Amazon has rejected over 1,800 job applications believed to be from North Korean agents since April 2024. The company combines AI analysis with manual checks to identify fraudulent applications aimed at gaining remote jobs and funding North Korea's weapons program.

This article explains how deepfakes are created and used in scams, highlighting common visual, auditory, and behavioral signs to identify them. It also offers practical advice on protecting yourself from deepfake attacks and what to do if you encounter one.

Gulshan Management Services confirmed a data breach affecting over 377,000 individuals, exposing sensitive information like Social Security numbers and financial details. The breach, discovered on September 27, 2025, went undetected for days, and notifications to affected individuals were delayed until January 2026. Multiple class action lawsuits are now targeting the company for inadequate security measures.

Petco reported a data breach that compromised customer personal information due to a software application error. The company is offering free credit monitoring to affected individuals but hasn't disclosed how many customers were impacted or what specific data was exposed.

Rainwalk, a pet insurance provider, has reportedly exposed sensitive customer data related to 158,000 pets, including personal and medical information. This data breach raises significant concerns about privacy and data security within the pet insurance industry as affected customers face potential identity theft and fraud risks.

Wealthsimple, a Canadian financial services firm, has reported a data breach affecting the personal data of less than 1% of its customers. The company confirmed that no funds or passwords were compromised, and it is offering affected users two years of complimentary credit monitoring and security advice. The breach was linked to a third-party software package and is not related to ongoing Salesforce data theft incidents.

Hackers are employing a sophisticated phishing technique that leverages legitimate Microsoft links and Active Directory Federation Services (ADFS) to redirect users to a counterfeit site designed to steal Microsoft 365 logins. By utilizing a trusted domain for redirection, attackers can bypass standard security measures, including multi-factor authentication. Researchers recommend monitoring for ADFS redirects and scrutinizing Google ads for potential malicious links.

The State Bar of Texas has reported a data breach after the INC ransomware gang claimed responsibility and leaked samples of stolen data. The breach occurred between January 28 and February 9, 2025, but was only discovered on February 12, leading to notifications sent to affected members and the offer of credit monitoring services.

Kelly Benefits has reported a data breach affecting over 550,000 customers, where unauthorized access to its IT systems occurred between December 12-17, 2024. The compromised information includes personal details such as names, Social Security numbers, and health insurance data, prompting the company to offer credit monitoring services to affected individuals.

Chess.com reported a data breach involving unauthorized access to a third-party file transfer application, affecting over 4,500 users' personally identifiable information. The platform has emphasized that its own infrastructure remains secure and no financial data was compromised, while offering impacted users identity theft protection services. Previous incidents include a massive scraping of user data due to an API flaw in November 2023.