PT-2026-1703

Name of the Vulnerable Software and Affected Versions WooCommerce Square versions prior to 5.1.2 Description The WooCommerce Square plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. This is due to a lack of validation on a user-controlled key within the get token b...

CVE-2021-23178

Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows attackers to validate online payments with a tokenized payment method that belongs to another user, causing the victim's payment method to be charged instead...

Improper Access Control in bramp/myip

✍️ Description Google Maps API key is enabled without proper referer restrictions is found in your repo. It can be embeded to anyone's website and if the billing account is active, it will incur charges on your account. If Google Maps is not used in your project, then all the following APIs should...

Hackers Stole Customers' Payment Card Details From Over 700 Wawa Stores

Have you stopped at any Wawa convenience store and used your payment card to buy gas or snacks in the last nine months? If yes, your credit and debit card details may have been stolen by cybercriminals. Wawa, the Philadelphia-based gas and convenience store chain, disclosed a data breach incident...

U.S. Secret Service Warns ID Thieves are Abusing USPS’s Mail Scanning Service

A year ago, KrebsOnSecurity warned that "Informed Delivery," a new offering from the U.S. Postal Service USPS that lets residents view scanned images of all incoming mail, was likely to be abused by identity thieves and other fraudsters unless the USPS beefed up security around the program and ma...

Hackers Steal Payment Card Data From Over 1,150 InterContinental Hotels

InterContinental Hotels Group IHG is notifying its customers that credit card numbers and other sensitive information may have been stolen after it found malware on payment card systems at 1,174 franchise hotels in the United States. It's the second data breach that U.K.-based IHG, which owns...

IHG Confirms Second Credit Card Breach Impacting 1,000-Plus Hotels

In what’s becoming a familiar refrain to guests, InterContinental Hotels Group, said late last week that payment card systems at more than 1,000 of its hotels had been breached. It’s the second breach that IHG, a multinational hotel conglomerate that counts Holiday Inn and Crowne Plaza among its...

Travel Site Viator Claims 1.4 M Implicated in Breach

Travel website Viator.com is in the middle of notifying approximately 1.4 million of its customers that their personal information – payment card data included – may have been compromised. The San Francisco-based company, which specializes in expert curated travel suggestions, announced the breac...

TripAdvisor's Viator Hit by Massive Data Breach Affecting 1.4 Customers

TripAdvisor's Online travel booking and review website Viator has reportedly been hit by a massive data breach at its that may have exposed payment card details and account credentials of its customers, affecting an estimated 1.4 million of its customers. The San Francisco-based Viator, acquired ...

Lulzsec hacker Jeffrey could face Life Imprisonment

Lulzsec Hacker , Jeffrey Hammond faces a potential prison sentence of more than 30 years if found guilty of all charges filed against him. U.S. District Court chief judge Loretta Preska, who presided over a bail hearing for Hammond want last week. Hammond was also charged with using some of the...

Romanian POS Hackers Plead Guilty, Net $10 M from Scam

Two Romanian men pled guilty this week to charges they hacked into the point of sale systems of more than 200 restaurants, compromising the payment cards of 146,000 customers and amassing more than $10 million over the last few years. Included in those 200 stores were more than 150 Subway sandwic...

Citigroup hacked again - 92,000 customers info exposed from Japan

Citigroup hacked again - 92,000 customers info exposed from Japan For the second time this year, Citigroup has suffered a major breach of its credit customers' personal information; this time the breach involved 92,400 customers at its Japanese unit. Citigroup's Japanese credit card unit said...

Game Maker: 40 Percent of iTunes App Purchases Are Fraud

A Hong Kong based developer of games for mobile devices says that its online, multi player games are being besieged by users making fraudulent purchases from compromised iTunes accounts and says that iPhone maker Apple has turned a deaf ear to its efforts cut off the bogus activity. In an e-mail...