High profile TikTok accounts, including CNN, Sony, and—er—Paris Hilton have been targeted in a recent attack.
CNN was the first account takeover that made the news, with Semafor reporting that the account was down for several days after the incident. According to Forbes, the attack happens without the account owner needing to click on or open anything—known as a zero-click attack. All they need to do is open a DM. The account is then taken over and the user loses access.
Read more…
Source: Malwarebytes Labs
Related:
- WhatsApp security flaw lets experts scrape 3.5 billion user numbers
November 21, 2025
WhatsApp users may need to take extra steps to protect their account information following a potentially concerning discovery. A study by researchers at the University of Vienna revealed the app’s contact-discovery system enabled the collection of extensive WhatsApp user data at an unprecedented scale due to insufficient rate-limiting across global endpoints. The researchers were able to ...
- Irish regulator launches investigation into X over handling of reports from users
November 12, 2025
Ireland’s media regulator has commenced a formal investigation into X over concerns about how it handles reported content. Coimisiún na Meán suspects the platform, formerly known as Twitter, may not be in compliance with its obligations under Article 20 of the Digital Services Act (DSA), which sets out rules on how complaints should be managed by ...
- Clearview AI faces criminal heat for ignoring EU data fines
October 28, 2025
Privacy advocates at Noyb filed a criminal complaint against Clearview AI for scraping social media users’ faces without consent to train its AI algorithms. Austria-based Noyb (None of Your Business) is targeting the US company and its executives, arguing that if successful, individuals who authorized the data collection could face criminal penalties, including imprisonment. The complaint ...
- The Golden Scale: Notable Threat Updates and Looking Ahead
October 20, 2025
Palo Alto Unit 42 recently published an Insights piece “The Golden Scale: Bling Libra and the Evolving Extortion Economy,” which primarily focused on the Salesforce data theft extortion activity. This was associated with the cybercriminal syndicate known as Scattered LAPSUS$ Hunters. Since early October 2025, the researchers have observed several notable developments within a Telegram channel ...
- Maverick: a new banking Trojan abusing WhatsApp in a mass-scale distribution
October 15, 2025
A malware campaign was recently detected in Brazil, distributing a malicious LNK file using WhatsApp. It targets mainly Brazilians and uses Portuguese-named URLs. To evade detection, the command-and-control (C2) server verifies each download to ensure it originates from the malware itself. The whole infection chain is complex and fully fileless, and by the end, it will ...
- Australia’s politicians and businesspeople private phone numbers leaked online amid huge data breach
October 13, 2025
The private phone numbers of some Australia’s most high-profile politicians and businesspeople have been leaked online, including those of the prime minister and Opposition leader. A third-party website is reportedly using artificial intelligence to trawl through other sites like LinkedIn, lifting the personal details of politicians. The site boasts to have the personal phone numbers and ...