CVE-2025-13457

The WooCommerce Square plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.1 via the gettokenbyid function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to expose arbitrary Squa...

EUVD-2026-1860

The WooCommerce Square plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.1 via the gettokenbyid function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to expose arbitrary Squa...

Epic Games Hit With Class Action Lawsuit Over Hacked 'Fortnite' Accounts

Epic Games, the creator of the popular 'Fortnite' video game, is facing a class-action lawsuit from gamers over hacked Fortnite accounts, accusing the company of failing to maintain adequate security measures and notify users of the security breach in a timely manner. The lawsuit, filed by...

Voice Phishing Scams Are Getting More Clever

Most of us have been trained to be wary of clicking on links and attachments that arrive in emails unexpected, but it's easy to forget scam artists are constantly dreaming up innovations that put a new shine on old-fashioned telephone-based phishing scams. Think you're too smart to fall for one?...

OnePlus Confirms Credit Card Breach Impacted Up to 40,000 Customers

OnePlus has confirmed that up to 40,000 customers have been affected by a credit card breach, in the latest embarrassing misstep for the Chinese handset maker. The news comes several days after OnePlus shut down credit card processing following complaints from customers about fraudulent charges...

Hyatt Hotels Suffers 2nd Card Breach in 2 Years

Hyatt Corp. is alerting customers about another credit card breach at some hotels, the second major incident with the hospitality chain in as many years. Hyatt said its cyber security team discovered signs of unauthorized access to payment card information from cards manually entered or swiped at...

B&B Theatres Hit in 2-Year Credit Card Breach

B&B Theatres, a company that owns and operates the 7th-largest theater chain in America, says it is investigating a breach of its credit card systems. The acknowledgment comes just days after KrebsOnSecurity reached out to the company for comment on reports from financial industry sources who sai...

Amazon Same Day Credential Shipping

FireEye has identified a campaign involving phishing websites that appear as legitimate Amazon sites. Amazon is the largest online retailer and threat actors frequently target its customers. In this attack, a person browsing the internet would be directed to authentic looking – yet fake – Amazon...

TripAdvisor's Viator Hit by Massive Data Breach Affecting 1.4 Customers

TripAdvisor's Online travel booking and review website Viator has reportedly been hit by a massive data breach at its that may have exposed payment card details and account credentials of its customers, affecting an estimated 1.4 million of its customers. The San Francisco-based Viator, acquired ...

Fortune Favors the Bold? Man Steals Microsoft Founder's Identity, Credit Card

When one Pennsylvanian man couldn’t foot his bills, he opted to steal the identity of someone that could – one of the world’s richest men, Microsoft co-founder and billionaire Paul Allen. An AWOL solider from Pittsburgh swiped Allen’s Citibank credit card account information earlier this year to...