VulnHub

Real-time Cybersecurity News

Beware: PayPal subscriptions abused to send fake purchase emails

BleepingComputer
Actively Exploited
Phishing

Overview

A new email scam is exploiting PayPal's subscription feature to send deceptive purchase notifications. These emails appear legitimate as they come from PayPal but contain links directing users to fraudulent sites. The scam takes advantage of the way PayPal's subscription system generates email notifications, making it challenging for recipients to discern the authenticity of the messages. Users who fall for these scams could inadvertently share personal information or financial details with malicious actors. It's crucial for PayPal users to be cautious when receiving unexpected purchase notifications and to verify any claims before taking action.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: PayPal users
  • Action Required: Users should verify email sender addresses, avoid clicking on links in unexpected emails, and report suspicious messages to PayPal.
  • Timeline: Newly disclosed

Original Article Summary

An email scam is abusing abusing PayPal's "Subscriptions" billing feature to send legitimate PayPal emails that contain fake purchase notifications embedded in the Customer service URL field. [...]

Impact

PayPal users

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Users should verify email sender addresses, avoid clicking on links in unexpected emails, and report suspicious messages to PayPal.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Phishing.

Read Original Article

Related Coverage

ROCA: Infineon TPM and Secure Element RSA Vulnerability Guidance

NCSC Feed

The ROCA vulnerability affects certain Infineon Trusted Platform Modules (TPMs) and Secure Elements, which are used in various devices for secure cryptographic functions. This flaw allows attackers to potentially recover private RSA keys, compromising the security of encrypted communications and data for users. Devices that utilize these components could be at risk, making it crucial for manufacturers and users to assess their systems. The vulnerability is significant because it could expose sensitive information and undermine trust in security protocols. Users and organizations that rely on affected devices need to take immediate action to secure their systems and protect their data.

Feb 28, 3025

Cyber Assessment Framework 3.2

NCSC Feed

The latest version of the Cyber Assessment Framework (CAF) has been released, aiming to address the rising threats to critical national infrastructure. This update emphasizes the need for organizations to reassess their cybersecurity strategies in light of evolving risks. The framework aims to provide guidance on how to enhance resilience against potential cyberattacks that could impact essential services and systems. It is particularly relevant for government agencies, utility providers, and other sectors that rely on critical infrastructure. By adopting the updated CAF, organizations can better prepare for and mitigate the risks posed by increasingly sophisticated cyber threats.

Jan 22, 2277

NCSC Playbook Embeds Cyber Essentials in Supply Chains

Infosecurity Magazine

The UK’s National Cyber Security Centre (NCSC) is urging businesses to implement the Cyber Essentials framework within their supply chains. This initiative aims to enhance cybersecurity practices among suppliers, which are often the weakest link in a company’s security posture. By adopting these guidelines, businesses can better protect themselves from cyber threats that may arise from third-party vendors. The NCSC emphasizes that this step is crucial for safeguarding sensitive data and maintaining customer trust. As cyber attacks become more sophisticated, ensuring that suppliers meet certain cybersecurity standards is essential for overall security.

Dec 15, 2025

Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide

Hackread – Cybersecurity News, Data Breaches, AI, and More

In December 2025, researchers identified a serious vulnerability in React, designated as CVE-2025-55182, which has led to a surge in attacks on services that use React2Shell. This vulnerability affects numerous applications built with the React framework, making them targets for malicious actors. Attackers are exploiting this flaw to gain unauthorized access to systems, which could lead to data breaches or service disruptions. Organizations utilizing React-enabled services are urged to take immediate action to safeguard their systems. The situation is critical, as the exploitation of this vulnerability poses significant risks to businesses and users globally.

Dec 15, 2025

Microsoft: December security updates cause Message Queuing failures

BleepingComputer

Microsoft has acknowledged that its December 2025 security updates are causing failures in Message Queuing (MSMQ) functionality. This issue is impacting enterprise applications and Internet Information Services (IIS) websites, potentially disrupting business operations. Users and organizations relying on these services may experience significant downtime and communication issues, as MSMQ is crucial for message delivery in distributed applications. Microsoft has not yet provided specific patches or workarounds to resolve this problem, leaving affected users in a challenging situation until a fix is released. This situation highlights the importance of thorough testing of security updates before deployment, especially in enterprise environments.

Dec 15, 2025

Apple Patches Two Zero-Days Tied to Mysterious Exploited Chrome Flaw

SecurityWeek

Apple has issued updates for macOS and iOS to address two zero-day vulnerabilities in WebKit that were found to be exploited in a highly sophisticated attack. These vulnerabilities could allow attackers to execute malicious code on affected devices, potentially compromising user data and privacy. The updates are crucial for users of Apple's platforms, as they help protect against active threats that exploit these flaws. Users are encouraged to install the latest updates to ensure their devices are secure. This incident also raises concerns about the interconnectedness of browser vulnerabilities, as these flaws are linked to a Chrome exploit, indicating that security issues can cross platform boundaries.

Dec 15, 2025