Short-form video platforms like TikTok and Instagram Reels have become the latest way cybercriminals spread malware.
We’ve already seen attackers move away from traditional phishing emails and toward tactics that trick people into installing malware themselves. Now they’re being lured with slick social media videos that promise free Spotify Premium, free Windows activation, or free Microsoft Office, but instead leave people with infostealers on their Windows devices.
Read more…
Source: MalwareBytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Notes of cyber inspector: three clusters of threat in cyberspace
September 10, 2025
Hacktivism and geopolitically motivated APT groups have become a significant threat to many regions of the world in recent years, damaging infrastructure and important functions of government, business, and society. In late 2022 Kaspersky predicted that the involvement of hacktivist groups in all major geopolitical conflicts from now on will only increase and this is what ...
- Unmasking The Gentlemen Ransomware: Tactics, Techniques, and Procedures Revealed
September 9, 2025
In August 2025, Trend Micro investigated a new ransomware campaign orchestrated by The Gentlemen, an emerging and previously undocumented threat group. This threat actor quickly established itself within the threat landscape by demonstrating advanced capabilities through their systematic compromise of enterprise environments. By adapting their tools mid-campaign—shifting from generic anti-AV utilities to highly targeted, specific variants—the ...
- UK: Jeremy Clarkson’s Cotswolds pub targeted in cyber attack
September 7, 2025
Jeremy Clarkson’s pub has become the latest victim of cyber-criminals who managed to steal £27,000 from the establishment. The Farmer’s Dog fell prey to hackers who employed sophisticated methods to infiltrate the accounts of the Cotswolds venue during a recent digital assault. The criminals made off with the substantial sum in an attack reminiscent of those ...
- Columbia University data breach hits 870,000 people
September 6, 2025
Columbia University recently confirmed a major cyberattack that compromised personal, financial, and health-related information tied to students, applicants, and employees. The victims include current and former students, employees, and applicants. Notifications to affected individuals began on August 7 and are continuing on a rolling basis. Columbia, one of the oldest Ivy League universities, discovered the breach ...
- CMS Sitecore patches critical zero-day flaw
September 5, 2025
Popular CMS platform Sitecore has patched a critical zero-day vulnerability found to be being abused in cyberattacks. Security researchers from Mandiant observed threat actors exploiting a zero-day flaw to deploy malware, as well as other legitimate software. The flaw stemmed from the use of sample ASP.NET machine keys published in old deployment guides (pre-2017), and is ...
- Range Rover and Jaguar drivers face lengthy repair delays after cyber attack crippled garages
September 4, 2025
More than a million Range Rover and Jaguar drivers could face huge delays in getting their motors repaired after a devastating cyber-attack crippled Jaguar Land Rover. Bosses at Jaguar Land Rover (JLR) were forced to scramble on Sunday, hastily shutting down global computer systems to protect sensitive information. Efforts are still ongoing to reboot the company’s ...