Watch out, TikTok Business users! 🚨 We've uncovered a new phishing campaign designed to steal your account access, using a...

#CyberSecurity #BreachAndBuild #TikTokForBusiness #PhishingScam #AccountTakeover

breachandbuild.com/tiktok-for-business-acco...

Inside a Modern Fraud Attack: From Bot Signups to Account Takeovers Modern fraud operates as a multi-stage chain where attackers combine bots, aged or leaked credentials, residential proxies, and human operators to move from signup to cash-out. Defenders must correlate IP, identity, device, and behavioral signals in a unified risk model to reduce false positives and stop coordinated abuse. #IPQS #credentialstuffing

Modern fraud combines bots, leaked credentials, residential proxies, and human operators in a multi-stage attack from signup to cash-out. Unified risk models that correlate IP, identity, device, and behavior reduce false positives. #FraudPrevention #AccountTakeover

FBI Warns Of Russia, Iran Cyber Activity
Read More: buff.ly/4qt8Mtm

#FBIwarning #CISA #RussiaCyber #IranCyber #SignalPhishing #AccountTakeover #SocialEngineering #SecureMessaging

Offensive security research hub Discover original 0-days, detailed advisories, and stories behind the offensive security research team at Pentest-Tools.com. Explore latest findings.

Chain it with PTT-2025-026 and you're looking at a 9.8 Critical unauthenticated RCE. One array to rule them all! 💍

Full PoC here: pentest-tools.com/research

#offensivesecurity #vulnerabilityresearch #infosec #accounttakeover

Your Help Desk Agent Can't Tell It's Not You Anymore - Trusona AI voice cloning now takes three seconds of audio. Deepfake fraud attempts hit 1 in 127 calls at retail contact centers. Are you absolutely sure it's really your employee?

In 2024, a finance worker at engineering firm Arup joined a video call to verify a suspicious wire transfer. The CFO was there. So were several senior colleagues.

www.trusona.com/blog/your-he...

#IdentityImpersonationDetection #Deepfake #AccountTakeover #HelpDeskSecurity #ITSecurity

FBI Warns Of Signal, WhatsApp Phishing
Read More: buff.ly/vd2FSfZ

#SignalPhishing #WhatsAppPhishing #AccountTakeover #VerificationCodeScam #RussiaCyber #FBIwarning #SocialEngineering #SecureMessaging

Allure Security Raises $17 Million for Online Brand Protection Write 2 sentences summarizing the content. At the end, add hashtags for specific keywords mentioned in the article—such as names of malware, threat actors, or affected organizations/systems. Avoid general terms like #malware, #ransomware, or #cybersecurity. Use this format: #Keyword1 #Keyword2...

Allure Security secured $17M in Series B funding to advance its AI-driven platform that protects brands by detecting and disrupting phishing across the internet, social media, and dark web. #AccountTakeover #PhishingProtection #USA

Max severity Ubiquiti UniFi flaw may allow account takeover Ubiquiti patched two vulnerabilities in the UniFi Network Application, including a maximum-severity path traversal flaw (CVE-2026-22557) that can enable account takeover. The flaws affect UniFi Network 10.1.85 and earlier and were fixed in 10.1.89 or later, amid a history of Ubiquiti devices being abused by state-backed actors and criminal botnets. #CVE-2026-22557 #Ubiquiti

Ubiquiti patched two critical UniFi Network flaws including CVE-2026-22557, a max-severity path traversal vulnerability enabling account takeover without user interaction. Fixed in version 10.1.89+. #Ubiquiti #AccountTakeover #SecurityUpdate

Residential Proxies: When "Normal" Traffic Becomes a Risk Multiplier “Normal traffic” is now an attacker costume. 🥸🏠 Residential proxies borrow real home ISP IPs, making sprays/scrapes/SaaS intrusion blend in. Don’t rage-block—use tiered friction (identity+behavior)…

Pi Day in 2 days. Attackers are borrowing real home IPs via residential proxies—so your geo/IP blocks are basically cosplay. Tiered friction or enjoy ATO 🍰🕵️

Read the AlphaHunt brief + subscribe: blog.alphahunt.io/residential-...

#AlphaHunt #CyberSecurity #AccountTakeover #Fraud

The Business Cost of Social Engineering Goes Far Beyond IT - Trusona Social engineering attacks are no longer just an IT problem. In 2026, their true cost spans financial loss, operational disruption, legal exposure, insurance friction, and long term reputational damag...

A single support interaction should not become a business crisis. But in 2026, that is exactly what happens.

The real cost is everything that follows.

Read the full breakdown: www.trusona.com/blog/the-bus...

#socialengineering #accounttakeover #ithelpdesk

Iran’s Internet Went to Zero on Jan 8—Will Account Takeovers Spike in the Next 2–3 Weeks? Iran’s internet goes dark → attackers don’t stop. They speed-run creds and hit post-auth collection the moment connectivity blips back. ⏱️🔑👀

Iran’s internet went to zero. Attackers didn’t. When it comes back: reset chaos + “support” calls = account takeovers. Valentine’s gift? More MFA prompts. 💘🔐

Read the 2–3 week ATO forecast + subscribe: blog.alphahunt.io/irans-intern...

#AlphaHunt #CyberSecurity #AccountTakeover #MFA

Spice's in control now. Consent is attractive yes, but so is obedience. 😈 #AccountTakeover #PossessiveEnergy #AmateurCouple #AfterDarkEnergy

Police arrests distributor of JokerOTP password-stealing bot - Help Net Security The Dutch National Police made an arrest in a cybercrime investigation involving JokerOTP, a bot used to intercept one-time passwords.

Police arrests distributor of JokerOTP password-stealing bot

🔗 Read more: www.helpnetsecurity.com/2026/02/13/j...

#cybercrime #accounttakeover #cybersecuritynews

Original post on batchats.net

Well that was fun. Got a cold call from somebody at "Google" claiming that the owner of my Gmail account was reported deceased. Pretty sure I'm not dead yet.

Looks like it was an AI-assisted account takeover attempt. Be careful out there. Google won't call you. #scam #scammers #accounttakeover […]

Germany Warns of Signal Phishing Attacks
Read More: buff.ly/ttVlquY

#SignalPhishing #AccountTakeover #SocialEngineering #SecureMessaging #GermanyCyber #TargetedAttacks #ThreatIntel #CyberAlert

Iran’s Internet Went to Zero on Jan 8—Will Account Takeovers Spike in the Next 2–3 Weeks? Iran’s internet goes dark → attackers don’t stop. They speed-run creds and hit post-auth collection the moment connectivity blips back. ⏱️🔑👀

Internet in Iran hit *zero* Jan 8. When it flickers back, creds get speed-run and ATOs bloom in 2–3 weeks—right as 149M passwords “accidentally” leak. Groundhog Day for your login 🕵️‍♂️🔥

Read the playbook + subscribe: blog.alphahunt.io/irans-intern...

#AlphaHunt #CyberSecurity #Iran #AccountTakeover

Man Pleads Guilty To Hacking 600 Accounts
Read More: buff.ly/90X2Rp6

#AccountTakeover #CyberCrime #Sextortion #DigitalAbuse #PrivacyViolation #LawEnforcement #CyberSafety #Infosec

Why Identity Security Is the #1 Cyber Priority for Boards in 2026 - Trusona Identity security has become the top cyber priority for boards in 2026. Learn why identity risk now drives financial, operational, and reputational exposure, and how CISOs are reframing the conversati...

Your board can be the backdoor to your company. Standard risk and verification checks no longer hold up.

Read our blog to learn more:
www.trusona.com/blog/identit...

Are you keeping up?

#identityverification #accounttakeover #RiskManagement

Iran’s internet hit literal zero on Jan 8. When it blips back, expect phishing + account takeovers to speed-run the chaos—because “national security” always pairs well with credential stuffing. 🔌🕵️

#AlphaHunt #CyberSecurity #Iran #AccountTakeover

Iran pulled the plug Jan 8. Attackers didn’t “pause”—they queued phishing + password resets for the reconnect. If your org still leans on SMS/MFA recovery, enjoy the ATO afterparty 🔥🔐

#AlphaHunt #CyberSecurity #AccountTakeover #ZeroTrust

Account-Takeover-Übernahme verhindern

#AccountTakeover #Angriffsfläche #CredentialStuffing #Cybersicherheit #Cybersecurity #Kompromittierung #künstlicheIntelligenz @Thales


netzpalaver.de/2026/...

Perplexity Perplexity is a free AI-powered answer engine that provides accurate, trusted, and real-time answers to any question.

When cybercrime becomes a subscription service and your company is still doing annual training, you need a premium IDV to keep up.

Get started for free today.

www.perplexity.ai/page/ai-powe...

#CyberSecurity #CyberCrime #FraudPrevention #IdentityVerification #AccountTakeover #SocialEngineering

Tennessee Man Hacks Supreme Court System
Read More: buff.ly/HhMtMV6

#CyberCrime #CourtSystems #StolenCredentials #AccountTakeover #GovSecurity #DataPrivacy #JusticeDepartment #InfosecNews #CyberLaw

Facebook Login Thieves Use Browser Trick
Read More: buff.ly/sDDDIrO

#BrowserInBrowser #FacebookPhishing #CredentialTheft #AdvancedPhishing #AccountTakeover #SocialEngineering #CyberAwareness

Man Charged In Snapchat Hacking Case
Read More: buff.ly/M03uWKG

#SnapchatHack #PhishingAttack #AccountTakeover #ImageAbuse #CyberCrimeCharges #OnlineExploitation #DigitalSafety

BaseFortify CVE report screenshot highlighting CVSS scores, mitigation guidance, and risk analysis for CVE-2025-15115.

⚠️ Why this matters:

Attackers can abuse weak OAuth validation to gain full control over Petlibro accounts, no password needed. This can expose feeds and controls.

🛡️ Mitigation:
• Update devices immediately
• Disable social login if possible
• Monitor unusual logins

#IoTRisk #AccountTakeover #CVE

Why the Leak of 16 Billion Passwords Remains a Live Cybersecurity Threat in 2025  As the year 2025 comes to an end people are still talking about a problem with cybersecurity. This problem is really big. It is still causing trouble. A lot of passwords and login credentials were exposed. We are talking about 16 billion of them. People first found out about this problem earlier, in the year.. The problem is not going away. Experts who know about security say that these passwords and credentials are being used again in cyberattacks. So the problem is not something that happened a time ago it is still something that is happening now with the cybersecurity incident and the exposure of these 16 billion passwords and login credentials.  The big problem is that people who do bad things on the internet use something called credential stuffing attacks. This is when they try to log in to lots of websites using usernames and passwords that they got from somewhere else. They do this because lots of people use the password for lots of different things. So even if the bad people got the passwords a time ago they can still use them to get into accounts. If people did not change their passwords after the bad people got them then their accounts are still not safe today. Credential stuffing attacks are a deal because of this. Credential stuffing attacks can get into accounts if the passwords are not changed.  Recently people who keep an eye on these things have noticed that there has been a lot credential stuffing going on towards the end of the year. The people who study this stuff saw an increase in automated attempts to log in to virtual private network platforms. Some of these platforms were seeing millions of attempts to authenticate over short periods of time. Credential stuffing attacks, like these use computers to try a lot of things quickly rather than trying to find new ways to exploit software vulnerabilities. This just goes to show that credential stuffing can be very effective because it only needs a list of credentials that have been compromised to get around the security defenses of private network platforms and credential stuffing is a big problem.  The thing about this threat is that it just will not go away. We know this because the police found hundreds of millions of stolen passwords on devices that belonged to one person. People in charge of security say that this shows how long passwords can be used by people after they have been stolen. When passwords get out they often get passed from one person to another which means they can still be used for a time after they were first stolen. This is the case, with stolen passwords. Password reuse is a problem. People use the password for lots of things like their personal stuff, work and bank accounts.  This is not an idea because if someone gets into one of your accounts they can get into all of them. That means they can do a lot of damage like steal your money use your identity or get your information. Password reuse is a risk factor and it makes it easy for bad people to take over all of your accounts. Security professionals say that when you take action to defend yourself is very important. If you wait until something bad happens or your account is compromised it can cause a lot of damage. You should take steps before anything bad happens.  For example you should check the databases that list breached information to see if your credentials are exposed. This is an important thing to do to stay safe. If you can you should stop using passwords and start using stronger ways to authenticate, like passkeys. Security professionals think that passkeys are a safer way to do things and they can really reduce the risk of something bad happening to your Security. Checking for exposed credentials and using passkeys are ways to defend yourself and stay safe from people who might try to hurt you or your Security. When we talk about accounts that still use passwords experts say we should use password managers.  These managers help us create and store passwords for each service. This way if someone gets one of our passwords they cannot use it to get into our accounts. Password managers make sure we have strong passwords for each service so if one password is leaked it does not affect our other accounts.  Experts, like password managers because they help keep our accounts safe by making sure each one has a password. The scale of the 16 billion credential leak serves as a reminder that cybersecurity incidents do not end when headlines fade. Compromised passwords retain their threat value for months or even years, and ongoing vigilance remains essential.  As attackers continue to exploit old data in new ways, timely action by users remains one of the most effective defenses against account takeover and identity-related cybercrime.

Why the Leak of 16 Billion Passwords Remains a Live Cybersecurity Threat in 2025 #Accountsecurity #AccountTakeover #CompromisedPasswords

Fake Bank Sites Linked To 28 Million Fraud
Read More: buff.ly/j4KKjS9

#BankFraud #AccountTakeover #PhishingAds #SearchEngineScams #CredentialTheft #CyberCrimeNetwork #FraudPrevention

How to Stop Social Engineering Account Takeovers: 2026 Guide - Trusona Learn how organizations can stop social engineering–driven account takeover in 2026 by securing account recovery and help desk workflows with authoritative identity verification.

Account takeover no longer starts with stolen credentials. Attackers now exploit human trust through phishing, SIM swap attacks, deepfakes, and help desk manipulation.

Read the full guide here:
www.trusona.com/blog/2026-gu...

#Cybersecurity #AccountTakeover #SocialEngineering #InfoSec

GhostPairing Attack Puts Millions of WhatsApp Users at Risk   An ongoing campaign that aims to seize control of WhatsApp accounts by manipulating WhatsApp's own multi-device architecture has been revealed by cybersecurity experts in the wake of an ongoing, highly targeted attack designed to illustrate the increasing complexity of digital identity threats.  Known as GhostPairing, the attack exploits the trust inherent in WhatsApp's system for pairing devices - a feature that allows WhatsApp Web users to send encrypted messages across laptops, mobile phones, and browsers by using the WhatsApp Web client.  Through a covert means of guiding victims into completing a legitimate pairing process, malicious actors are able to link an attacker-controlled browser as a hidden companion device to the target account, without alerting the user or sending him/her any device notifications at all.  The end-to-end encryption and frictionless cross-platform synchronization capabilities of WhatsApp remain among the most impressive in the industry, but investigators warn that these very strengths of the service have been used to subvert the security model, which has enabled adversaries to have persistent access to messages, media, and account controls. Although the encryption remains intact in such a scenario technically, it will be strategically nullified if the authentication layer is compromised, allowing attackers to read and reply to conversations from within their own account. This effectively converts a feature that was designed to protect your privacy into an entry point for silent account takeovers, effectively converting a privacy-first feature into a security-centric attack. Analysts have characterized GhostPairing as a methodical account takeover strategy that relies on WhatsApp’s legitimate infrastructure of device linkage as a means of obtaining access to accounts instead of compromising WhatsApp’s security through conventional methods of authentication. In this technique, users are manipulated socially so that they link an external device, under the false impression that they are completing a verification process.  As a general rule, an attack takes place through messages appearing to come from trusted contacts, often compromised accounts, and containing links disguised as photos, documents, or videos. Once accessed by victims, these links lead them to fake websites meticulously modeled after popular social media platforms such as Facebook and WhatsApp, where allegedly the victim will be asked to enter his or her phone number as part of an authentication process.  Moreover, the pages are designed to generate QR codes that are used to verify customer support, comply with regulations regarding KYC, process job applications, update KYC records, register promotional events, or recover account information. By scanning QR codes that mirror the format used by WhatsApp Web, users unintentionally link their accounts to those of attackers, not realizing they are scanning QR codes that are actually the same format used by WhatsApp Web.  It is important to know that once the connection is paired, it runs quietly in the background, and the account owner does not receive an explicit login approval or security alert. Although WhatsApp’s encryption remains technically intact, the compromise at the device-pairing layer allows threat actors to access private communications in a way that effectively sidesteps encryption by allowing them to enter authenticated sessions from within their own account environment, even though WhatsApp’s encryption has remained unbroken technologically.  The cybercriminals will then be able to retrieve historical chat data, track incoming messages in real time, view and transmit shared media — including images, videos, documents, and voice notes — and send messages while impersonating the legitimate account holder in order to take over the account. Additionally, compromised accounts are being repurposed as propagation channels for a broader range of targets, further enlarging the campaign's reach and scale.  The intrusion does not affect normal app behavior or cause system instability, so victims are frequently unaware of unauthorized access for prolonged periods of time, which allows attackers to maintain persistent surveillance without detection for quite a while.  The campaign was initially traced to users in the Czech Republic, but subsequent analysis has shown that the campaign's reach is much larger than one specific country. During their investigation, researchers discovered that threat actors have been using reusable phishing kits capable of rapid replication, which allows operations to scale simultaneously across countries, languages, and communication patterns.  A victim's contact list is already populated with compromised or impersonated accounts, providing an additional layer of misplaced trust to the outreach, which is what initiates the attack chain. In many of these messages, the sender claims that they have found a photograph and invites their recipients to take a look at it through a link intentionally designed to look like the preview or media viewer for Facebook content.  As soon as the link is accessed, users are taken to a fake, Facebook-branded verification page that requires them to authenticate their identity before they can view the supposed content. The deliberate mimicry of familiar interfaces plays a central role in lowering suspicions, thereby encouraging victims to complete verification steps with little hesitation, according to security analysts.  A study published by Gen Digital's threat intelligence division indicates that the campaign is not relying on malware deployments or credential interceptions to execute. This malware manipulates WhatsApp's legitimate device-pairing system instead.  As a consequence of the manipulation, WhatsApp allows users to link browsers and desktop applications together for the purpose of synchronizing messaging. Attackers can easily bind an unauthorized browser to an account by convincing the users to voluntarily approve the connection. In other words, they are able to bypass encryption by entering through a door of authentication that they themselves unknowingly open, rather than breaking it. It has become increasingly apparent that threat actors are moving away from breaking encryption towards undermining the mechanisms governing access to it, as evidenced by GhostPairing. As part of this attack, people are using WhatsApp's unique feature: frictionless onboarding and the ability to link their devices to their account with just a phone number in order to extend your account to as many devices as they like.  The simplicity of WhatsApp, often cited as a cornerstone of the company's global success, means that users don't have to enter usernames or passwords, reinforcing convenience, but inadvertently exposing more vulnerabilities to malicious use. WhatsApp's end-to-end encryption architecture further complicates things, since it provides every user with their own private key.  Private cryptographic keys that are used to securely encrypt the content of the messages are stored only on the user's device, which theoretically should prevent eavesdropping unless an attacker is able to physically acquire the device or deploy malware to compromise it remotely if it can be accessed remotely.  By embedding an attacker's device within an authenticated session, GhostPairing demonstrates that a social engineering attack can circumvent encryption without decrypting the data, but by embedding an attacker's device within a session in which encrypted content is already rendered readable, thus circumventing the encryption.  Researchers have found that the technique is comparatively less scalable on platforms such as Signal, which supports only QR-based approvals for pairing devices, and this limitation has been noted to offer some protection against similar thematically driven device linking techniques.  The analysts emphasize from a defensive standpoint that WhatsApp provides users with an option to see what devices are linked to them through their account settings section titled Linked Devices. In this section, unauthorized connections can, in principle, be identified, as well. The attackers may be able to establish silent persistence through fraudulently linking devices, but they cannot remove or revoke their device access themselves, since the primary registered device remains in charge of revocation.  The addition of two-step PIN verification as a mitigation, which prevents attackers from making changes to an account's primary email address, adds additional hurdles for attackers. However, this control does not hinder access to messages once pairing has been completed. Especially acute consequences exist for organizations. A common way for employees to communicate is via WhatsApp, which can sometimes lead to informal group discussions involving multiple members - many of which are conducted outside of formal documentation and oversight. It has been recommended by security teams to assume the existence of these shadow communication clusters, rather than treat them as exceptions, but as a default risk category.  A number of industry guidelines (including those that have prevailed for the past five years) emphasize the importance of continued user awareness, and in particular that users should be trained in identifying phishing attempts, unsolicited spam, and the like, even if the attempt seems to come from well-known contacts or plausible verification attempts.  The timing of the attack is difficult to determine when viewed from a broader perspective, but there are no signs that there is any relief. According to a report published by Meta in April of this year, millions of WhatsApp users had their mobile numbers exposed, and Meta confirmed earlier this year that the Windows desktop application had security vulnerabilities. In parallel investigations, compromised Signal-based messaging tools have also been found to have been compromised by political figures and senior officials, confirming that cross-platform messaging ecosystems, regardless of whether or not they use encryption strength, are now experiencing identity-layer vulnerabilities that must be addressed with the same urgency as network or malware attacks have been traditionally addressed. The GhostPairing campaign signals a nuanced, yet significant change in techniques for gaining access to accounts, which reflects a longer-term trend in which attackers attempt to gain access to identities through behavioral influence rather than technical subversion.  Threat actors exploit WhatsApp's ability to link devices exactly as it was intended to work, whereas they decrypt the secure communication or override authentication safeguards in a way that seems to be more effective.  They engineer moments of cooperation through the use of persuasive, familiar-looking interfaces. A sophisticated attack can be carried out by embedding fraudulent prompts within convincingly branded verification flows, which allows attackers to secure enduring access to victim accounts with very little technical skill, relying on legitimacy by design instead of compromising the systems. There is a warning from security researchers that this approach goes beyond regional boundaries, as scalable phishing kits and interface mimicry enable multiple countries to deploy it across multiple languages.  A similar attack can be attempted on any digital service that allows set-up via QR codes or numeric confirmation steps, irrespective of whether the system is built on a dedicated platform or not. This has an inherent vulnerability to similar attacks, especially when human trust is regarded as the primary open-source software vulnerability.  Analysts have emphasized that the attack's effectiveness stems from the convergence of social engineering precision with permissive multi-device frameworks, so that it allows adversaries to penetrate encrypted environments without any need to break the encryption at all — and to get to a session in which all messages have already been decrypted for the authenticated user.  It is encouraging to note that the defensive measures necessary to combat such threats are still relatively straightforward. The success rate of such deception-driven compromises could be significantly reduced if regular device hygiene audits, greater user awareness, and modest platform refinements such as clearer pairing alerts and tighter device verification constraints were implemented.  Especially for organizations that are exposed to undocumented employee group chats that operate outside the formal oversight of the organization are of crucial importance for reducing risk. User education and internal reporting mechanisms are crucial components of mitigating risks.  Amidst the rapid increase in digital interactions, defenders are being urged to treat vigilance in the process not as an add-on practice, but rather as a foundational layer of account security for the future. GhostPairing's recent appearance serves to serve as a reminder that the security of modern communication platforms is no longer solely defined by encryption standards, rather by the resilience of the systems that govern access to them, and that the security of these systems must be maintained at all times. It is evident that as messaging ecosystems continue to grow and integrate themselves into everyday interactions — such as sharing personal media or coordinating workplace activities — the balance between convenience and control demands renewed scrutiny.  It is strongly advised for users to follow regular digital safety practices, such as verifying unexpected links even if they are sent by familiar contacts, regularly auditing linked devices, and activating two-factor safeguards, such as two-step PIN verification, to ensure that their data is secure. As organizations become increasingly aware of threats beyond the perimeter of their organizations, they should cultivate a culture of internal threat reporting that ensures that unofficial communication groups are acknowledged in risk models rather than ignored.  Security teams are advised to conduct phishing awareness drills, make device-pairing alerts more clear at the platform level, and conduct periodic access hygiene reviews of widely used communication channels, such as encrypted messengers, for a number of reasons.  With the incidence of identity-layer attacks on the rise, researchers emphasize that informed users remain the best countermeasure against silent account compromise - making awareness the best strategic strategy in the fight against silent account compromises, not only as a reactive habit, but as a long-term advantage.

GhostPairing Attack Puts Millions of WhatsApp Users at Risk #AccountTakeover #browserhijacking #CyberFraud