PayPal recently disclosed a data breach that affected customers' personal information and led to fraudulent transactions. Notification letters sent to impacted individuals revealed that the cybersecurity incident was caused by an error in the PayPal Working Capital (PPWC) loan application. Due to the error, the personal information of a "small number of customers" was exposed for nearly six months, between July 1 and December 13, 2025. READ MORE...
Looking back over the years, I've spent an inordinate amount of time when planning a trip trying to find the best online price for my hotel stay. Does it make more sense to book directly with the hotel itself or a comparison site? Are there other websites that will offer a better deal that could shave a few dollars off the total package? Frankly, for the actual amount of money I have saved, I'm not sure that it was necessarily always time well spent. READ MORE...
All four were detained for carrying out distributed denial-of-service (DDoS) attacks on government ministries, political parties, and public institutions, which they claimed were "responsible for the tragedy" of the floods. Guardia Civil officers arrested two of Anonymous Fénix's "most active members" last week in Ibiza and Móstoles, Madrid. These bring the total to four, following the arrest of two group leaders in Alcalá de Henares, Madrid, and Oviedo, Asturias, in May 2025. READ MORE...
A Ukrainian national was sentenced to five years in a US prison for selling stolen identities to fraudulent North Korean workers and for facilitating the operation of laptop farms. The man, Oleksandr Didenko, 29, of Kyiv, Ukraine, also known as Alexander Didenko, pleaded guilty in a US court in November 2025 to helping North Korean IT workers obtain employment at US companies. According to documents presented in court, Didenko operated the Upworksell.com domain. READ MORE...
CISA flagged two Roundcube Webmail vulnerabilities as actively exploited in attacks and ordered U.S. federal agencies to patch them within three weeks. Roundcube Webmail is a web-based email client that has been the default mail interface for the widely used cPanel web hosting control panel since 2008. The first vulnerability tagged as actively abused by threat actors is a critical remote code execution flaw tracked as CVE-2025-49113. READ MORE...
Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse activists and security firms. But a stealthy new phishing-as-a-service offering lets customers sidestep both of these pitfalls: It uses cleverly disguised links to load the target brand's real website, and then acts as a relay between the victim and the legitimate site. READ MORE...
Intellexa's Predator spyware can hide iOS recording indicators while secretly streaming camera and microphone feeds to its operators. The malware does not exploit any iOS vulnerability but leverages previously obtained kernel-level access to hijack system indicators that would otherwise expose its surveillance operation. Apple introduced recording indicators on the status bar in iOS 14 to alert users when the camera or microphone is in use. READ MORE...
AI agents are programmed to be industrious and focused on completing user-assigned tasks, but that single-minded approach often has gone wrong. Last week, a Microsoft Copilot bug reportedly resulted in the AI assistant summarizing confidential emails, while users of AI agents have regularly complained that they are ignoring instructions to protect certain files, modifying them anyway. READ MORE...
Cybercriminals armed with off-the-shelf generative AI tools compromised more than 600 internet-exposed FortiGate firewalls across 55 countries in just over a month, according to a new incident report from AWS. The campaign, which ran from mid-January to mid-February, relied less on clever zero-days and more on the equivalent of trying every digital door handle - just at machine speed, with AI lending a hand behind the scenes. READ MORE...