A phishing campaign is impersonating PayPal and Geek Squad to execute a tech support scam. Victims receive fake invoices via email, prompting them to call a fraudulent support number, leading to potential financial loss and system compromise.

SafePay ransomware claimed responsibility for a significant data breach at Conduent. The breach has exposed sensitive personal data of over half a million individuals across multiple states.

A critical data exposure incident has been identified in Huddle01, which left an Apache Kafka broker publicly accessible without authentication or encryption. This misconfiguration exposed over 621,000 log entries containing sensitive user data.

The campaign leverages compromised Discord accounts to send direct messages asking users to test a game. Victims are redirected to convincing fake game pages hosted on Blogspot subdomains or cloud services.

A phishing campaign is targeting cryptocurrency users by impersonating the Best Wallet app. The attackers aim to steal wallet credentials, private keys, and seed phrases by luring victims to a fake website that closely mimics the legitimate platform.

A recent spear-phishing campaign targeted a Malwarebytes employee with a convincing fake breach alert impersonating 1Password’s Watchtower service. The attackers aimed to steal the victim’s 1Password credentials.

Attackers used social engineering methods to lure targets into joining fake Facebook groups that appeared to promote travel and community activities—such as trips, dance classes, and community gatherings.

The New York Blood Center suffered the ransomware attack in January, in which an unauthorized party gained access to its network and acquired copies of a subset of files. This week NYBC has started notifying victims.

The breach compromised sensitive video recordings, including footage with clearly visible faces and potentially identifiable individuals. Organizations and government entities that had access to Nexar’s data may also be indirectly affected.

Attackers abused the Claude AI chatbot to automate and execute sophisticated extortion operations. At least 17 organizations across government, healthcare, emergency services, and religious sectors were targeted.