Key developments
Eurail breach hits 308,777 travelers
Eurail B.V. said attackers accessed its customer database and transferred files from its network on December 26, 2025. A later review found the stolen files contained full names, passport details, ID numbers, IBAN bank account data, health information, email addresses and phone numbers for 308,777 people. The company said notification letters went out on March 27 and that attackers posted a sample on Telegram and tried to sell the data on the dark web.
Why it matters
The breach exposes highly sensitive travel and identity data that can be used for phishing, fraud and account takeover.
Sources & driving stories
BLEEPINGCOMPUTER · Sergiu Gatlan
BleepingComputer coverageAdobe Reader zero-day abused since December
Researchers Haifei Li and Gi7w0rm found a malicious PDF campaign exploiting an Adobe Reader zero-day that has been active since at least December. Opening a crafted PDF was enough to steal data through Acrobat APIs, with possible follow-on remote code execution or sandbox escape; the lures referenced oil and gas industry events in Russian. Li notified Adobe, and defenders were told not to open untrusted PDFs until a patch is available.
Why it matters
A months-long, one-click Reader exploit could affect large numbers of users before a fix ships.
Sources & driving stories
BLEEPINGCOMPUTER · Sergiu Gatlan
BleepingComputer coverageSVG skimmer targets Magento checkout pages
Sansec found a skimming campaign affecting nearly 100 Magento and Adobe Commerce stores. Attackers hid code in a 1x1 SVG element with an onload handler, showed a fake secure checkout overlay, validated card numbers and exfiltrated card and billing data as obfuscated JSON to six domains hosted at IncogNet. The campaign was tied to the PolyShell vulnerability disclosed in mid-March.
Why it matters
It shows ecommerce attackers are still harvesting customer payment data with stealthier injection techniques.
Sources & driving stories
BLEEPINGCOMPUTER · Bill Toulas
BleepingComputer coverageWorth noting
WORTH NOTING
South Carolina flags 99 breaches
The state notice aggregates recent disclosures from Prosper Marketplace, Kaplan North America and PowerSchool, showing how widespread legacy breach notifications remain.
WORTH NOTING
Digital devices expand surveillance risk
Ars Technica's interview with Andrew Guthrie Ferguson argues that navigation apps, wearables and smart medical tools already let police infer movements, health and associations from consumer data.
Still unclear
OPEN QUESTION
Will Eurail clarify DiscoverEU exposure?
Understanding whether young travelers' passport and health data were exposed will shape fraud risk and notification obligations.
OPEN QUESTION
How long will Adobe leave Reader exposed?
The exploit works on the latest version and only requires opening a PDF, so patch timing determines how long users remain at risk.