Pierluigi Paganini
April 14, 2025
Threat actors deploy malicious NPM packages to steal PayPal credentials and hijack cryptocurrency transfers. Fortinet researchers discovered multiple malicious NPM packages that are used to target PayPal users. The packages were uploaded to the repository in early March by a threat actor known as tommyboy_h1 and tommyboy_h2, and were used to steal PayPal credentials and hijack cryptocurrency transfers. “Using PayPal-related […]
Pierluigi Paganini
January 20, 2023
PayPal is sending out data breach notifications to thousands of users because their accounts were compromised through credential stuffing attacks. PayPal announced that 34942 customers’ accounts have been compromised between December 6 and December 8. The company added that the unauthorized accessed were the result of credential stuffing attacks and that its systems were not […]
Pierluigi Paganini
May 23, 2022
A security researcher announced the discovery of an unpatched flaw in PayPal that could allow attackers to steal money from users. TheHackerNews first reported that a security researcher (that goes online with the moniker h4x0r_dz) has discovered an unpatched flaw in PayPal that could allow attackers to trick users into completing transactions controlled by the […]
Pierluigi Paganini
February 24, 2018
Paypal issue allows for enumeration of the last four digits of payment method and for the disclosure of account balance and recent transactions of any given PayPal account. Introduction This post details an issue which allows for enumeration of the last four digits of payment method (such as a credit or debit card) and for […]
Pierluigi Paganini
December 03, 2017
PayPal confirmed that one of the companies it owns, TIO Networks, suffered a security breach, that affected 1.6 million customers. PayPal confirmed that one of the companies it owns, TIO Networks, suffered a security breach, hackers have accessed servers that stored information for 1.6 million customers. The company TIO Networks was recently acquired by PayPal for […]
Pierluigi Paganini
August 01, 2016
Experts from Proofpoint discovered that the Banking trojan Chthonic was distributed via ‘legitimate’ PayPal accounts by abusing the “money request” feature. The imagination of cyber criminals is a never-ending pit, according to the security firm Proofpoint, crooks are abusing PayPal to distribute the Chtonic banking trojan. Chtonic is a strain of the most notorious Zeus Trojan, the […]
Pierluigi Paganini
June 25, 2016
PayPal has fixed a vulnerability that could have been exploited by attackers to deliver malicious images through the payment pages of the website. The Security researcher Aditya K Sood discovered a vulnerability that could have been exploited by attackers to deliver malicious image through the payment pages of the PayPal website. The expert noticed that the […]
Pierluigi Paganini
March 30, 2016
PayPal has just fixed a security vulnerability that could have been exploited to send malicious emails to users via its platform. Researchers at security firm Vulnerability Lab have discovered a filter bypass and an application-side input validation vulnerability that allowed attackers to inject malicious code into emails sent by the PayPal platform. “A persistent input validation & mail […]
Pierluigi Paganini
October 04, 2015
Security experts at Trend Micro have uncovered a spam campaign spreading a bogus PayPal app to steal German users’ banking credentials. A spam campaign is targeting German Andoird users, the malicious emails impersonate PayPal trying to trick the recipient into downloading a bogus PayPal app update that hides a banking Trojan. “Mobile banking is now used by […]
Pierluigi Paganini
September 07, 2015
Security experts at Vulnerability Lab have discovered a restriction filter bypass vulnerability affecting the PayPal mobile app. Under specific conditions, PayPal can ask users to confirm their identity to prevent frauds. When users are asked to verify their identity, their account is not accessible and in order to unblock it PayPal request them to make […]
