We found this fake-invoice campaign while scammers were still building it

A new batch of fake payment invoices is being staged right now, and we caught the campaign while it was still being put together. The emails impersonate PayPal, Amazon, and Geek Squad, and others, and they all share one goal: to scare you into calling a phone number where a fake "support agent" i...

Fake virus alerts are invading mobile games

Sometimes it happens. You’re happily playing a game on your phone or laptop when suddenly alarms pop up out of nowhere: " Your device is infected!" " Your iCloud is full!" " Your account is restricted for watching porn!" Some games can be played for free if you agree to watch ads, and in others y...

“iCloud storage is full” scam is back, and now it wants your payment details

A few months ago, we reported on a fake cloud storage alert that triggered a redirect chain to an app that has since been delisted from the Apple Store. The threat of losing your photos is a powerful lure, so scammers are now using it to steal personal and financial details. The Guardian warns...

This fake Windows support website delivers password-stealing malware

A fake Microsoft support website is tricking people into downloading what looks like a normal Windows update. Instead, it installs malware designed to steal passwords, payment details, and account access. Because the file looks legitimate and avoids detection, it can slip past both users and...

Watch out for fake Malwarebytes renewal notices in your calendar

We’ve become aware of a scam campaign sending fake calendar invites that impersonate Malwarebytes and attempt to trick recipients into calling a scam “billing support” number. We have written before about how calendar invites can be abused for phishing, and even about how Google Calendar invites...

CVE-2025-13696 Zigaform <= 7.6.5 - Unauthenticated Form Submission Data Disclosure in rocket_front_payment_seesummary AJAX Endpoint

The Zigaform plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.6.5. This is due to the plugin exposing a public AJAX endpoint that retrieves form submission data without performing authorization checks to verify ownership or access rights. Th...

PT-2025-28802 · WordPress · Wcfm – Frontend Manager For Woocommerce +1

Name of the Vulnerable Software and Affected Versions: WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress versions up to and including 6.7.16 Description: The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription...

PT-2025-22992

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 139 Firefox ESR versions prior to 128.11 Description A clickjacking issue could be exploited to trick a user into leaking saved payment card details to a malicious page. Recommendations For Firefox versions prior to...

CVE-2024-4213

The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.4 via the order report functionality. This makes it possible for unauthenticated attackers to extract sensitive data including order details such as...

WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables

Cybersecurity researchers are warning of a new stealthy credit card skimmer campaign that targets WordPress e-commerce checkout pages by inserting malicious JavaScript code into a database table associated with the content management system CMS. "This credit card skimmer malware targeting WordPre...

CVE-2024-33980 Cross-site Scripting in Janobe products

Cross-Site Scripting XSS vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'start' parameter in '/admin/modreports/printreport.php'...

Change Healthcare confirms the customer data stolen in ransomware attack

For the first time since news broke about a ransomware attack on Change Healthcare, the company has released details about the data stolen during the attack. First, a quick refresher: On February 21, 2024, Change Healthcare experienced serious system outages due to a cyberattack. The incident led...

CVE-2024-4213 Shopping Cart & eCommerce Store <= 5.6.4 - Sensitive Information Exposure

The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.4 via the order report functionality. This makes it possible for unauthenticated attackers to extract sensitive data including order details such as...

ChatGPT Bug Exposed Payment Details of Paid Users

By Habiba Rashid OpenAI has apologized and reached out to affected users about the potential data breach. This is a post from HackRead.com Read the original post: ChatGPT Bug Exposed Payment Details of Paid Users...

Commerce Elavon - Moderately critical - Access bypass - SA-CONTRIB-2022-053

This module enables you to accept payments from the Elavon payment provider. The module doesn't sufficiently verify that it's communicating with the correct server when using the Elavon On-site payment gateway, which could lead to leaking valid payment details as well as accepting invalid payment...

Virtual credit cards coming to Chrome: What you need to know

When youre buying things online, reducing the exposure of payment details during transactions is one way to help reduce the risk of data theft. If you can hide this payment data and switch it out for something else entirely, even better. Google is proposing to do just that for customers in the US...

Texas Gold-Dealer Mined for Payment Details in Months-Long Data Breach

A popular precious-metals dealer, JM Bullion, has been the victim of a payment-skimmer attack. The company’s response was less than solid gold — it took months to notify its users of the breach. The Dallas-based company sells gold, platinum, silver, copper and palladium bullion, in the form of...

New Web-Based Credit Card Stealer Uses Telegram Messenger to Exfiltrate Data

Cybercriminal groups are constantly evolving to find new ways to pilfer financial information, and the latest trick in their arsenal is to leverage the messaging app Telegram to their benefit. In what's a new tactic adopted by Magecart groups, the encrypted messaging service is being used to send...

Brazil's Biggest Cosmetic Brand Natura Exposes Personal Details of Its Users

Brazil's biggest cosmetics company Natura accidentally left hundreds of gigabytes of its customers' personal and payment-related information publicly accessible online that could have been accessed by anyone without authentication. SafetyDetective researcher Anurag Sen last month discovered two...

Paytium < 3.1.2 - Stored Cross-Site Scripting (XSS)

Both authenticated and unauthenticated stored XSS issues via fields in the payment details...