Threat Actor Claims to Sell 15.8 Million Plain-Text PayPal Credentials
A seller named Chucky_BF is offering 15.8M PayPal logins with emails, passwords, and URLs. The data may come…
password
Dropbox Passwords Service Ending: Export Your Vault Before Oct 28, 2025
Dropbox has announced the discontinuation of its Passwords service, giving users until October 28, 2025, to export their stored credentials before the feature is permanently shut down. The cloud storage company is phasing out the password management to…
New VoIP Botnet Targets Routers Using Default Passwords
Cybersecurity researchers have uncovered a sophisticated botnet operation exploiting VoIP-enabled routers through default password attacks, with initial activity concentrated in rural New Mexico before expanding globally to compromise approximately 500…
Clorox Files Lawsuit Against Cognizant Over Employee Password Leak to Hackers
The Clorox Company filed a major lawsuit against IT services provider Cognizant on July 22, 2025, seeking $380 million in damages over a devastating cyberattack that the cleaning products giant claims was enabled by Cognizant’s security failures….
Weak Password Enables Ransomware Attack on 158-Year-Old Firm
A single compromised password has been identified as the catalyst that destroyed a century-old transport company and displaced 700 employees, highlighting the devastating impact of cybersecurity vulnerabilities on British businesses. The case of KNP, a…
Password Reset Link Poisoning Leads to Full Account Takeover
A critical vulnerability known as Password Reset Link Poisoning has recently come under the spotlight, exposing web users and organizations to the risk of full account takeover. This flaw, which leverages Host Header Injection, enables attackers to man…
Smart Cars, Dumb Passwords: Auto Industry Still Runs on Weak Passwords
A new study by NordPass and NordStellar reveals the automotive industry is plagued by weak, reused, and common…
Linux Crash Reporting Flaws (CVE-2025-5054, 4598) Expose Password Hashes
Qualys details CVE-2025-5054 and CVE-2025-4598, critical vulnerabilities affecting Linux crash reporting tools like Apport and systemd-coredump. Learn how…
Database Leak Reveals 184 Million Infostealer-Harvested Emails and Passwords
Cybersecurity researcher Jeremiah Fowler discovered a misconfigured cloud server containing a massive 184 million login credentials, likely collected…
‘Admin’ and ‘123456’ Still Among Most Used Passwords in FTP Attacks
Weak passwords continue to be a major vulnerability for FTP servers. Specops’ latest report highlights the most frequent…