Blackmail of PornHub premium users, SantaStealer cryptocurrency drainers, and other cybersecurity events - ForkLog: cryptocurrencies, AI, singularity, the future

# Premium User Blackmail on PornHub, SantaStealer Cryptocurrency Drenner, and Other Cybersecurity Events

We have compiled the most important cybersecurity news of the week.

• Vulnerability in a JavaScript library was exploited to steal cryptocurrencies.
• Hackers threatened to reveal premium user data from Pornhub.
• Hackers promoted a new malware SantaStealer.
• Amazon warned of a large-scale covert cryptocurrency mining campaign.

Vulnerability in a JavaScript library was exploited to steal cryptocurrencies

Recently, there has been an increase in cases of malware loading to drain crypto wallets. It infiltrates websites through a vulnerability in a popular JavaScript library for creating user interfaces React, reports Cointelegraph.

On December 3, the React team announced that white-hat hacker Laklan Davidson discovered a vulnerability allowing remote code execution without authentication. The same day, an update was released.

According to the non-profit cybersecurity organization Security Alliance (SEAL), malicious actors are using this vulnerability to covertly add drainer code to cryptocurrency sites.

SEAL emphasized that not only Web3 protocols are at risk but all websites in general. Users are advised to exercise extreme caution when signing any transactions or permissions.

Hackers threatened to reveal premium user data from Pornhub

Users of the adult platform Pornhub were extorted by the hacking group ShinyHunters. This was reported by the company’s management.

The letter states that the platform was compromised due to a breach of a third-party analytics provider, Mixpanel. The incident occurred on November 8, 2025, after a spear-phishing attack.

According to BleepingComputer, Pornhub has not worked with Mixpanel since 2021, indicating the timing of the incident.

The contractor confirmed that the breach affected a “limited number” of clients, previously including OpenAI and CoinTracker.

In a comment to BleepingComputer, representatives stated they do not consider their system the source of the leak:

“We find no evidence that these data were stolen from Mixpanel during the November incident or otherwise. The last legitimate account access by a Pornhub parent company employee was in 2023.”

BleepingComputer learned that ShinyHunters began blackmailing Mixpanel clients last week, sending emails demanding ransom.

In an ultimatum sent to Pornhub, hackers claimed to have stolen 94 GB of data containing over 200 million records of personal inf