Mailsploit – 30 email client applications affected
If you use Apple Mail(macOS, iOS, watchOS), Mozilla Thunderbird, several Microsoft email clients, Yahoo mail, ProtonMail, etc you may be affected by a collection of vulnerabilities that allows anyone to send spoofed emails bypassing anti-spoofing mechanisms.
What does it mean: if you receive an email that says “MailSploit” and it appears to be from a friend, please beware and seek help.
Besides spoofing, the researcher found some of the email clients, including Hushmail, Open Mailbox, Spark, and Airmail, are also vulnerable to cross-site scripting (XSS) vulnerabilities, which stems from the email spoofing issue.
Paypal subsidiary hacked
TIO Network is a cloud-based multi-channel bill payment processor and receivables management provider that serves the largest telecom, wireless, cable and utility bill issuers in North America. It was acquired by PayPal for US $23 million in July 2017.
Paypal discovered during an ongoing investigation for security vulnerabilities that TIO had been hacked. Paypal did not disclose much about it.