VulnHub

Fintech company Figure has confirmed a data breach resulting from a phishing attack that targeted one of its employees. The attackers used social engineering tactics to deceive the employee and gain access to a limited number of files. A spokesperson for Figure stated that while the breach is concerning, the extent of the data compromised is not extensive. This incident raises alarms about the effectiveness of employee training and awareness regarding phishing tactics, which continue to be a significant vulnerability for many organizations. Users and stakeholders of Figure should remain vigilant and monitor for any unusual activity related to their accounts.

Odido, a telecommunications company, reported a significant data breach that exposed the personal information of approximately 6.2 million customers. The incident occurred over the weekend of February 7, when attackers accessed Odido's customer contact system. This breach raises serious concerns about data privacy and security, as it potentially includes sensitive information that could be misused by malicious actors. Customers may now face risks such as identity theft or phishing attacks, making it crucial for them to monitor their accounts and take protective measures. Odido has not disclosed specific details about how the breach happened or what steps they are taking to prevent future incidents.

1Password has introduced a new open source benchmark called the Security Comprehension and Awareness Measure (SCAM) to address a gap in AI security. Research indicates that while some AI models can accurately identify phishing websites, when these models operate as autonomous agents with access to tools like email and password managers, they can still fall for scams. The SCAM benchmark aims to evaluate whether these AI agents can safely handle sensitive information without leaking credentials. This initiative is important as it seeks to enhance the security of AI applications, helping to prevent potential misuse by attackers. By focusing on the behavior of AI in real-world scenarios, 1Password is taking a proactive step in AI safety.

In 2025, phishing attacks have evolved significantly, with new tactics gaining traction among cybercriminals. Notably, attackers are using scam QR codes to trick users into revealing personal information. Additionally, 'ClickFix' attacks have emerged, where malicious links appear to fix common issues but instead lead to phishing sites. Another trend includes lures related to ChatGPT subscriptions, enticing users with fake offers. These developments show that users need to be increasingly vigilant about suspicious links and offers, as scammers continue to adapt their methods. Companies and individuals alike must prioritize security awareness to combat these evolving threats effectively.

Volvo Group North America has reported a data breach that occurred due to a cyberattack on Conduent, a business services company that provides IT support to Volvo. The breach exposed customer data, although specific details about what information was compromised have not been disclosed. This incident raises concerns about the security of third-party vendors and the risks they pose to their clients. As companies increasingly rely on external service providers, the need for robust security measures in these partnerships becomes even more critical. Customers of Volvo Group North America should remain vigilant about potential impacts from this breach, including possible phishing attempts or identity theft.

The European Commission has reported a cyber attack on its mobile infrastructure, which potentially exposed the names and phone numbers of its staff members. This breach raises concerns about the security of sensitive personal information within a major governmental body. Such incidents can lead to targeted phishing attacks and further exploitation of the compromised data. The European Commission has not disclosed specific details about how the attack occurred or whether it has affected other systems. The revelation serves as a reminder of the ongoing risks faced by public institutions in safeguarding their digital assets.

Microsoft is currently investigating an issue with Exchange Online that incorrectly identifies legitimate emails as phishing attempts, leading to their quarantine. Users of Exchange Online are facing disruptions as important emails may be blocked or filtered out. This problem raises concerns about email security and the reliability of filtering systems, as it could hinder communication and operations for businesses relying on this service. Microsoft has not yet provided a timeline for resolving the issue, leaving users uncertain about when they can expect a fix. This situation emphasizes the need for effective email security measures and accurate detection systems to prevent legitimate correspondence from being flagged incorrectly.

Substack has confirmed that it experienced a data breach, although the company did not disclose how many users were affected. While the details surrounding the breach remain limited, Substack mentioned that only a small amount of user data was compromised. This incident raises concerns about the security of users' personal information on the platform, especially given the growing number of breaches affecting online services. Users of Substack should remain vigilant, as data breaches can lead to phishing attempts and other security risks. The lack of specific details about the breach leaves many questions unanswered, particularly regarding what types of data were compromised and how the breach occurred.

Flickr has informed its users about a data breach linked to a security flaw in a third-party email vendor. This issue may have led to the exposure of user information, including usernames, email addresses, IP addresses, and activity logs. Although Flickr did not specify how many users were affected, the incident raises concerns about the security of personal data held by external partners. Users should be vigilant about potential phishing attempts or unauthorized access to their accounts, as this type of leaked information can often be exploited for malicious purposes. The situation serves as a reminder for companies to carefully vet their third-party vendors to protect user data.