Svoboda Cybersecurity Brief December 15, 2025

Askul confirms 740,000 records breached in ransomware attack

Japanese office supplies retailer Askul disclosed a ransomware attack compromising 740,000 records, including corporate client data (590,000) and e-commerce customer data (130,000). The Ransomhouse group leaked data on its dark web site, but no credit card details were exposed, and no ransom was paid.
Source: DataBreaches.net

PayPal subscriptions abused to send phishing emails

Scammers are exploiting PayPal’s Subscriptions feature to send legitimate-looking emails from service@paypal.com, embedding fake purchase alerts in the Customer Service URL field. The emails bypass spam filters due to valid DKIM/SPF checks and aim to trick recipients into calling fraudulent support numbers.
Impact: Targets may fall for financial fraud or malware installation.
Mitigation: PayPal is mitigating the method; users should verify charges via official accounts and avoid calling embedded numbers.
Source: BleepingComputer

Share this brief: https://svo.bz/QLqC