Cybersecurity threats are becoming increasingly diverse, ranging from financial scams targeting the general public to data tracking aimed at professionals, posing a serious challenge to user privacy.
According to a report by BleepingComputer, several U.S. states are currently grappling with a new wave of "traffic violation" smishing (SMS phishing) attacks. Scammers are impersonating local courts, sending victims fake "default notices." Unlike traditional phishing attempts that rely on malicious links, this campaign uses an image of a court summons containing a QR code. Once scanned, victims are redirected to a phishing site that tricks them into paying a $6.99 "fine," allowing the attackers to harvest their personal financial information.
This campaign has already impacted states including New York, California, Texas, and New Jersey. The messages received by victims claim: "This notice serves as a final urgent warning regarding an unpaid traffic violation for a vehicle registered to you in New York State; this matter has now moved to formal enforcement." A significant number of users have already reported these targeted fraudulent messages.
Data Tracking Controversy on Professional Networking Platforms
Meanwhile, the professional networking site LinkedIn has been thrust into a privacy firestorm. A report titled "BrowserGate," published by Fairlinked e.V., reveals that the Microsoft-owned platform is using hidden JavaScript scripts embedded in its web pages to secretly scan the extensions installed in users' browsers.
Technical analysis indicates that the script can identify over 6,000 browser extensions and link the findings to specific professional identities. The report states: "LinkedIn is scanning for over 200 products that directly compete with its own sales tools, including Apollo, Lusha, and ZoomInfo. Because LinkedIn knows the employer of every user, it can map out exactly which companies are using competitor products."
BleepingComputer confirmed parts of these allegations through independent testing, observing that LinkedIn’s web pages load a JavaScript script with a randomized filename. The script probes for specific extension IDs; while such techniques could only identify about 2,000 plugins in 2025, the scope has expanded significantly. The report notes that LinkedIn uses this data to target users of third-party tools and send them enforcement warnings—a practice that effectively extracts customer lists from thousands of software companies without user consent.
