Short-form video platforms like TikTok and Instagram Reels have become the latest way cybercriminals spread malware.
We’ve already seen attackers move away from traditional phishing emails and toward tactics that trick people into installing malware themselves. Now they’re being lured with slick social media videos that promise free Spotify Premium, free Windows activation, or free Microsoft Office, but instead leave people with infostealers on their Windows devices.
Read more…
Source: MalwareBytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Petco’s security lapse affected customers’ SSNs, drivers’ licenses and more
December 8, 2025
Last week, pet products and services giant Petco confirmed that it experienced a data breach involving customers’ personal information, without specifying what type of data was affected. On Friday, in a legally required filing with Texas’ attorney general’s office, Petco reported that the affected data included: names, Social Security numbers, driver’s license numbers, financial information such ...
- Poland detains three Ukrainians over possession of hacking equipment
December 8, 2025
A Polish court has ordered three Ukrainian nationals held on charges of computer fraud and possessing hardware and software designed to commit crimes, including a suspected attempt to damage IT data deemed crucial to national defence. The three men, aged 43, 42 and 39, were detained after a roadside check in Warsaw, Polish state news agency ...
- New Prompt Injection Attack Vectors Through MCP Sampling
December 5, 2025
This article examines the security implications of the Model Context Protocol (MCP) sampling feature in the context of a widely used coding copilot application. MCP is a standard for connecting large language model (LLM) applications to external data sources and tools. We show that, without proper safeguards, malicious MCP servers can exploit the sampling feature for ...
- Trump’s national security strategy wants spy agencies to watch world supply chains
December 5, 2025
President Donald Trump’s national security strategy tasks the U.S. intelligence community with monitoring global supply chains as part of a sweeping goal to decouple the nation’s economy from foreign adversaries and advance American economic interests. The demands listed in the 33-page strategy document published late Thursday reflect how aggressively the Trump administration is directing federal agencies ...
- Leaks show Intellexa burning zero-days to keep Predator spyware running
December 5, 2025
Intellexa is a well-known commercial spyware vendor, servicing governments and large corporations. Its main product is the Predator spyware. An investigation by several independent parties describes Intellexa as one of the most notorious mercenary spyware vendors, still operating its Predator platform and hitting new targets even after being placed on US sanctions lists and being under ...
- CVE-2025-55182 React vulnerability could soon be exploited – so patch now
December 5, 2025
eact is one of the most popular JavaScript libraries, which powers much of today’s internet. Researchers recently discovered a maximum-severity vulnerability. This bug could allow even the low-skilled threat actors to execute malicious code (RCE) on vulnerable instances. Earlier this week, the React team published a new security advisory detailing a pre-authentication bug in multiple versions ...