Explore Problems
Showing 1,191 of 6,918 problems · matching your filters
Bank security alert systems fail to fire during active account takeover via phishing
Customers who configure bank security alerts for new device logins and failed password attempts receive no notifications when fraudsters are actively taking over their accounts via phishing. Alert systems that customers rely on as a safety net fail silently at exactly the moment they are needed. The combination of caller ID spoofing and alert failure gives attackers undetected access windows long enough to drain accounts.
Debt collectors report unverified accounts past the validation window
Consumers who formally dispute and request validation of collection accounts report collectors failing to provide documentation while continuing to report the debts to credit bureaus, harming credit scores.
Salesforce Locks Essential CRM Features Behind Expensive Add-On Tiers
Salesforce's pricing model places many of its most valuable features in premium add-on tiers, making the true cost of a functional deployment far higher than base plan pricing suggests. This tiered gating disproportionately affects mid-market companies that need advanced capabilities but cannot justify enterprise pricing. The practice has driven sustained interest in CRM alternatives with more transparent feature bundling.
Phone Theft Enables Immediate High-Value Zelle and Venmo Fraud Banks Refuse to Refund
Thieves who steal unlocked phones can immediately execute thousands of dollars in Zelle and Venmo transfers before the owner can react. Payment apps treat physical phone possession as sufficient authorization, creating a structural gap where theft of a device equals theft of funds. Banks and payment platforms systematically deny fraud refunds for these transactions because the device was used directly.
Air-Gapped Networks Have No Passive Threat Detection Without Active Scanning Risk
Security teams protecting air-gapped environments — defense, ICS, nuclear — cannot use conventional network detection tools that require active probes, which risk triggering false alerts or disrupting critical operations. Passive monitoring that can identify C2 beacons and DNS generation algorithm traffic without sending any packets is absent from the market. This leaves some of the highest-value targets with a fundamental detection blind spot.
MCP Servers Inject Context Tokens on Every Message Even When Not Used
Every configured MCP server injects tokens into the context window on each message, regardless of whether that server is needed for the current task. As developers add more MCP servers, context window bloat becomes severe and reduces effective model capacity. No selective MCP loading mechanism exists to activate servers only when relevant.
Cloud AI Coding Agents Require Sharing Codebases; Local Models Lack Performance
Developers using cloud-based AI coding agents like Cursor, Codex, or Claude must expose their codebase to training pipelines. Switching to local models for privacy eliminates the performance needed for real coding tasks. No tool currently solves both privacy and performance simultaneously.
npm Ecosystem Silently Executes Malicious Code via Transitive Dependencies
Every npm install is an implicit trust decision across hundreds of packages, any of which can execute arbitrary code via postinstall hooks with no user confirmation. The Axios backdoor attack demonstrated this at 80M weekly download scale, with sophisticated obfuscation and self-cleanup. Existing tools like Snyk detect known vulnerabilities but do not prevent silent postinstall execution from newly compromised accounts.
Malicious VSCode Extensions Can Breach Thousands of GitHub Repositories
A single malicious VSCode extension compromised 3,800 GitHub repositories, exposing a critical gap in extension marketplace security vetting. The extension marketplace provides no meaningful safety signals, leaving developers unable to assess extension trustworthiness at install time.
Banking apps show transactions but provide no actionable spending intelligence
Most banking and personal finance apps display raw transaction lists without analyzing patterns, trends, or behavioral insights. Users cannot identify where their money actually goes without manual categorization in separate tools. The gap between data display and financial intelligence leaves the majority of banking customers without practical guidance.
Identity theft debts keep appearing on credit reports despite disputes
Victims of data breaches and identity theft find fraudulent collection accounts and inquiries on their credit files. Despite FCRA blocking requirements, bureaus and furnishers continue reporting the inaccurate items.