Short-form video platforms like TikTok and Instagram Reels have become the latest way cybercriminals spread malware.
We’ve already seen attackers move away from traditional phishing emails and toward tactics that trick people into installing malware themselves. Now they’re being lured with slick social media videos that promise free Spotify Premium, free Windows activation, or free Microsoft Office, but instead leave people with infostealers on their Windows devices.
Read more…
Source: MalwareBytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- M&S cyber attack deepens as tech partner TCS denies blame
June 20, 2025
Tata Consultancy Services (TCS), the tech firm at the centre of speculation around the M&S cyber attack, has claimed that none of its systems or users were compromised in the incident. The statement, delivered at the company’s annual shareholder meeting, is the first public comment from the group since M&S was hit by a major cyber ...
- Cybercriminals breach Aflac as part of hacking spree against US insurance industry
June 20, 2025
Cybercriminals have breached insurance giant Aflac, potentially stealing Social Security numbers, insurance claims and health information, the company said Friday, the latest in a spree of hacks against the insurance industry. With billions of dollars in annual revenue and tens of millions of customers, Aflac is the biggest victim yet in the ongoing digital assault on ...
- Iranian missile strikes tech park housing Microsoft office in Israel’s Beer Sheva
June 20, 2025
First responders are searching buildings for people wounded after an Iranian missile struck close to a tech park in the Israeli city of Beer Sheva, according to Israel’s emergency services agency Magen David Adom (MDA). MDA said they found six people who were slightly injured as a result of the strike, as they continue to search ...
- BeyondTrust Releases Security Advisory for Remote Support & Privileged Remote Access
June 19, 2025
BeyondTrust has released a security advisory to address a vulnerability in the Remote Support and Privileged Remote Access systems. Remote Support allows authorised individuals such as IT Helpdesk staff to connect to remote systems. Privileged Remote Access facilitates just-in-time secure access to enterprise environments. CVE-2025-5309 is an ‘improper control of generation of code’ vulnerability with a ...
- UBS bank reports data leak after attack on its external supplier
June 18, 2025
Zurich-based banking giant UBS Group has confirmed that company information was stolen during a cyberattack on one of its external suppliers, though it assured that no client data was compromised. The bank said the breach was part of a larger cyber incident affecting multiple companies, including former UBS affiliate Chain IQ and Swiss private bank Pictet. ...
- CVE-2025-4365/CVE Unassigned: NetScaler Console/SDX Authenticated Arbitrary File Read/Write (FIXED)
June 18, 2025
During root cause analysis for the NetScaler Console vulnerability, CVE-2024-6235, Rapid7 discovered two high severity authenticated arbitrary file read and write vulnerabilities which were disclosed to the vendor in accordance with our disclosure policy. An Arbitrary File Read vulnerability (CVE-2025-4365) was identified in NetScaler Console version 14.1.8.50 and found to affect versions of NetScaler Console and ...