Tag: credit-card
-
South Korea probes credit card company data breach affecting 3 million customers
A major South Korean lender that processes roughly 10% of the nation’s credit card spending started notifying some customers that they need to reissue cards. First seen on therecord.media Jump to article: therecord.media/south-korea-probes-credit-card-data-breach
-
New Magecart Attack Injects Malicious JavaScript to Steal Payment Data
A new Magecart-style campaign has emerged that leverages malicious JavaScript injections to skim payment data from online checkout forms. The threat surfaced after security researcher sdcyberresearch posted a cryptic tweet hinting at an active campaign hosted on cc-analytics[.]com. Subsequent analysis revealed a heavily obfuscated script that hooks into checkout fields, collects credit card and billing…
-
Kering, owner of Gucci, Balenciaga, and other luxury brands, confirms hack
Kering said the hackers did not steal credit card numbers and that it has contacted the customers whose data is part of the breach, without saying how many were affected. First seen on techcrunch.com Jump to article: techcrunch.com/2025/09/15/company-that-owns-gucci-balenciaga-other-brands-confirms-hack/
-
Company that owns Gucci, Balenciaga, other brands confirms hack
Kering said the hackers did not steal credit card numbers and that it has contacted the customers whose data is part of the breach, without saying how many were affected. First seen on techcrunch.com Jump to article: techcrunch.com/2025/09/15/company-that-owns-gucci-balenciaga-other-brands-confirms-hack/
-
Chinese Guarantee Syndicates and the Fruit Machine
When I was speaking to a group of Bank Security people in New York City yesterday, I mentioned “machine rooms” — which are rooms full of Apple iPhones that are used to send iMessage phishing spam. Someone in the audience asked “Where would they get that many phones?” The kids like to use the acronym…
-
The Hidden Threat: How Sensitive Information Leakage Puts Your Business at Risk
You Don’t Know What You Don’t Know And That’s the Problem Picture this: Your development team has built a robust e-commerce platform. Your security team has implemented comprehensive protection measures. Your compliance team has checked all the boxes. Yet somewhere in your application stack, full credit card numbers are quietly leaking through API responses,… First…
-
The Hidden Threat: How Sensitive Information Leakage Puts Your Business at Risk
You Don’t Know What You Don’t Know And That’s the Problem Picture this: Your development team has built a robust e-commerce platform. Your security team has implemented comprehensive protection measures. Your compliance team has checked all the boxes. Yet somewhere in your application stack, full credit card numbers are quietly leaking through API responses,… First…
-
PCI council eyes wider data protection role beyond payments
Hailed as the gold standard for securing credit card information, the Payment Card Industry Data Security Standard (PCI DSS) could be extended to protect other kinds of data following industry feedback First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366630421/PCI-council-eyes-wider-data-protection-role-beyond-payments
-
PCI council eyes wider data protection role beyond payments
Hailed as the gold standard for securing credit card information, the Payment Card Industry Data Security Standard (PCI DSS) could be extended to protect other kinds of data following industry feedback First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366630421/PCI-council-eyes-wider-data-protection-role-beyond-payments
-
Pressure on CISOs to stay silent about security incidents growing
Tags: access, breach, business, cio, ciso, corporate, credentials, credit-card, crowdstrike, cybersecurity, data, data-breach, email, finance, framework, group, hacker, iam, identity, incident response, insurance, law, mfa, ransomware, sap, security-incident, software, theft, threat, training‘Intense pressure’ to keep quiet about security incidents: CSO spoke to two other former CISOs who reported pressures to stay silent about suspected security incidents. Both CISOs requested to remain anonymous due to end-of-contract confidentiality agreements made with previous employers.”While working inside a Fortune Global 500 company in Europe, I witnessed this multiple times,” one…
-
California Tax Refund Mobile Phish
A new round of mobile phish is imitating the State of California’s “Franchise Tax Board” in a round of phishing sites that are gaining prominence in the past few days. I visited ftb.ca-gov-sg[.]top/notice from a burner phone to see how the scheme works (the page doesn’t load from the Windows browsers I tested.) After harvesting…
-
DOM-Based Extension Clickjacking Exposes Millions of Password Manager Users to Credential Theft
A newly discovered technique, dubbed DOM-based extension clickjacking, has raised serious concerns about the security of browser-based password managers. Despite their role in protecting sensitive information, such as login credentials, credit card data, and TOTP codes (Time-based One-Time Passwords), this attack demonstrates how a single deceptive click can result in total data compromise. First seen…
-
DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft
Popular password manager plugins for web browsers have been found susceptible to clickjacking security vulnerabilities that could be exploited to steal account credentials, two-factor authentication (2FA) codes, and credit card details under certain conditions.The technique has been dubbed Document Object Model (DOM)-based extension clickjacking by independent security researcher Marek Tóth, First seen on thehackernews.com Jump…
-
Major password managers can leak logins in clickjacking attacks
Six major password managers with tens of millions of users are currently vulnerable to unpatched clickjacking flaws that could allow attackers to steal account credentials, 2FA codes, and credit card details. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/major-password-managers-can-leak-logins-in-clickjacking-attacks/
-
After researchers unmasked a prolific SMS scammer, a new operation has emerged in its wake
Security researchers are now sounding the alarm on a new SMS text message fraud operation, which is surging in popularity, and its ability to steal people’s credit cards, since the demise of its predecessor. First seen on techcrunch.com Jump to article: techcrunch.com/2025/08/10/after-researchers-unmasked-a-prolific-sms-scammer-a-new-operation-has-emerged-in-its-wake/
-
Air France, KLM Alert Authorities of Data Breach
While no sensitive financial data like credit card information was compromised, the threat actors were able to get away with names, email addresses, phone numbers, and more. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/air-france-klm-data-breach
-
PXA Stealer Distributed via Telegram Harvests 200K Passwords and Credit Card Data
SentinelLABS and Beazley Security have uncovered a sophisticated infostealer campaign deploying the Python-based PXA Stealer, which has rapidly evolved since late 2024 to incorporate advanced anti-analysis techniques, decoy content, and hardened command-and-control (C2) infrastructure. This operation, linked to Vietnamese-speaking cybercriminal networks, leverages Telegram’s API for automated data exfiltration and monetization, feeding into underground marketplaces like…
-
Python-powered malware snags hundreds of credit cards, 200K passwords, and 4M cookies
PXA Stealer pilfers data from nearly 40 browsers, including Chrome First seen on theregister.com Jump to article: www.theregister.com/2025/08/04/pxa_stealer_4000_victims/
-
Unberechtigte Abbuchungen bei HypoVereinsbank-Kreditkarte: Datenabfluss?
Tags: credit-cardIch stelle mal ein Thema hier im Blog ein, was mir aus zwei Quellen zugegangen ist. Leser haben mir darüber informiert, dass plötzlich Kreditkarten Commerzbank und HypoVereinsbank unberechtigt belastet wurden und vermuten Datenlecks. Meine Vermutung auf Skimming in Online-Shops oder … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/07/27/unberechtigte-abbuchungen-bei-hypovereinsbank-kreditkarte-datenabfluss/
-
Dark Web Hackers Moonlight as Travel Agents
Hackers are using stolen goods such as credit cards and loyalty points to book travel for sometimes unsuspecting clients, and remote workers, SMBs, travel brands, and others are at risk. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/dark-web-hackers-moonlight-travel-agents
-
Malicious LNK File Posing as Credit Card Security Email Steals User Data
Tags: authentication, credit-card, cyber, data, email, exploit, finance, malicious, powershell, threatThreat actors have deployed a malicious LNK file masquerading as a credit card company’s security email authentication pop-up to pilfer sensitive user information. The file, named >>card_detail_20250610.html.lnk,
-
Dark Web Travel Agencies Exploit Cheap Deals to Steal Credit Card Data
Dark web travel agencies have developed into highly skilled organizations operating in the murky corners of cybercrime, using hacked credit card information, compromised loyalty accounts, and faked identities to provide drastically reduced travel services. According to recent analysis by SpiderLabs, these operations exploit popular booking aggregators rather than targeting specific hotel chains or airlines, adapting…
-
How defenders use the dark web
Tags: access, antivirus, attack, breach, corporate, credit-card, crypto, cyber, cybercrime, dark-web, data, data-breach, email, extortion, finance, fraud, government, group, hacker, healthcare, identity, incident, insurance, intelligence, Internet, interpol, law, leak, lockbit, mail, malware, monitoring, network, phishing, ransom, ransomware, service, software, theft, threat, tool, usa, vpnAttributing attacks to threat actors: When organizations suffer from data breaches and cyber incidents, the dark web becomes a crucial tool for defenders, including the impacted businesses, their legal teams, and negotiators.Threat actors such as ransomware groups often attack organizations to encrypt and steal their data so they can extort them for money, in exchange…
-
New Phishing Attack Impersonates DWP to Steal Credit Card Information from Users
A sophisticated phishing campaign targeting UK residents has been active since late May 2025, with a significant surge in activity during the second half of June. This malicious operation impersonates the Department for Work and Pensions (DWP), a key UK government body responsible for welfare and pension services, by sending fraudulent SMS messages to unsuspecting…
-
Cyberattacks are draining millions from the hospitality industry
Every day, millions of travelers share sensitive information like passports, credit card numbers, and personal details with hotels, restaurants, and travel services. This puts … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/03/hospitality-industry-cybersecurity-challenges/
-
Qantas Airlines Breached, Impacting 6M Customers
Tags: credit-cardPassengers’ personal information was likely accessed via a third-party platform used at a call center, but didn’t include passport or credit card info. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/qantas-airlines-breached-6m-customers
-
China-linked hackers spoof big-name brand websites to steal shoppers’ payment info
The campaign uses thousands of phishing websites that mimic the design and product listings of retailers like Apple, Nordstrom and Hermes to trick people into entering their credit card information. First seen on therecord.media Jump to article: therecord.media/china-linked-hackers-website-phishing
-
Cyberangriff auf australische Fluggesellschaft Qantas
Die australische Fluggesellschaft Qantas ist Opfer einer Cyberattacke.Die australische Fluggesellschaft Qantas ist Opfer eines Cyberangriffs geworden. Hacker hätten sich Zugang zu wichtigen Daten von bis zu sechs Millionen Kundinnen und Kunden verschafft, darunter Namen, E-Mail-Adressen, Telefonnummern, Geburtsdaten und Vielfliegernummern, teilte die Airline mit. Betroffen war demnach eine Plattform eines Drittanbieters. Qantas erklärte, dass in dem…
-
Apple ID, credit card details targeted by CapCut phishing
First seen on scworld.com Jump to article: www.scworld.com/brief/apple-id-credit-card-details-targeted-by-capcut-phishing