Notice: FY2024 is coming in early March. We apologies for this late delivery.
Highlights
⚠️ 1. PayPal Email Scam.
📱 2. Google SMS Gone.
📉 3. Microsoft Outage.
🔑 4. 12K Keys Leaked.
🚨 5. 2025 Data Breaches.
Deep Dive:
⚠️ 1. PayPal Email Scam Bleeping Computer Forbes
Sent from service@paypal.com
To CALL a number to correct info.
Claim new address with a fake purchase.
Convinced that you were hacked.
To download a software (spyware or malware),
Hard to detect by spam and protection.
Head ups: Educate employees. Verify account changes directly on the PayPal website.
📱2. Google: SMS Gone Forbes
Ditching SMS authentication codes.
Replacing with QR code verification.
Reduces phishing code sharing.
Less reliance phone carrier's security.
Cut global SMS abuse.
Heads up: Shift to QR code authentication.
📉 3. Microsoft Outage CNBC
Outlook, Exchange, Teams, 365, Azure etc.
Tens of thousands impacted globally.
Services were down ~ 3:30 p.m. ET.
Issue was resolved Saturday evening.
Users reported recovered their access.
Most reported: NYC, Chicago, LA.
Heads up: Review backup system for email/critical services.
🔑 4. 12,000 API Keys and Passwords Breach BleepingComputer
Data used by OpenAI, DeepSeek, Google, Meta, Anthropic, and Stability.
Exposed AWS root keys and Mailchimp API keys.
11,908 valid secrets in Common Crawl dataset.
2024 December archive was checked with 2.67B web pages.
Developers hardcoded in the source code.
63% Secrets reused by others.
Heads up: Enforce code review and secrets management policy.
🚨 5. Top breaches 2025 TechCrunch
PowerSchool breach: Millions of students affected.
Musk's DOGE Access: Huge US Gov Compromise.
1 Million Patient Records: CHC Data Breach.
DISA screening: Over 3 million affected.
Stalkerware apps: Millions phone data exposed.
Heads up: Bad actors are also learners. They will repeat.
Share this post