Threat actors could exploit a new unpatched security flaw in PayPal's money transfer service to facilitate clickjacking attacks, which involve deceiving targets into interacting with webpage elements that trigger malicious activity, reports The Hacker News.