Short-form video platforms like TikTok and Instagram Reels have become the latest way cybercriminals spread malware.
We’ve already seen attackers move away from traditional phishing emails and toward tactics that trick people into installing malware themselves. Now they’re being lured with slick social media videos that promise free Spotify Premium, free Windows activation, or free Microsoft Office, but instead leave people with infostealers on their Windows devices.
Read more…
Source: MalwareBytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Weaponized AI Assistants & Credential Thieves
October 9, 2025
Just weeks after the s1ngularity attack weaponized AI assistants, the NPM ecosystem was rocked by a far more dangerous threat: a self-propagating worm named Shai-Hulud. In a sobering demonstration of this rapid escalation in attack techniques, the worm has compromised over 187 packages, including several developer-facing tools published by cybersecurity firm CrowdStrike. These two distinct events ...
- Hack on Japan’s biggest brewer renews concerns over cyberattack readiness
October 8, 2025
Japan’s favorite beer brand is reeling from a cyberattack that paralyzed its production last week. Its factories have started brewing again, and some truckloads of beer are leaving its warehouses, but the attack has spotlighted the poor cybersecurity readiness among top-tier companies in the world’s fifth-largest economy. On Tuesday, Qilin, a ransomware group with a track ...
- Security bug in India’s income tax portal exposed taxpayers’ sensitive data
October 7, 2025
The Indian government’s tax authority has fixed a security flaw in its income tax filing portal that was exposing sensitive taxpayers’ data, TechCrunch has exclusively learned and confirmed with authorities. The flaw, discovered in September by a pair of security researchers Akshay CS and “Viral,” allowed anyone who was logged into the income tax department’s e-Filing ...
- Oracle patches actively exploited zero-day vulnerability in E-Business Suite
October 6, 2025
Oracle has patched a critical vulnerability in E-Business Suite that was actively exploited in data theft attacks by the Clop group. This is a zero-day vulnerability, registered as CVE-2025-61882, which allows remote code execution on affected systems without authentication. The flaw is located in the Concurrent Processing component of Oracle E-Business Suite, in the integration with ...
- Discord hit by data breach after hackers strike support tickets
October 6, 2025
Discord has warned users it suffered a cyberattack which caused a potentially worrying data breach. In a data breach notification announcement posted on the company’s blog, Discord said a third party, providing customer support services, was breached. “The unauthorized party then gained access to information from a limited number of users who had contacted Discord through ...
- Hacking group claims theft of 1 billion records from Salesforce customer databases
October 3, 2025
A notorious predominantly English-speaking hacking group has launched a website to extort its victims, threatening to release about a billion records stolen from companies who store their customers’ data in cloud databases hosted by Salesforce. The loosely organized group, which has been known as Lapsus$, Scattered Spider, and ShinyHunters, has published a dedicated data leak site ...