Surge in pig butchering and consumer threat scams

We are seeing a surge in holiday-themed threats, including a massive "mega-leak" of 16 billion credentials and a wave of over 30,000 Christmas-themed phishing emails. Major incidents reported this week include a significant data breach at 700Credit exposing 5.6 million Social Security numbers and a widespread "ToolShell" exploitation targeting SharePoint servers. Meanwhile, the SEC has filed charges against several crypto firms involved in a $14 million investment scam, underscoring the industrial scale of modern online fraud.

AuthorAuthorAuthor

Daniel Masterson, Ai Courtrie Buson & Bard Gee
December 26, 2025

for the week December 21, 2025, 103rd edition

Your quick weekend update and reminder.
☝️ TWA
Pet Door GIF

Beware of pig butchering. Be extremely cautious of unsolicited "wrong number" texts, strangers on dating apps who quickly steer the conversation toward lucrative cryptocurrency or investment opportunities, and any platform that shows massive profits but demands extra fees before you can withdraw your money.

🤷‍♀️ What now?: Be vigilant. Don’t let them think you’re gullible.

Tools: You are the most effective defense against any cyber and technology attackers.

This is an advertisement.

This is an advertisement.

This is an advertisement.

about this edition and Inside Hexagon

You may observe that Headline Highlights is notably concise this week. This is likely attributed to the nature of the news during this Christmas week. This is also an opportune moment to provide a glimpse into the new year. But nothing has slowed down. Our warning for this edition is the most dire yet. More and more people are falling prey to pig butchering.

Stay vigilant.

We are looking forward to the new year as we solidify our plans to launch new programs for the general public as well as scaling the operations of Hexagon Center. We hope you’ll volunteer or join us in this great endeavor.

This is an advertisement.

HOUSEKEEPING

Glossary/Legend:

  • Pig butchering - a predatory online scam where fraudsters spend weeks or months building a fake romantic or friendly relationship to "fatten up" a victim’s trust before "slaughtering" them for their life savings.

  • Liar's dividend - a phenomenon where the proliferation of fake content, such as AI-generated deepfakes, makes it easier for people to dismiss genuine information as false. This allows individuals, especially public figures, to escape scrutiny by claiming that real incriminating evidence, like a video of them, is a fake. The "dividend" is the benefit this gives to the liar, as the public's mistrust of all content undermines the value of truthful, verifiable information.

  • Holistic security - a comprehensive strategy that integrates various protection layers—physical, digital, psycho-social, and organizational—to safeguard individuals, communities, or systems, recognizing that true security involves overall well-being, not just isolated technical defenses.

  • Personal Identifier - A unique word or phrase shared exclusively with an individual or a group, serving as a means of identification and affirmation within the established relationship. It is recommended that 2 or more Personal Identifiers be established per person.

  • Malware (short for malicious software) - refers to any intrusive software developed by cybercriminals (often called hackers) to steal data and damage or destroy computers and computer systems.

  • Ransomware - A type of malware that locks or encrypts a victim's files and demands a ransom payment to unlock and decrypt them. Ransomware can infect a variety of devices, including computers, smartphones, printers, and more.

Spread cybersecurity culture

Do you have any suggestions on how we can further share this newsletter? Tell your friends and family about us by sharing with them the Hexagon Center official website:
View archives at hxweekly.beehiiv.com

Even though we aim to provide you the most current and critical information to keep you safe, threat actors work 24/7 and this newsletter publishes only once a week. Even though we are available via a hotline, it is crucial that you stay up to date via other sources as well to be informed on how you may be at risk.

You may reply to this newsletter or email us at
[email protected]

Send us any questions or things you want to talk about. Please share some fun facts with us. We welcome feedback and suggestions.

Hexagon Center is formed as a nonprofit corporation in California for public benefit,
and is tax-exempt under section 501(c)(3) of the Internal Revenue Code.

DISCLAIMER

Cybersecurity is an ever-changing field, and threats may evolve. While Hexagon Center strives to provide accurate and timely information, we cannot guarantee absolute security. Users are responsible for implementing their security measures and staying informed about the latest cybersecurity developments. Hexagon Center is not responsible for any cyber or scam attacks by our readers. HX Weekly tips are advice are not official positions of Hexagon Center nor is Hexagon Center responsible for its content.

Content of this newsletter is not an official representation of Hexagon Center.

Reply

or to participate.