InfoSec News 16DEC2025
General
- SoundCloud is blocking VPN users (with a 403 Forbidden message), and has been for days, but still no fix. Looks as though the block is coming from AWS CloudFront configuration, potentially through geo-restrictions.
- This could cause some angst - a large 'adult content' provider was caught in the Mixpanel breach last month. Whilst the data is apparently old (2021 and earlier), the information contained is rather sensitive.
Extortion demands are claiming to originate from ShinyHunters.
This data includes ... member's email address, activity type, location, video URL, video name, keywords associated with the video, and the time the event occurred.
Activity types seen by BleepingComputer include whether the ... subscriber watched or downloaded a video or viewed a channel. However, ShinyHunters also said the events include search histories.
- More great Microsoft quality control - Message Queuing (MSMQ) fails if you follow a good least-privilege security model, recent changes mean you need to be running as Administrator to write to the required directory.
They've also managed to break some VPN connectivity as well, when using ghe Linux subsystem (WSL) - Microsoft is finally getting rid of the RC4 cipher from Windows, in 2026 (hopefully). It's known to be weak for decades (even before its introduction in Windows 2000), and made offline brute-force attacks against Kerberos tickets possible.
- Update on React2Shell - as with past vulnerabilities like this, Google's Threat Intelligence Group is seeing large-scale exploitation from china-aligned threat groups.
- Update on the Jaguar Land Rover (JLR) attack earlier this year - it's been confirmed that data on employees and contractor was stolen.
Geo-Politics
- [UK] MI6 (Foreign Intelligence) head Blaise Metreweli warns of Russia's increasing attacks on the west.
“Russia is testing us in the grey zone with tactics that are just below the threshold of war” and warned the Kremlin’s “attempts to bully, fearmonger and manipulate” were affecting everyone.
“I’m talking about cyberattacks on critical infrastructure, drones buzzing airports and bases, aggressive activity in our seas — above and below the waves — state-sponsored arson and sabotage, and propaganda and influence operations that crack open and exploit fractures within societies.”
- [US] Starlink concerns over chinese satellite launch coming very close to a Starlink satellite
Privacy
- [DK] Denmark has raised the prospect of banning VPN's to blocked sites and illegal (streaming) media. Unclear how they'd technically achieve this, without a blanket ban. Otherwise, it's just a way of adding punishment to already illegal acts.
- [US] Texas is suing Hisense, LG, Samsung, Sony and TCL for using Automated Content Recognition (ACR) to "capture individuals' viewing habits in real time". (Yes, it's as creepy as it sounds)
“When families buy a television, they don’t expect it to spy on them,” the lawsuits say. “They don’t expect their viewing habits [to be] packaged and auctioned to advertisers
ACR can collect data on things like watched YouTube videos, security or doorbell camera streams, and video or photos sent via Apple AirPlay or Google Cast, the lawsuits say. It can collect data from devices like personal laptops that are connected to TVs by HDMI.
ACR can capture data even when a TV is offline, and can be sent to the company when the TV is reconnected to the internet, including for firmware updates, the lawsuits say.