Breaches

FedEx Database Access Allegedly Sold on Cybercrime Forum via Insider

Zero Day Wire

25 Jan 2026 — 1 min read

A threat actor is allegedly selling live access to FedEx's internal database through an insider, according to a post on a cybercrime forum.

The seller claims the access enables searching shipments by sender, viewing recipient and shipper details, sorting deliveries by location and package attributes, and the ongoing ability to work with others to target specific shipments.

Insider Threat

Unlike typical data breaches involving stolen databases, this listing advertises continuous access allegedly provided by someone within FedEx's operations. If legitimate, this would allow buyers to identify and potentially intercept high-value shipments in real-time.

Unverified Claims

The authenticity of the alleged access has not been independently verified. FedEx has not publicly commented on any insider compromise. Claims of insider access on cybercrime forums are sometimes exaggerated or fabricated to attract buyers.

Supply Chain Implications

Access to logistics data poses risks beyond customer privacy. Threat actors could use shipment information to identify valuable packages for theft, track executive movements, or gather intelligence on business operations.

Organizations relying on FedEx for sensitive shipments should monitor for any unusual activity and consider additional security measures for high-value deliveries.

PayPal Confirms Six-Month Data Exposure After Loan System Code Error Leaked Social Security Numbers

PayPal has confirmed a data exposure incident affecting its Working Capital (PPWC) business loan service, where a software code change left sensitive customer information accessible for nearly six months before being detected. The exposure ran from 1 July 2025 to 12 December 2025, when the error was finally discovered and

AWS Reports 600+ FortiGate Firewalls Compromised in AI-Augmented Campaign by Russian-Speaking Cybercrime Group

A financially motivated Russian-speaking cybercrime group compromised more than 600 internet-exposed FortiGate firewalls across 55 countries in just over a month, using off-the-shelf generative AI tools to scale an operation that would traditionally require a well-resourced team, according to a new incident report from AWS. The campaign, which ran from

ClickFix Campaign Compromises Legitimate Sites to Deploy MIMICRAT — A Custom C++ RAT With 22 Post-Exploitation Commands

Elastic Security Labs has disclosed a new ClickFix campaign that leverages compromised legitimate websites as delivery infrastructure to deploy a previously undocumented remote access trojan dubbed MIMICRAT (also tracked as AstarionRAT). The campaign, discovered earlier this month, demonstrates significant operational sophistication — from multi-stage PowerShell chains that bypass Windows security controls

ShinyHunters Linked to Device Code Vishing Attacks Targeting Microsoft Entra Accounts via OAuth 2.0 Abuse

A new wave of attacks is combining voice phishing (vishing) with OAuth 2.0 device authorization abuse to compromise Microsoft Entra accounts at technology, manufacturing, and financial organizations — bypassing traditional phishing infrastructure entirely. Sources told BleepingComputer they believe the ShinyHunters extortion gang is behind the campaigns, which the threat actors

Read more

PayPal Confirms Six-Month Data Exposure After Loan System Code Error Leaked Social Security Numbers

AWS Reports 600+ FortiGate Firewalls Compromised in AI-Augmented Campaign by Russian-Speaking Cybercrime Group

ClickFix Campaign Compromises Legitimate Sites to Deploy MIMICRAT — A Custom C++ RAT With 22 Post-Exploitation Commands

ShinyHunters Linked to Device Code Vishing Attacks Targeting Microsoft Entra Accounts via OAuth 2.0 Abuse