For years, a notorious hacker collective known as "The Com" has been wreaking havoc across the internet, breaching hundreds of companies for both malicious purposes and profit. Their latest target: user records for PornHub, the world's largest adult entertainment website.

A subgroup within The Com, ShinyHunters, appears to have stolen over 200 million records from PornHub premium users, totaling a whopping 94 gigabytes of data detailing users' browsing history on the site linked to their account information, including email addresses. According to a public statement from Pornhub, the data was likely taken from MixPanel, a data analytics firm the porn site used until 2021, suggesting the breached data may be up to four years old or older.

But what's even more alarming is that Pornhub has confirmed receiving extortion emails from the hackers over the past week. The question on many users' minds: will the site pay the ransom and keep their personal browsing history private?

VENZEUELA BLAMES THE US FOR A CYBERATTACK ON ITS STATE OIL FIRM

Petróleos de Venezuela (PDVSA), Venezuela's state oil company, claims a cyberattack disrupted its administrative systems shortly after the US military seized a tanker carrying nearly 2 million barrels of Venezuelan crude. In a public statement, PDVSA accused the US of orchestrating the intrusion as part of a broader campaign against the country's energy sector.

Reporting by Reuters suggests the attack may have been more damaging than PDVSA acknowledged, temporarily halting oil cargo deliveries and taking internal systems entirely offline. This episode follows an unusual escalation in Washington's ongoing standoff with Caracas, marked by dueling claims over sovereignty and security, as well as maritime strikes and seizures targeting vessels linked to alleged criminal networks operating under the protection of Venezuelan President Nicolás Maduro.

HACKERS HAVE EXPLOITED A CISCO ZERO-DAY SINCE NOVEMBER—AND STILL NO PATCH

Network "edge" devices, such as routers, VPNs, and firewalls, have become prime targets for hackers seeking to breach their targets. The news of an unpatched, critical security vulnerability in a range of Cisco products represents a feeding frenzy—and one that network intruders have quietly enjoyed for weeks.

Cisco's Talos research team revealed the zero-day in Cisco's Secure Email Gateway and Secure Email and Web Manager products using its AsyncOS software. The team noted that it had been exploited since late November by hackers who appear to be a Chinese state-sponsored group. Unfortunately, even now, Cisco doesn't seem to have a patch ready to fix the vulnerability.

A Cisco advisory notes that the vulnerability lies in the devices' "spam quarantine" feature, which isn't exposed on the internet by default and can be taken offline as a mitigation measure until a patch is available. Cisco strongly urges customers to follow guidance in the advisory to assess any exposure and mitigate risk.

TWO CYBERSECURITY FIRM STAFFERS PLEAD GUILTY TO RANSOMWARE ATTACKS

Two men who worked for cybersecurity companies Sygnia Consulting and DigitalMint have now pleaded guilty to hacking charges after launching their own ransomware campaign that extracted a million dollars from a Florida medical device company. Ryan Clifford Goldberg, an incident responder at Israeli firm Sygnia, and Kevin Tyler Martin, a ransomware negotiator at US-based DigitalMint, are among those involved in the scheme.