com\/H1FK6Mbbyi<\/a><\/p>\n
\u2014 Terence Michael (@ProofOfMoney) December 14, 2025<\/a><\/p><\/blockquote>\n