Topic: account hijacking
-
Rising Google Ads MCC Takeover Scams: How Phishing Attacks Work
A surge in sophisticated phishing attacks is compromising Google Ads Manager accounts, allowing fraudsters to drain advertising budgets of tens of thousands of dollars within hours, even bypassing two-factor authentication. Attackers use deceptive emails that mimic legitimate Google invitations, ...
Read More » -
Brave Exposes Critical AI Browser Security Flaws
Brave uncovered critical security flaws in AI browsers like Perplexity Comet and Fellou, where malicious websites can hijack AI assistants to access sensitive user accounts and data through indirect prompt injection attacks. These vulnerabilities allow attackers to embed hidden commands in webpag...
Read More » -
ConsentFix Attack Hijacks Microsoft Accounts via Azure CLI
A new phishing campaign called **ConsentFix** compromises Microsoft accounts by exploiting the legitimate Azure CLI OAuth application, bypassing passwords and multi-factor authentication. The attack deceives users into authenticating themselves via a fake CAPTCHA and a Microsoft login page, then ...
Read More » -
Malicious 'TradingView Premium' Ads Spread from Meta to Google
A malvertising campaign has expanded from Facebook to Google Ads, using fake offers of free TradingView Premium to distribute advanced information-stealing malware. The scam involves hijacking legitimate Google Ads accounts and verified YouTube channels, which are rebranded to impersonate Trading...
Read More » -
8 Essential WhatsApp Security Features to Protect Your Privacy
WhatsApp's end-to-end encryption is a strong security foundation, but users must actively manage privacy settings due to ongoing threats like account hijacking and data exposure. Key built-in privacy tools include the Privacy Checkup for controlling profile visibility and contacts, and Disappeari...
Read More » -
New TheTruthSpy Flaw Exposes Phone Spyware Victims
A critical vulnerability in TheTruthSpy spyware platform allows attackers to hijack accounts and access sensitive personal data from compromised devices without consent. TheTruthSpy has a history of security failures, including multiple data breaches and inadequate protection practices, yet conti...
Read More » -
Malicious npm Code Infiltrated 10% of Cloud Environments
A supply chain attack using malicious npm packages has compromised about 10% of cloud environments, initiated by a threat actor who hijacked a developer's account to publish trojanized packages. The malicious code, which embedded crypto-stealing malware to intercept and reroute cryptocurrency tra...
Read More » -
Fake npm 2FA Reset Email Used to Hijack Popular Code Packages
A phishing campaign compromised at least 18 widely used JavaScript npm packages, injecting malicious code to hijack cryptocurrency transactions and highlighting supply chain vulnerabilities. The attack began when a developer fell for a convincing phishing email, allowing the threat actor to take ...
Read More » -
Why Attackers Are Phishing on LinkedIn
Phishing attacks have expanded beyond email, with 34% now occurring on platforms like LinkedIn, targeting executives in finance and tech sectors, but are severely underreported due to reliance on email-focused security metrics. LinkedIn phishing evades conventional defenses by bypassing email sec...
Read More » -
Cybercriminals Are Exploiting YouTube's Blind Spots
YouTube's massive user base and algorithmic design are exploited by scammers to spread malware, hijack accounts, and run fraudulent schemes through deceptive videos that mimic legitimate content. Deepfake technology is increasingly used in cryptocurrency scams, with AI-generated videos of celebri...
Read More » -
Beware: Fake LastPass Emails Mimic Backup Alerts
A new phishing campaign is impersonating LastPass with urgent emails, using deceptive subject lines and links to malicious sites designed to steal master passwords and compromise password vaults. LastPass has confirmed the campaign is fraudulent, stating it never asks for master passwords or urge...
Read More »