Privacy
-
Fake Netflix, Coca-Cola and FIFA job scams target marketing workers
A phishing campaign has impersonated Netflix, Coca-Cola, Adidas and FIFA to target marketing professionals for at least five months, using fake interview requests and built-in Google login pop-ups to steal accounts.
-
Opera GX flaw let sites silently install mod and leak data
Researchers found an Opera GX flaw that let a malicious site silently install a mod and leak data from pages a victim visited. Opera says it patched the issue and found no evidence of abuse in the wild.
-
U.S. county linked to $1 million payment in data theft extortion case
A case study linked a $1 million payment to a U.S. government entity after stolen files were threatened with release. The report pointed to Union County, Ohio, and described a data theft extortion scheme with no evidence of encryption.
-
Fake Perplexity Chrome extension tracked searches on Chrome Web Store
A malicious Chrome Web Store extension posing as Perplexity AI intercepted search traffic and collected browsing data, Microsoft said in a technical analysis. The company found no credential theft, but warned the permissions could enable broader abuse.
-
KDDI says breach may have exposed up to 14.2 million ISP email logins
KDDI said a breach in one of its email systems may have exposed up to 14.2 million customer email addresses and passwords across six Japanese internet service providers after attackers exploited third-party software.
-
Xsolis says phishing attack exposed data of 1.4 million people
Xsolis said a targeted phishing attack exposed files tied to 1,396,519 people, including names, addresses, Social Security numbers and medical treatment information. The company has notified law enforcement and is offering assistance to affected individuals.
-
Malwarebytes warns of parcel mule job scams posing as remote work
Malwarebytes says scammers are using fake remote job offers, including “Parcel Expert” roles, to recruit parcel mules who receive and forward stolen goods from home. The company warns of fraud, identity theft and possible law enforcement contact.
-
Xsolis says phishing attack exposed data of 1.4 million people
Xsolis said a January phishing attack exposed sensitive data tied to nearly 1.4 million people, including Social Security numbers and medical treatment information. The company is notifying affected individuals and offering identity monitoring.
-
LastPass says Salesforce customer data exposed in Klue supply chain attack
LastPass said hackers used OAuth tokens stolen in the Klue supply chain attack to reach customer data in its Salesforce environment. The company said vaults were not affected and warned about phishing risk.
-
Canada spy agency used court warrant to disrupt foreign botnets on home routers and IoT gear
Canada’s spy service used a 2024 court warrant to disrupt two foreign-run botnets on routers and IoT devices, in the first use of its threat-reduction powers this way, according to a public Federal Court ruling.









