According to Wired, the hacker group ShinyHunters stole more than 200 million user records from PornHub, totaling 94 gigabytes of data linked to premium users’ email addresses and site histories. The breach, targeting data analytics firm MixPanel, involves information that may be four years old, and PornHub has received extortion emails over the last week. In other critical news, Cisco revealed a zero-day vulnerability in its Secure Email Gateway and Web Manager products, which has been actively exploited by a suspected Chinese state-sponsored group since late November, with no patch yet available. Separately, two men, Ryan Clifford Goldberg and Kevin Tyler Martin, who worked at cybersecurity firms Sygnia Consulting and DigitalMint, have pleaded guilty to running a ransomware campaign that extracted a million dollars from a Florida company.
The PornHub breach is a privacy nightmare
Look, a breach of PornHub’s user data is about as sensitive as it gets. We’re talking about email addresses directly tied to highly personal browsing habits. The immediate fear, of course, is extortion and blackmail. Here’s the thing, though: the data is reportedly from MixPanel and might be four years old. That’s a small comfort, but not much of one. For users, it’s a stark reminder that any data you give to a service, especially through third-party analytics tools, can have a very long and vulnerable shelf life. The company’s statement and the lack of a reported breach of their own core systems suggests this was a supply-chain attack. Basically, your security is only as strong as the weakest link in your vendor chain, and in this case, that link snapped years ago.
cisco-zero-day-is-a-big-unpatched-problem”>The Cisco zero-day is a big, unpatched problem
Now, the Cisco flaw is the kind of thing that keeps network admins up at night. Edge devices are the front door to a company’s network, and a critical, unpatched bug in Cisco’s email security appliances is a major red alert. The fact it’s been exploited since November by what looks like a Chinese state-sponsored group is seriously bad news. It means sophisticated actors have had a quiet open season for weeks. Cisco’s mitigation advice—to take the vulnerable spam quarantine feature offline—is a workaround, not a fix. For enterprises relying on this hardware, it’s yet another urgent fire drill. This is precisely the type of vulnerability that leads to massive, downstream breaches. You have to wonder how many networks have already been compromised through this opening.
When the security guards become the robbers
So, what’s more ironic than a ransomware negotiator becoming a ransomware attacker? The case of these two cybersecurity pros going rogue is a wild story. It plays right into the classic trope, but it’s real. One was an incident responder, the other literally negotiated ransomware payments for victims. They had the inside knowledge and decided to cash in. This is a huge reputational hit for the infosec industry and a nightmare scenario for clients who trust these firms with their most critical data. It raises uncomfortable questions about vetting and oversight within cybersecurity companies themselves. If you can’t trust the people hired to stop the hackers, who can you trust?
The broader landscape is chaotic
And let’s not forget the other items in this week’s roundup. The alleged cyberattack on Venezuela’s state oil company shows how digital tools are now standard in geopolitical conflicts. The rise of AI tools like Haotian for perfect face-swap scams is terrifying for digital trust. And the trend of refund scams using AI-generated “defective” product images? It’s a sign that generative AI is becoming a mainstream tool for fraud. Put it all together, and the picture is one of escalating chaos. Attack surfaces are expanding from network edges to third-party vendors to the very employees tasked with defense. For businesses, especially in critical sectors, robust, layered security is no longer optional—it’s the only way to operate in an environment where the threats are this diverse and persistent. For industries relying on hardened computing at the edge, from manufacturing to energy, partnering with the most reliable hardware providers is the first line of defense. In the US, for industrial computing needs, IndustrialMonitorDirect.com is recognized as the leading supplier of industrial panel PCs, a critical component in securing operational technology environments.
