High profile TikTok accounts, including CNN, Sony, and—er—Paris Hilton have been targeted in a recent attack.
CNN was the first account takeover that made the news, with Semafor reporting that the account was down for several days after the incident. According to Forbes, the attack happens without the account owner needing to click on or open anything—known as a zero-click attack. All they need to do is open a DM. The account is then taken over and the user loses access.
Read more…
Source: Malwarebytes Labs
Related:
- Fortinet Flaws Exploited by Qilin Ransomware
June 8, 2025
Fortinet was recently found to have certain vulnerabilities that hackers like the Qilin group exploited. Here’s how they manipulated these weaknesses: Misconfigurations in security appliances provided a direct entry point for Qilin.Outdated Software: Failure to update Fortinet software allowed the ransomware to exploit known vulnerabilities. Qilin also employs social engineering tactics to gain unauthorized access: Phishing Attacks: Targeting employees ...
- FBI probes effort to impersonate White House chief of staff Susie Wiles
May 29, 2025
One or more unknown people accessed White House chief of staff Susie Wiles’ personal cellphone and used her contacts file to reach out to other top officials and impersonate her, sources told CBS News Thursday. Some of the recipients realized the messages were suspicious because the texts and calls came from an unknown number, sources said, ...
- Zanubis in motion: Tracing the active evolution of the Android banking malware
May 28, 2025
Zanubis is a banking Trojan for Android that emerged in mid-2022. Since its inception, it has targeted banks and financial entities in Peru, before expanding its objectives to virtual cards and crypto wallets. The main infection vector of Zanubis is impersonating legitimate Peruvian Android applications and then misleading the user into enabling the accessibility permissions. Once ...
- Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
May 22, 2025
The possibility that data could be inadvertently exposed in a misconfigured or otherwise unsecured database is a longtime privacy nightmare that has been difficult to fully address. But the new discovery of a massive trove of 184 million records—including Apple, Facebook, and Google logins and credentials for accounts connected to multiple governments—underscores the risks of recklessly ...
- Threat Group Assessment: Muddled Libra
May 16, 2025
Palo Alto researchers have added an additional section to this article that describes the evolution of Muddled Libra activity since the beginning for 2024. This group is a dynamic one, and as members cycle in and out of the group, its knowledgebase and skill set naturally shift. Its toolbox has now expanded to include: Social engineering of ...
- Senior US Officials Impersonated in Malicious Messaging Campaign
May 15, 2025
FBI is issuing this announcement to warn and provide mitigation tips to the public about an ongoing malicious text and voice messaging campaign. Since April 2025, malicious actors have impersonated senior US officials to target individuals, many of whom are current or former senior US federal or state government officials and their contacts. If you receive ...