Mate says "how can you walk around in full leather and never get any comments?"

Me "cos I look like a nasty piece of work who could really mess you up"

Fedi - if you ever see me in the street, please chat - I'm actually very friendly. Remember looks are very deceiving.

#leather #piercings #baldguysaresexy #baldy #baldguy #silverfox #scarylooking

Alright team, it's been a pretty packed 24 hours in the cyber world! We've got a mix of significant breaches, an actively exploited vulnerability making waves, new insights into nation-state and cybercrime tradecraft, and some interesting discussions around AI security and regulation. Let's dive in:

Recent Cyber Attacks and Breaches ⚠️

Coinbase Insider Threat & Fraud 💸
- An ex-Coinbase customer service agent in India has been arrested for allegedly selling customer data to criminals, leading to social engineering scams and an attempted $20 million extortion against Coinbase.
- The stolen data included names, addresses, phone numbers, emails, IDs, and bank info for nearly 70,000 customers, though no 2FA codes or private keys were compromised.
- This highlights the critical risk of insider threats, especially in outsourced customer service operations, and the ongoing challenge of social engineering attacks targeting crypto users.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/12/29/indian_cops_cuff_coinbase_exrep/

Coupang Data Breach & Compensation 🛍️
- South Korean retail giant Coupang is set to distribute $1.17 billion in compensation to 33.7 million customers affected by a data breach discovered in November.
- The breach, one of South Korea's largest, was traced to a 43-year-old Chinese former IT employee who retained system access after leaving the company, accessing 33 million accounts and retaining data from about 3,000.
- While the company claims the data was not transferred or further misused, the incident underscores the severe financial and reputational costs of insider threats and poor identity and access management.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/coupang-to-split-117-billion-among-337-million-data-breach-victims/

Korean Telco Femtocell Security Failure 📞
- Korea Telecom (KT) deployed thousands of femtocells with critical security flaws, including shared certificates, no root passwords, plaintext keys, and enabled SSH, leading to micropayment fraud and potential customer communication snooping.
- Attackers cloned femtocells, enabling them to read SMS messages and call logs, with one fake femtocell used for ten months, and a large gang involved in "war-driving" to find more phones.
- This incident exposes severe vulnerabilities in critical infrastructure, suggesting that the $169,000 in micropayment fraud might be a smokescreen for larger-scale surveillance, with one key even linked to a military base.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/12/30/kt_telecom_femtocell_security_fail/

Cybersecurity Experts Plead Guilty to BlackCat Ransomware Attacks 🚨
- Two former cybersecurity incident response professionals, Ryan Goldberg (Sygnia) and Kevin Martin (DigitalMint), have pleaded guilty to conspiring to obstruct commerce by extortion using BlackCat (ALPHV) ransomware.
- They leveraged their expertise to breach multiple US organisations, demanding ransoms up to $10 million and receiving $1.27 million from one victim, with 20% going to ALPHV administrators.
- This shocking case highlights the severe risk of insider threats within the cybersecurity industry itself and the importance of due diligence when engaging third-party incident response firms.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/us-cybersecurity-experts-plead-guilty-to-blackcat-alphv-ransomware-attacks/
🗞️ The Record | https://therecord.media/ransomware-responders-guilty-plea-using-alphv-blackcat-us-attacks

European Space Agency Confirms External Server Breach 🛰️
- The European Space Agency (ESA) has confirmed a breach of "external servers" containing unclassified information related to collaborative engineering activities, following claims by a threat actor on BreachForums.
- The attackers claim to have stolen over 200GB of data, including source code, CI/CD pipelines, API tokens, and hardcoded credentials, after accessing ESA's JIRA and Bitbucket servers for a week.
- While ESA states the impact is limited to a "very small number of external servers" and unclassified data, the nature of the stolen data (source code, API tokens) suggests potential for further compromise or intellectual property theft.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/european-space-agency-confirms-breach-of-external-servers/

Vulnerabilities Under Active Exploitation 🛡️

MongoBleed (CVE-2025-14847) Under Active Exploitation ⚠️
- A high-severity information-disclosure vulnerability, CVE-2025-14847 (dubbed "MongoBleed"), affecting many default MongoDB versions, is now under active exploitation in the wild.
- The flaw, stemming from mismatched length fields in zlib-compressed protocol headers, allows unauthenticated attackers to leak server memory, potentially exposing sensitive data like credentials, API keys, and PII.
- CISA has added MongoBleed to its Known Exploited Vulnerabilities Catalog, ordering federal agencies to patch by January 19, 2026, with estimates of 74,000 to 87,000 internet-exposed vulnerable instances globally. If immediate patching isn't possible, disabling zlib compression is advised.
🤫 CyberScoop | https://cyberscoop.com/mongobleed-vulnerability-mongodb-exploitation/
🗞️ The Record | https://therecord.media/us-australia-bug-exploitation
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/cisa-orders-federal-agencies-to-patch-mongobleed-flaw-actively-exploited-in-attacks/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/12/30/mongodb_vuln_exploited_cve_2025_14847/

New Threat Research and Tradecraft 🔬

Mustang Panda Uses Kernel-Mode Rootkit for ToneShell Backdoor 🐼
- The Chinese state-sponsored group Mustang Panda (aka HoneyMyte or Bronze President) is deploying a new variant of its ToneShell backdoor using a previously undocumented kernel-mode rootkit driver.
- This rootkit, signed with a stolen or leaked certificate, registers as a mini-filter driver to evade user-mode monitoring, protect its files and processes, and interfere with Microsoft Defender, giving it high stealth and persistence.
- The evolved TTPs, including dynamic API resolution and network traffic obfuscation, highlight Mustang Panda's increasing sophistication in targeting government organisations in Southeast and East Asia, making memory forensics crucial for detection.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/chinese-state-hackers-use-rootkit-to-hide-toneshell-malware-activity/
📰 The Hacker News | https://thehackernews.com/2025/12/mustang-panda-uses-signed-kernel-driver.html

Silver Fox Targets India with ValleyRAT Malware 🦊
- The Chinese cybercrime group Silver Fox (aka SwimSnake) is now targeting Indian users with tax-themed phishing emails to distribute its modular ValleyRAT (Winos 4.0) remote access trojan.
- The sophisticated kill chain involves DLL hijacking via a legitimate executable (Thunder) and a Donut loader, performing anti-analysis checks before injecting ValleyRAT into explorer.exe.
- Silver Fox also uses SEO poisoning and fake application sites (e.g., Microsoft Teams, Signal) to spread ValleyRAT globally, demonstrating a multi-pronged approach for espionage, financial gain, and intelligence collection.
📰 The Hacker News | https://thehackernews.com/2025/12/silver-fox-targets-indian-users-with-tax-themed-emails-delivering-valleyrat-malware/

Zoom Stealer Browser Extensions Harvest Corporate Meeting Intelligence 🕵️‍♀️
- A campaign dubbed "Zoom Stealer," attributed to the China-linked threat actor DarkSpectre, is affecting 2.2 million Chrome, Firefox, and Edge users through 18 malicious browser extensions.
- These extensions, some functional as video downloaders or recorders, covertly collect sensitive meeting-related data (URLs, IDs, topics, embedded passwords, speaker info) from 28 video-conferencing platforms.
- The exfiltrated data, streamed in real-time, is likely used for corporate espionage, sales intelligence, and large-scale social engineering or impersonation operations, underscoring the need for careful extension permission review.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/

Threat Landscape Commentary 🗣️

OpenAI: Prompt Injection May Never Be 'Solved' for Browser Agents 🤖
- OpenAI warns that prompt injection is a central security risk for AI browser agents like ChatGPT Atlas, which operate within a web browser and can carry out tasks for users.
- Internal red-teaming uncovered new complex prompt-injection attacks, leading to a security update with an adversarially trained model and strengthened safeguards.
- The company acknowledges that prompt injection may never be fully mitigated, advising a focus on risk reduction and limiting impact, as content designed to persuade humans can now command AI agents.
🤫 CyberScoop | https://cyberscoop.com/openai-chatgpt-atlas-prompt-injection-browser-agent-security-update-head-of-preparedness/

Regulatory Issues 🏛️

Fragmented AI Regulation Poses Challenges ⚖️
- The rapid, uncoordinated expansion of state-level AI regulations in the US is creating a "patchwork regulatory landscape" that hinders responsible AI development and security.
- Conflicting definitions, compliance, and enforcement approaches across states disproportionately burden small and midsize companies, stifling innovation and allowing larger firms to gravitate towards less stringent rules.
- A unified federal framework is urgently needed to establish clear expectations for transparency, accountability, and responsible innovation, ensuring consistent safeguards and a more secure AI ecosystem.
🤫 CyberScoop | https://cyberscoop.com/ai-regulation-unified-federal-standards-needed-op-ed/

Sponsored Content 📈

Integrating AI into Modern SOC Workflows 📊
- Many SOCs struggle to operationalise AI, often treating it as a shortcut or applying it to ill-defined problems, with 40% using AI/ML tools informally and 42% without customisation.
- AI can reliably enhance SOC capabilities in detection engineering (for narrow, well-defined tasks), threat hunting (for exploration and pattern comparison), code development (for scaffolding), automation (for workflow drafting), and reporting (for standardisation and clarity).
- Successful AI adoption requires clear expectations, ongoing validation, and human accountability, with teams acting as "takers," "shapers," or "makers" to integrate AI effectively into existing workflows.
📰 The Hacker News | https://thehackernews.com/2025/12/how-to-integrate-ai-into-modern-soc.html

#CyberSecurity #ThreatIntelligence #Ransomware #NationState #APT #ZeroDay #Vulnerability #MongoBleed #AI #DataPrivacy #InfoSec #CyberAttack #Malware #IncidentResponse #MustangPanda #SilverFox #DarkSpectre

Some fresh (2025-12-18) #silverfox #valleyrat

https://app.any.run/tasks/5f8778b4-7a5a-42fc-b814-4951c356c274

It's just me.

I was an odd looking fella until my mid 40's and then the silver fox happened and I started stretching out and adding to my piercings.

It's a very different look, but I certainly get remembered well for it!

The leather trousers? Yeah that's just a me thing. The missus loves me in them.

#piercings #whitebeard #whitehair #silverfox #pierced #leather #leatherpants

Trimmed my beard. Feeling tidy.

Yes I am wearing The Nightmare Before Christmas pyjamas.

#beard #freshtrim #beards #silverfox #saltandpepper

New analysis reveals a Silver Fox operation using a fake Microsoft Teams installer to deploy ValleyRAT in attacks targeting China-based users.

The campaign mixes SEO poisoning, Cyrillic false-flag elements, DLL injection, and BYOVD techniques - making detection and attribution more challenging.

Researchers also note a secondary chain using a trojanized Telegram installer.

What’s your perspective on increased abuse of trusted-app installers in malware campaigns?

Source: https://thehackernews.com/2025/12/silver-fox-uses-fake-microsoft-teams.html

💬 Join the discussion
👍 Boost & follow for more threat intelligence

#CyberSecurity #ThreatIntel #ValleyRAT #SilverFox #InfoSec #MalwareResearch #SecurityOps #CyberThreats

SILVERFOX Live @ Be Beach Dxb📍Saiana Brunch After Party | Afro House Mix

#SilverFox #AfroHouse #AfroTech #DJSet #LiveSet #BeBeach #SaianaBrunch #DubaiNightlife #FemaleDJ #HouseMusic

https://www.youtube.com/watch?v=1nCUeiHJsuc