Fraud losses don’t stop at chargebacks. False declines, account takeovers, and abuse also damage revenue and trust. IPQS breaks down why fraud teams need broader visibility into risk and customer impact. […]
Tag: Account
AI, Global Security News, Network Security
Machine identities outnumber humans 109 to 1
Organizations manage an average of 109 machine identities for every human identity. AI agents account for a growing share of those identities, with companies expecting AI agent growth of 85% over the next 12 months. Machine identities are projected to increase by 77%, and human identities by 56%, based on data from Palo Alto Networks’…
AI, Global Security News
RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded
RubyGems, the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a “major malicious attack.” “We’re dealing with a major malicious attack on Ruby Gems right now,” Maciej Mensfeld, senior product manager for software supply chain security at Mend.io, said in a post on…
AI, Apps, Data Breaches, Global Security News, Risk Management
Braintrust security incident raises concerns over AI supply chain risks
Braintrust warned customers to rotate API keys after hackers breached an AWS account, exposing secrets tied to cloud-based AI models. AI observability startup Braintrust warned customers to rotate API keys after attackers gained unauthorized access to one of the company’s AWS accounts, potentially exposing secrets used to connect to cloud-based AI models. The company said…
Global Security News
Fixing the password problem is as easy as 123456
How come it’s still possible to ‘secure’ an online account with a six-digit string?
AI, Exploits, Global Security News
Robinhood account creation flaw abused to send phishing emails
Online trading platform Robinhood’s account creation process was exploited by threat actors to inject phishing messages into legitimate emails, tricking users into believing their accounts had suspicious activity. […]
AI, Global Security News
Meta is overhauling how you sign in, manage settings, and protect your accounts
Meta Account gives users of Meta apps and devices a simpler way to access and manage their accounts. Accounts Center will automatically be updated to a Meta Account as part of a gradual rollout over the next year. Users will be notified when the change occurs. It supports Meta technologies including Facebook, Instagram, Messenger, Threads,…
AI, Apps, Cybersecurity, Data Breaches, Global Security News
Third-party AI hack triggers Vercel breach, internal environments accessed
Vercel suffered a breach after a hacked Context.ai tool exposed an employee account, letting attackers access limited internal systems and non-sensitive data. Vercel reported a security breach caused by the compromise of a third-party AI tool, Context.ai, used by one of its employees. The attacker took over the employee’s Google Workspace account and used it…
AI, Global Security News
Apple account change alerts abused to send phishing emails
Apple account change notifications are being abused to send fake iPhone purchase phishing scams within legitimate emails sent from Apple’s servers, increasing legitimacy and potentially allowing them to bypass spam filters. […]
Global Security News, privacy
Google Play is changing how Android apps access your contacts and location
Google’s new set of Google Play policy updates and account transfer feature strengthen user privacy and protect businesses from fraud. Google is also expanding features for managing new contact and location policy changes to support a smoother, more predictable app review experience. By October, Play policy insights in Android Studio can help developers identify if…
Global Security News
Fraud Rockets Higher in Mobile-First Latin America
Cyber-fraudsters move quickly from compromised devices to account takeover to funds transfer, shifting money before many financial institutions can react.
AI, Apps, Cloud Security, Data Breaches, Global Security News, malware
Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack
Attackers compromised the npm account of the lead maintainer of Axios, a widely used JavaScript HTTP client library, and used it to publish malicious versions of the package that deployed a cross-platform remote access trojan on developer machines. The incident represents the highest-impact npm supply chain attack on record given Axios’ approximately 100 million weekly…
AI, Global Security News, malware
Attackers hijack Axios npm account to spread RAT malware
Threat actors hijacked the npm account of Axios to distribute RAT malware via malicious package updates. Threat actors compromised the npm account of Axios, a widely used library with over 100M weekly downloads, and published malicious versions to spread remote access trojans across Linux, Windows, and macOS. The supply chain attack was identified by multiple…
Global Security News
Hackers compromise Axios npm package to drop cross-platform malware
Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Linux, Windows, and macOS systems. […]
AI, Data Breaches, Global Security News
FBI confirms hack of Director Patel’s personal email inbox
The Handala hackers associated with Iran have breached the personal email account of FBI Director Kash Patel and published photos and documents. […]
Global Security News
Move fast and save things: A quick guide to recovering a hacked account
What you do – and how fast – after an account is compromised often matters more than it may seem
AI, Cybersecurity, Global Security News
Smashing Security podcast #459: This clever scam nearly hijacked a tech CEO’s Apple ID
In episode 459 of Smashing Security, we dive into a chillingly clever account takeover attempt targeting WordPress co-founder Matt Mullenweg – involving MFA fatigue, real Apple alerts, a convincing support call, and a phishing page that oh-so-nearly worked. If a famous techie could have this happen to you, can you be sure you’re immune? Plus:…
AI, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, privacy
This clever scam nearly hijacked a tech CEO’s Apple ID
In episode 459 of Smashing Security, we dive into a chillingly clever account takeover attempt targeting WordPress co-founder Matt Mullenweg – involving MFA fatigue, real Apple alerts, a convincing support call, and a phishing page that oh-so-nearly worked. If a famous techie could have this happen to you, can you be sure you’re immune? Plus:…
Global Security News, Network Security
Accertify’s Attack State targets credential stuffing and ATO attacks
Accertify has announced the launch of Attack State, a new capability in its Account Protection solution designed to help organizations detect and respond to coordinated login attacks and other automated threats targeting customer accounts. Attack State analyzes login activity continuously and compares it to the organization’s broader traffic patterns to determine when a client’s environment…
AI, Global Security News
Fake Google Security site uses PWA app to steal credentials, MFA codes
A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time passcodes, harvesting cryptocurrency wallet addresses, and proxying attacker traffic through victims’ browsers. […]
AI, Global Security News
How Deepfakes and Injection Attacks Are Breaking Identity Verification
Deepfakes and injection attacks are targeting identity verification moments, from onboarding to account recovery. Incode explains why enterprises must validate the full session—media, device integrity, and behavior—to stop synthetic and injected attacks in real time. […]
AI, Global Security News, Risk Management
Multiple Zero-Day Flaws in PDF Platforms Enable XSS and One-Click Attacks
16 zero-day security flaws found in Foxit and Apryse PDF platforms could lead to account takeover and RCE. Learn how AI identified these risks.
AI, Data Breaches, Global Security News
Data on 1.2 million French bank accounts accessed in registry breach
In late January 2026, a malicious intruder accessed France’s national bank account registry, FICOBA, enabling them to view information tied to 1.2 million accounts, the Ministry of the Economy and Finance disclosed on Wednesday. TV5 Monde reported that the perpetrator (or perpetrators) obtained login credentials belonging to a civil cervant authorized to use the database…
AI, Data Breaches, Exploits, Global Security News, privacy, Risk Management
Japanese sex toys maker Tenga discloses data breach
Sex toy maker Tenga says a hacker accessed an employee’s email account, potentially exposing customer names, emails, and order details. TENGA Co., Ltd. is a Tokyo-based Japanese sexual wellness and lifestyle company known for its innovative adult products. It employs roughly 125–200 people worldwide across its Japan headquarters and international offices. Tenga operates in personal…
Global Security News, Industry News, Kasada, Risk Management
Kasada Account Intelligence combats manual fraud and abuse
Kasada released Account Intelligence, a new product designed to detect account-level fraud and abuse. The goal is to prevent repeat abuse before it creates financial loss and unnecessary friction for customers. Enterprises are facing account and business-logic abuse that existing bot and fraud tools were never built to detect. In a single session, this human-driven…