This week’s cybersecurity news is dominated by a surge in holiday-themed threats, including a massive “mega-leak” of 16 billion credentials and a wave of over 30,000 Christmas-themed phishing emails. Major incidents reported this week include a significant data breach at 700Credit exposing 5.6 million Social Security numbers and a widespread “ToolShell” exploitation targeting SharePoint servers. Meanwhile, the SEC has filed charges against several crypto firms involved in a $14 million investment scam, underscoring the industrial scale of modern online fraud.
Warning: Protect Yourself from “Pig Butchering” and Holiday Fraud
“Pig butchering” is a predatory scam where fraudsters spend weeks or months building a fake romantic or friendly relationship to “fatten up” a victim’s trust before “slaughtering” them for their life savings. Be extremely cautious of unsolicited “wrong number” texts, strangers on dating apps who steer the conversation toward lucrative cryptocurrency or investment opportunities, and any platform that shows massive profits but demands extra fees to withdraw. During this holiday season, also stay alert for “too good to be true” social media ads, fake package delivery notifications, and urgent requests for payment via gift cards—all common tactics used to exploit your generosity and seasonal distractions.