Meta Enhances Age-Verification Tools to Curb Underage Access Meta has significantly upgraded its age-verification processes by implementing an AI-driven system that analyzes images and videos on platforms like Instagram and Facebook. This initiative aims to identify and remove accounts belonging to users under the age of 13 by assessing “visual…
Noodlophile Malware Campaign Broadens Global Scope with Targeted Copyright Phishing Tactics
Aug 18, 2025
Malware / Enterprise Security
The Noodlophile malware actors are intensifying their reach, employing spear-phishing emails and enhanced delivery techniques to target enterprises in the U.S., Europe, Baltic countries, and the Asia-Pacific (APAC) region. According to Morphisec researcher Shmuel Uzan, “The Noodlophile campaign, active for over a year, now utilizes sophisticated spear-phishing emails masquerading as copyright infringement notices, complete with reconnaissance-driven details such as specific Facebook Page IDs and company ownership information.” Previously reported by a cybersecurity vendor in May 2025, the Noodlophile campaign initially leveraged fake AI-powered tools as malware lures, which were promoted on social media platforms like Facebook. The shift to copyright infringement tactics, however, is not a new strategy.
Noodlophile Malware Campaign Broadens Its Global Impact Through Copyright Phishing Tactics As of August 18, 2025, the Noodlophile malware campaign has intensified its operations, targeting businesses across the U.S., Europe, the Baltic nations, and the Asia-Pacific region. The cybercriminals orchestrating this campaign are employing sophisticated spear-phishing tactics, utilizing emails that…
Noodlophile Malware Campaign Broadens Global Scope with Targeted Copyright Phishing Tactics
Aug 18, 2025
Malware / Enterprise Security
The Noodlophile malware actors are intensifying their reach, employing spear-phishing emails and enhanced delivery techniques to target enterprises in the U.S., Europe, Baltic countries, and the Asia-Pacific (APAC) region. According to Morphisec researcher Shmuel Uzan, “The Noodlophile campaign, active for over a year, now utilizes sophisticated spear-phishing emails masquerading as copyright infringement notices, complete with reconnaissance-driven details such as specific Facebook Page IDs and company ownership information.” Previously reported by a cybersecurity vendor in May 2025, the Noodlophile campaign initially leveraged fake AI-powered tools as malware lures, which were promoted on social media platforms like Facebook. The shift to copyright infringement tactics, however, is not a new strategy.
Consumer Federation of America Files Lawsuit Against Meta Over Allegations of Fraudulent Advertising The Consumer Federation of America (CFA), a nonprofit organization, has initiated legal proceedings against Meta, asserting that the company’s management of scammers on its platforms transgresses consumer protection laws in Washington, DC. This lawsuit highlights concerns around…
June 15, 2021
Instagram has resolved a significant vulnerability that permitted anyone to access archived posts and stories from private accounts without needing to follow them. Security researcher Mayur Fartade revealed in a Medium post today that “this bug could have allowed a malicious user to view targeted media on Instagram.” By leveraging the Media ID, an attacker could see details of private posts, stories, reels, and IGTV videos without following the user. Fartade reported the issue to Facebook’s security team on April 16, 2021, and the flaw was patched on June 15, leading to a $30,000 reward for his efforts through the company’s bug bounty program. Although exploiting this vulnerability required knowledge of the media ID, Fartade demonstrated that by brute-forcing the identifiers, it was feasible to send a POST request to a GraphQL endpoint and access sensitive information. As a result of this flaw, details like likes, comments, and saves could have been exposed.
Instagram Security Vulnerability Exposed Private Accounts June 15, 2021 Instagram has recently addressed a significant security vulnerability that permitted unauthorized access to archived media from private accounts. This flaw allowed any individual to view posts and stories of users without needing to follow them, raising serious concerns about personal data…
June 15, 2021
Instagram has resolved a significant vulnerability that permitted anyone to access archived posts and stories from private accounts without needing to follow them. Security researcher Mayur Fartade revealed in a Medium post today that “this bug could have allowed a malicious user to view targeted media on Instagram.” By leveraging the Media ID, an attacker could see details of private posts, stories, reels, and IGTV videos without following the user. Fartade reported the issue to Facebook’s security team on April 16, 2021, and the flaw was patched on June 15, leading to a $30,000 reward for his efforts through the company’s bug bounty program. Although exploiting this vulnerability required knowledge of the media ID, Fartade demonstrated that by brute-forcing the identifiers, it was feasible to send a POST request to a GraphQL endpoint and access sensitive information. As a result of this flaw, details like likes, comments, and saves could have been exposed.
Feb 23, 2013
Microsoft has confirmed that it is the latest target of a cyber attack, with a small number of its computers, including some within its Mac software division, infected by malware. The company noted that the malicious software shares similarities with those used in recent attacks on Facebook and Apple. Microsoft provided limited details about the breach, stating, “We have no evidence of customer data being affected and our investigation is ongoing.” During the investigation, it was determined that a small number of computers had been compromised employing tactics documented by other organizations. “This type of cyber attack is not unexpected for Microsoft and other companies facing persistent and determined adversaries,” the company remarked. Last week, Apple reported its…
Microsoft Falls Victim to Cyber Attack Date: February 23, 2013 In a significant cybersecurity breach, Microsoft has confirmed that it has become the latest target of a sophisticated cyber attack, affecting a limited number of its computers, including those within its Mac software division. The company reported that these systems…
Feb 23, 2013
Microsoft has confirmed that it is the latest target of a cyber attack, with a small number of its computers, including some within its Mac software division, infected by malware. The company noted that the malicious software shares similarities with those used in recent attacks on Facebook and Apple. Microsoft provided limited details about the breach, stating, “We have no evidence of customer data being affected and our investigation is ongoing.” During the investigation, it was determined that a small number of computers had been compromised employing tactics documented by other organizations. “This type of cyber attack is not unexpected for Microsoft and other companies facing persistent and determined adversaries,” the company remarked. Last week, Apple reported its…
Recent reports indicate that many individuals—including prominent journalists and cybersecurity professionals—are being targeted by a sophisticated OAuth phishing campaign masquerading as a legitimate Google Docs sharing notification. Upon receiving a seemingly innocuous email claiming that a contact has shared a document, users are advised not to click the link under…
Title: Facebook Privacy Breach: Apps Expose User Data to Third Parties Recent investigations have spotlighted significant privacy concerns surrounding Facebook, revealing a troubling trend among popular third-party applications that compromise user data. Notably, games such as Farmville and Texas HoldEm Poker have been implicated in leaking unique Facebook IDs, which…
### Recent Facebook Messenger Malware Campaign A concerning cybersecurity threat has emerged within Facebook Messenger, where users are encountering deceptive video links purportedly sent by friends, which can lead to malicious software installations. Researchers at Kaspersky Lab have uncovered a cross-platform malware campaign targeting users through these seemingly innocuous links.…
A new phishing scam targeting Facebook users has emerged, exploiting the platform’s “Trusted Contacts” feature to deceive victims into compromising their own accounts. Reports indicate that attackers are leveraging previously compromised accounts of friends to initiate urgent requests for recovery assistance, creating a facade of legitimacy that can trick even…
