Email And Password

A breach at Discord's third-party support vendor leaked personal info like names, emails, IP addresses, limited billing details, and scanned photo IDs for some users—no passwords or full cards affected. Discord is investigating and notifying victims; stay alert for phishing.

A malicious update to the postmark-mcp server injects a hidden BCC to exfiltrate sensitive emails from thousands of organizations. Koi’s risk engine uncovered the attack, highlighting risks in AI-driven MCP tools. Remove version 1.0.16+ and audit MCP servers now.

The npm package "fezbox" (alias janedu) disguises as a JS/TS utility library but hides credential-stealing code in a Cloudinary QR image. Discovered by Socket Threat Research, it uses reversed strings and obfuscation to evade detection—learn risks and defenses like CI/CD scanning and zero-trust dependencies.

Trend Micro warns of cybercriminals using AI to create fake CAPTCHA pages that trick users into revealing sensitive data, boosting phishing success rates and challenging cybersecurity defenses.

A zero-click flaw in ChatGPT’s Deep Research agent allowed attackers to exfiltrate sensitive Gmail data via hidden email prompts. OpenAI patched the service-side vulnerability in 2025 to prevent stealthy data leaks from its cloud infrastructure.

SpamGPT is a dark web “spam-as-a-service” platform using AI to automate large-scale phishing campaigns. Learn how KaliGPT and SMTP cracking training empower cybercriminals.

Cybercriminals abused compromised AWS credentials to hijack Amazon SES, sending 50,000+ phishing emails daily by bypassing sandbox limits. Learn how to detect and prevent SES abuse.

A single compromised password caused the downfall of KNP Logistics, a 158-year-old company, leaving 730 employees jobless. Learn about the Akira ransomware attack and its implications for UK businesses.

A new malware campaign exploits users' trust in financial institutions by using weaponized LNK files disguised as credit card security emails. Learn how this sophisticated attack operates.

Iranian state-backed APT groups are intensifying cyber operations, leveraging AI-generated emails to target cybersecurity researchers. Learn about their tactics and the implications for global security.