Explore Problems

Showing 1,191 of 6,918 problems · matching your filters

Bank security alert systems fail to fire during active account takeover via phishing

Customers who configure bank security alerts for new device logins and failed password attempts receive no notifications when fraudsters are actively taking over their accounts via phishing. Alert systems that customers rely on as a safety net fail silently at exactly the moment they are needed. The combination of caller ID spoofing and alert failure gives attackers undetected access windows long enough to drain accounts.

1 mentions1 sources Trending
S6.5L7
Security & Compliance · Fraud Prevention

Debt collectors report unverified accounts past the validation window

Consumers who formally dispute and request validation of collection accounts report collectors failing to provide documentation while continuing to report the debts to credit bureaus, harming credit scores.

102 mentions1 sources Trending
S6.5L7
Consumer & Lifestyle · Personal Finance

Salesforce Locks Essential CRM Features Behind Expensive Add-On Tiers

Salesforce's pricing model places many of its most valuable features in premium add-on tiers, making the true cost of a functional deployment far higher than base plan pricing suggests. This tiered gating disproportionately affects mid-market companies that need advanced capabilities but cannot justify enterprise pricing. The practice has driven sustained interest in CRM alternatives with more transparent feature bundling.

8 mentions2 sources
S6.5L7
Business Operations · Sales & CRM

Phone Theft Enables Immediate High-Value Zelle and Venmo Fraud Banks Refuse to Refund

Thieves who steal unlocked phones can immediately execute thousands of dollars in Zelle and Venmo transfers before the owner can react. Payment apps treat physical phone possession as sufficient authorization, creating a structural gap where theft of a device equals theft of funds. Banks and payment platforms systematically deny fraud refunds for these transactions because the device was used directly.

1 mentions1 sources Trending
S6.6L7
Security & Compliance · Fraud Prevention

Air-Gapped Networks Have No Passive Threat Detection Without Active Scanning Risk

Security teams protecting air-gapped environments — defense, ICS, nuclear — cannot use conventional network detection tools that require active probes, which risk triggering false alerts or disrupting critical operations. Passive monitoring that can identify C2 beacons and DNS generation algorithm traffic without sending any packets is absent from the market. This leaves some of the highest-value targets with a fundamental detection blind spot.

1 mentions1 sources
S6.6L8
Security & Compliance · Network Security

MCP Servers Inject Context Tokens on Every Message Even When Not Used

Every configured MCP server injects tokens into the context window on each message, regardless of whether that server is needed for the current task. As developers add more MCP servers, context window bloat becomes severe and reduces effective model capacity. No selective MCP loading mechanism exists to activate servers only when relevant.

1 mentions1 sources Trending
S6.7L8
Developer Tools · AI & Machine Learning

Cloud AI Coding Agents Require Sharing Codebases; Local Models Lack Performance

Developers using cloud-based AI coding agents like Cursor, Codex, or Claude must expose their codebase to training pipelines. Switching to local models for privacy eliminates the performance needed for real coding tasks. No tool currently solves both privacy and performance simultaneously.

2 mentions0 sources Trending
S6.7L7
Developer Tools · AI & Machine Learning

npm Ecosystem Silently Executes Malicious Code via Transitive Dependencies

Every npm install is an implicit trust decision across hundreds of packages, any of which can execute arbitrary code via postinstall hooks with no user confirmation. The Axios backdoor attack demonstrated this at 80M weekly download scale, with sophisticated obfuscation and self-cleanup. Existing tools like Snyk detect known vulnerabilities but do not prevent silent postinstall execution from newly compromised accounts.

3 mentions2 sources
S6.7L8
Security & Compliance · Fraud Prevention

Malicious VSCode Extensions Can Breach Thousands of GitHub Repositories

A single malicious VSCode extension compromised 3,800 GitHub repositories, exposing a critical gap in extension marketplace security vetting. The extension marketplace provides no meaningful safety signals, leaving developers unable to assess extension trustworthiness at install time.

1 mentions1 sources Trending
S6.8L7
Security & Compliance · Application Security

Banking apps show transactions but provide no actionable spending intelligence

Most banking and personal finance apps display raw transaction lists without analyzing patterns, trends, or behavioral insights. Users cannot identify where their money actually goes without manual categorization in separate tools. The gap between data display and financial intelligence leaves the majority of banking customers without practical guidance.

1 mentions1 sources Trending
S6.8L7
Consumer & Lifestyle · Personal Finance

Identity theft debts keep appearing on credit reports despite disputes

Victims of data breaches and identity theft find fraudulent collection accounts and inquiries on their credit files. Despite FCRA blocking requirements, bureaus and furnishers continue reporting the inaccurate items.

149 mentions1 sources Trending
S7.2L7
Consumer & Lifestyle · Personal Finance
Previous60/60