The cyber tea you actually need.
Threat actors are hijacking TikTok for Business accounts by directing victims to lookalike pages that use Cloudflare Turnstile to block security scanners before stealing credentials. Compromised accounts are then weaponized for malware distribution and malvertising.
Meta is discontinuing end-to-end encryption for Instagram DMs after May 8, 2026, citing low adoption. Users who want encrypted messaging will be directed to WhatsApp instead — leaving Instagram conversations more exposed.
TikTok established TikTok USDS Joint Venture LLC to comply with President Trump's executive order, allowing the app to stay live in the U.S. ByteDance retains a 19.9% stake while data protections are managed through Oracle's cloud infrastructure.
Researchers uncovered FraudOnTok — a campaign using 15,000+ lookalike domains to trick TikTok Shop users into downloading malware. The operation uses AI-generated videos and Meta ads to advertise fake discounts, targeting crypto theft and credential harvesting.
Three malicious Python packages on PyPI were found sending forged requests to TikTok and Instagram APIs to verify whether stolen email addresses have active accounts — building validated lists for credential stuffing attacks.
TikTok revised its U.S. privacy policy to permit automatic collection of biometric identifiers including faceprints and voiceprints from user content — without explicit consent in most U.S. states, following a previous $92 million settlement.
✦ don't miss a drop
Social media threats, influencer alerts, and dark web updates — straight to your inbox.