CVE-2025-13371

The MoneySpace plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.9. This is due to the plugin storing full payment card details PAN, card holder name, expiry month/year, and CVV in WordPress postmeta using base64encode, and then...

SMS Phishers Pivot to Points, Taxes, Fake Retailers

China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season: Phishing kits for mass-creating fake but convincing e-commerce websites that convert customer payment...

Russian Hackers Create 4,300 Fake Travel Sites to Steal Hotel Guests' Payment Data

A Russian-speaking threat behind an ongoing, mass phishing campaign has registered more than 4,300 domain names since the start of the year. The activity, per Netcraft security researcher Andrew Brandt, is designed to target customers of the hospitality industry, specifically hotel guests who may...

SUSE-SU-2025:01946-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 128.11 MFSA 2025-46, bsc1243353: - CVE-2025-5262: Double-free in libvpx encoder bmo1962421 - CVE-2025-5263: Error handling for script execution was incorrectly isolated from web content bmo1960745 -...

FreeBSD : Mozilla -- clickjacking vulnerability (63268efe-4222-11f0-976e-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 63268efe-4222-11f0-976e-b42e991fc52e advisory. [email protected] reports: A clickjacking vulnerability could have been used to trick a user into...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox versions prior to 139 and Firefox ESR versions prior to 128.11, which stems from clickjacking that may cause users to disclose payment card informatio...

SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks

A new Android malware-as-a-service MaaS platform named SuperCard X can facilitate near-field communication NFC relay attacks, enabling cybercriminals to conduct fraudulent cashouts. The active campaign is targeting customers of banking institutions and card issuers in Italy with an aim to...

China-based SMS Phishing Triad Pivots to Banks

China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called "Smishing Triad " mainly impersonated toll road operators and shipping companies. But experts say these groups a...

What PCI DSS v4 Really Means – Lessons from A&F Compliance Journey

Access on-demand webinar here Avoid a $100,000/month Compliance Disaster March 31, 2025: The Clock is Ticking. What if a single overlooked script could cost your business $100,000 per month in non-compliance fines? PCI DSS v4 is coming, and businesses handling payment card data must be prepared...

DNA testing service data breach impacting 2.1 million users

By Waqas DNA Diagnostics Center DDC has revealed that hackers managed to access highly sensitive and personal data of users including payment card data. This is a post from HackRead.com Read the original post: DNA testing service data breach impacting 2.1 million users...

FIN8 Targets US Bank With New ‘Sardonic’ Backdoor

The financially motivated FIN8 cybergang used a brand-new backdoor – dubbed Sardonic by the Bitdender researchers who first spotted it – in attempted but unsuccessful breaches of networks belonging to two unidentified U.S. financial organizations. It’s a nimble newcomer, researchers wrote: “The...

Cybercriminals using Marvel’s Black Widow movie to spread malware

By Waqas Apart from malware, offers to watch the online premiere of the Black Widow movie are being used to steal payment card data. This is a post from HackRead.com Read the original post: Cybercriminals using Marvels Black Widow movie to spread malware...

Law Enforcement Seizes Joker's Stash — Stolen Credit Card Marketplace

The US Federal Bureau of Investigation FBI and Interpol have allegedly seized proxy servers used in connection with Blockchain-based domains belonging to Joker's Stash, a notorious fraud bazaar known for selling compromised payment card data in underground forums. The takedown happened last week ...

Joker's Stash Carding Site Taken Down

Joker’s Stash, the carding site where cybercriminals hawk their payment-card wares, has suffered a blow after law enforcement apparently seized one of its domains. Joker’s Stash is a popular cybercriminal destination that specializes in trading in payment-card data, offering millions of stolen...

Dark Web Pricing Skyrockets for Microsoft RDP Servers, Payment-Card Data

Cybercriminals are vying for Remote Desktop Protocol RDP access, stolen payment cards and DDoS-for-Hire services, based on a recent analysis of underground marketplace pricing. During the COVID-19 pandemic, cybercriminals have profited with “increasingly advantageous positions to benefit from the...

Credential-Stuffing Attack Hits The North Face

The North Face has reset its customers’ passwords after attackers launched a credential-stuffing attack against the popular outdoor outfitter’s website. In a recent data-breach notification, the company told customers that it was alerted to “unusual activity involving its website,”...

COVID-19 ‘Breach Bubble’ Waiting to Pop?

The COVID-19 pandemic has made it harder for banks to trace the source of payment card data stolen from smaller, hacked online merchants. On the plus side, months of quarantine have massively decreased demand for account information that thieves buy and use to create physical counterfeit credit...

Emerging MakeFrame Skimmer from Magecart Sets Sights on SMBs

Researchers have observed a new skimmer from the prolific Magecart Group that has been actively harvesting payment-card data from 19 different victim websites, mainly belonging to small- and medium-sized businesses SMBs, for several months. RiskIQ researchers first discovered the skimmer, dubbed...

Magecart Cyberattack Targets NutriBullet Website

A faction under the Magecart umbrella, Magecart Group 8, targeted the website of the blender manufacturer, NutriBullet, in an attempt to steal the payment-card data of its online customers. Yonathan Klijnsma, threat researcher with RiskIQ, said in a Wednesday post that a JavaScript web skimmer co...

Magecart Cyberattack Targets NutriBullet Website

A faction under the Magecart umbrella, Magecart Group 8, targeted the website of the blender manufacturer, NutriBullet, in an attempt to steal the payment-card data of its online customers. Yonathan Klijnsma, threat researcher with RiskIQ, said in a Wednesday post that a JavaScript web skimmer co...