During the past year, Let's Encrypt has issued a total of 15,270 SSL certificates that contained the word "PayPal" in the domain name or the certificate identity. Of these, approximately 14,766 (96.7%) were issued for domains that hosted phishing sites.
Security researchers from Proofpoint have come across a sophisticated phishing kit that automates the process of building and deploying high-end phishing pages, and which is extremely efficient at collecting login credentials and user details from PayPal users.
PayPal engineers have removed a "magic word" that would have allowed an attacker to obtain OAuth secret tokens for -- any -- PayPal application and access customer details.
Security researchers have come across a series of Minecraft money adders that promise to give users free in-game coins, but end up stealing their credentials.