Cases have been reported across the United Kingdom, India, Hong Kong, and Brazil, including a major incident in Hong Kong where a victim lost HK$5.5 million (US$700,000). The scam shows how easily trusted communication apps can be turned into attack vectors when social engineering is combined with direct access to a user’s screen.

This operation relies entirely on manipulation rather than advanced malware. Attackers make unsolicited WhatsApp video calls while pretending to be bank officials, Meta support staff, or even distressed family members, convincing users to share their screen and unknowingly expose critical data.

How Attackers Create Credibility and Urgency

Attackers use several tactics to appear credible. They often spoof local phone numbers and keep their video feed blurred or disabled to avoid revealing their identity.

To pressure the victim, they create a sense of urgency by claiming suspicious account activity, unauthorized credit card charges, or pending verification issues that require immediate action.

According to ESET security researchers, this scam is a highly effective form of remote access fraud because it combines three powerful elements: the trust created by impersonating an authority figure, the urgency generated through false threats, and the control gained through screen-sharing or remote access tools. Together, these factors give criminals near-complete visibility into a victim’s smartphone.

Once a user begins sharing their screen, the attacker’s access becomes extensive. They can see passwords, two-factor authentication codes, one-time passwords, and banking apps in real time. They may capture screenshots, direct victims to open financial apps, or persuade them to approve unauthorized transfers while pretending to “resolve” an issue.

In many cases, attackers escalate the scam by convincing users to install remote access apps like AnyDesk or TeamViewer, granting full control over the device. Some victims also unknowingly install malware such as keyloggers, which silently record sensitive information for later misuse.

From a technical standpoint, the risk is severe. If attackers gain access to incoming messages and WhatsApp verification codes through screen-sharing, they can immediately take over the victim’s WhatsApp account. With full account access, they can view conversations, financial information, and contacts.

Criminals then use the hijacked account to steal money, take over social media profiles, and impersonate the victim to target friends and family, creating a chain reaction of fraud.

Preventing Screen-Sharing Fraud

Protecting against this threat relies mostly on user awareness and careful behavior. Screen sharing should never be granted to unknown or unsolicited callers, and any urgent claims should be verified directly with official sources.

Enabling WhatsApp’s two-step verification (Settings → Account → Two-step verification) adds an essential layer of protection, ensuring attackers cannot access the account even if they obtain verification codes.

This scam underscores a core truth in cybersecurity: social engineering remains one of the most powerful tools for criminals. Staying skeptical, alert, and cautious is the strongest defense against these attacks.

‍Follow Us on: Linkedin, Instagram, Facebook to get the latest security news!

The post WhatsApp Screen-Sharing Scam Exposes Users to Data Theft appeared first on First Hackers News.

The vulnerability, CVE-2025-64446, allows attackers to run admin-level commands without logging in. This means they can take complete control of the system. The issue has a CVSS score of 9.1, making it very serious.

The problem comes from a path traversal bug in the FortiWeb GUI. With a specially crafted HTTP or HTTPS request, attackers can bypass security checks and run commands with full privileges. This can result in:

• Creating unauthorized admin accounts
• Stealing data
• Total system compromise

Fortinet has confirmed active attacks, so patching immediately is strongly recommended.

Affected Versions:
FortiWeb 8.0, 7.6, 7.4, 7.2, and 7.0

Recommended Updated Versions:
8.0.2, 7.6.5, 7.4.10, 7.2.12, and 7.0.12 or higher

If you cannot apply the update right away, Fortinet suggests disabling HTTP/HTTPS access to the management interface on all internet-facing interfaces. This can help reduce risk but should only be used as a temporary solution.

After updating, admins should check system logs and look for any unknown or suspicious admin accounts to ensure their device has not already been compromised.

The post Active Exploits Target Critical FortiWeb WAF Flaw appeared first on First Hackers News.

The flaws, discovered by Check Point Research, enabled threat actors to alter conversations, spoof sender identities, and exploit notifications to make malicious messages appear as if they came from trusted sources, including senior executives.

According to Check Point’s report, the issues were responsibly disclosed to Microsoft in March 2024. Microsoft addressed some of them in August 2024 under CVE-2024-38197, with additional security patches released in September 2024 and October 2025.

How the Microsoft Teams Vulnerabilities Worked

Researchers found that the vulnerabilities made it possible to:

• Edit message content without showing the “Edited” label.
• Change sender identity in both chat and notifications.
• Modify display names in private chats, calls, and call notifications.

These flaws could allow attackers to trick employees into clicking malicious links, sharing confidential data, or granting unauthorized access, posing significant risks to both internal and external communications.

Microsoft’s Response

Microsoft categorized CVE-2024-38197 as a medium-severity spoofing vulnerability (CVSS score: 6.5) affecting Teams for iOS. The flaw could enable attackers to modify a sender’s name and conduct social engineering attacks to extract sensitive information.

In a recent security advisory, Microsoft emphasized that Microsoft Teams’ widespread adoption and extensive collaboration features make it a prime target for cybercriminals and state-sponsored actors. Attackers have increasingly exploited Teams’ chat, calls, and screen-sharing functions as part of broader phishing and impersonation campaigns.

Industry Insight

Oded Vanunu, Head of Product Vulnerability Research at Check Point, highlighted the growing risk of trust-based attacks:

“These vulnerabilities hit at the heart of digital trust. Collaboration platforms like Teams are now as critical as email — and just as exposed,” said Vanunu.
“Threat actors don’t need to break in anymore; they just need to bend trust. Seeing isn’t believing anymore — verification is.”

Protecting Against Teams Exploits

Organizations are advised to:

• Apply the latest Microsoft Teams updates and patches immediately.
• Educate employees about impersonation and phishing risks.
• Implement advanced threat protection tools and zero-trust verification for collaboration platforms.

As the reliance on Microsoft Teams continues to grow across enterprises, these findings underscore the importance of vigilance, patch management, and digital trust protection in modern communication environments.

The post Microsoft Teams Vulnerabilities Expose Users to Impersonation and Social Engineering Attacks appeared first on First Hackers News.

The attack targets the Atlas omnibox, which serves as both an address bar and a search bar. It was revealed that the omnibox can mistakenly interpret a crafted string as a user command rather than a web address. Because of this, malicious inputs disguised as URLs can be used to manipulate the browser’s AI system.

According to the report, a fake URL beginning with “https://my-wesite.com” can be followed by hidden natural language instructions. When entered, Atlas fails to validate it as a proper URL and treats it as a prompt. This causes the AI to execute the embedded command, redirecting users to an attacker-controlled website or performing unauthorized actions.

Experts warned that this flaw could lead to phishing attacks, data theft, and remote exploitation. In a practical example, attackers could embed such fake links behind “Copy link” buttons, luring users to malicious pages or triggering harmful actions like deleting files from connected accounts such as Google Drive.

Security researcher Martí Jordà noted that omnibox prompts are treated as trusted input, meaning they may bypass several security checks applied to regular website content. This lack of isolation between user intent and page content created an opening for attackers to abuse the AI assistant’s trust model.

Alongside this finding, SquareX Labs disclosed another related threat called AI Sidebar Spoofing. The technique allows attackers to overlay a fake AI sidebar inside browsers such as Atlas and Perplexity Comet using malicious extensions. When users type prompts into the spoofed sidebar, the injected code can exfiltrate data, install malware, or redirect users to harmful websites.

Researchers described prompt injection as a growing security challenge for AI browsers, including OpenAI Atlas, Perplexity Comet, and Opera Neon. These attacks can be hidden inside web pages using white text, HTML comments, or even faint instructions embedded in images, which are read by AI systems through optical character recognition.

OpenAI’s Chief Information Security Officer, Dane Stuckey, acknowledged the issue in a public statement. He confirmed that the company has conducted extensive red-teaming, added safety guardrails, and trained models to ignore malicious instructions. However, he also admitted that prompt injection remains an unresolved frontier problem in AI security.

Perplexity and Brave have also confirmed that their own browsers face similar risks. Both companies have adopted multi-layered protection systems, including real-time detection, reinforcement filters, and transparency controls to defend against prompt-based attacks.

Experts agree that prompt injection represents a new phase in cybersecurity. The blending of artificial intelligence and web browsing has created new opportunities for productivity—but also new risks that demand constant monitoring and innovation.

The post OpenAI Atlas Browser Vulnerability Exposed to Prompt Injection Attack appeared first on First Hackers News.

What Happened in the Zscaler Data Breach?

The breach originated from a sophisticated supply chain attack exploiting SalesLoft’s Drift AI chat agent, which integrates with Salesforce to manage sales workflows. Threat actors, identified by Google Threat Intelligence Group (GTIG) as UNC6395, stole OAuth and refresh tokens from SalesLoft Drift, gaining unauthorized access to Zscaler’s Salesforce environment between August 8 and August 18, 2025. This allowed hackers to exfiltrate sensitive customer data from Zscaler’s Salesforce instance. Importantly, Zscaler’s core products, services, and infrastructure were not compromised, but the breach still poses significant risks due to the nature of the exposed information.

Exposed Information: What Was Leaked?

The attackers accessed a range of sensitive customer data stored in Zscaler’s Salesforce environment. According to Zscaler’s advisory, the compromised information includes:

• Customer Names: Full names of individuals associated with Zscaler accounts.
• Business Email Addresses: Corporate email IDs, which could be used for targeted phishing campaigns.
• Job Titles: Professional roles, enabling attackers to craft convincing social engineering attacks.
• Phone Numbers: Business contact numbers, increasing the risk of voice phishing (vishing).
• Regional/Location Details: Geographic data tied to customer accounts.
• Zscaler Product Licensing and Commercial Information: Details about licensing agreements and commercial transactions.
• Support Case Content: Plain text from certain customer support cases, though no attachments or files were included.

While Zscaler has found no evidence of misuse so far, the stolen data is highly valuable for cybercriminals. It could be used for phishing, vishing, or social engineering attacks, where attackers impersonate Zscaler or trusted vendors to extract further sensitive information or credentials.

Data breaches like this aren’t just headlines – they have real-world consequences. Exposed customer info could be weaponized for:

• Phishing and Social Engineering: Hackers might impersonate Zscaler to trick users into revealing more data.
• Reputation Damage: For Zscaler, a company built on trust in security, this could erode client confidence.
• Industry Wake-Up Call: It underscores the need for robust vendor risk management, especially in cloud-based services.

The post Zscaler Data Breach 2025: Customer Names, Emails, and Support Data Exposed in SalesLoft and Drift Hack appeared first on First Hackers News.

If you believed using a public phone charger was safe, it’s time to reconsider. Despite multiple updates designed to protect smartphones from “juice jacking” attacks, cybersecurity experts have uncovered a new threat that bypasses these protections. A recent study reveals that attackers are now using a technique called “Choicejacking” to gain unauthorized access to smartphones, often without the user even noticing.

From Juice Jacking to Choicejacking:

A New Threat to Your Smartphone Security.

While “juice jacking” has long been a known risk when using public phone chargers, a new form of attack has emerged: “Choicejacking.” This latest cybersecurity threat bypasses the protections put in place to safeguard your phone, exploiting unsuspecting users to gain unauthorized access, often without any visible signs of tampering.

How Choicejacking Operates:

Instead of using traditional malware, this attack exploits USB or Bluetooth input devices to mimic user actions. A compromised charging station can simulate keyboard inputs, overflow input buffers, or manipulate device communication protocols, stealthily switching your phone into data-transfer or debug mode.

The entire process happens in under 133 milliseconds—quicker than the blink of an eye—meaning the phone reacts before you even notice.

Adrianus Warmenhoven, a cybersecurity advisor at NordVPN, explains that the real danger lies in the illusion of control. “Choicejacking is especially dangerous because it tricks the device into making decisions the user never intended, all without them realizing it,” he said.

Once the attacker gains access, they can silently browse photos, read messages, or install malicious software.

Public Ports Aren’t Worth the Risk:

The rise of Choicejacking underscores what cybersecurity experts have been warning for years: public USB ports are not safe. Whether you’re at airports, hotels, or cafés, a compromised charging station could be lurking, ready to hijack your device.

Warmenhoven cautions, “With just one misleading prompt, attackers can trick users into enabling data transfer, putting personal files and sensitive information at risk.”

This threat affects both Android and iOS users. While some platforms may offer more obvious prompts or charge-only options, the core vulnerabilities remain, and cybercriminals are always finding ways to bypass these safeguards.

How to Protect Yourself:

Researchers recommend keeping your phone’s software up to date and avoiding unfamiliar charging ports whenever possible. Preparation is key—carrying a portable power bank is an easy way to stay in control while on the go. If you must plug in, opt for a wall outlet with your own cable and adapter rather than using a public USB port, especially those that seem suspicious or overly complex.

Some devices offer a “charge only” mode, which blocks any data transfer. If your phone has this option, make sure to enable it. While attackers continuously come up with new methods, staying vigilant and informed is your best defense.

The post New Choicejacking Attack Exploits Public Chargers to Steal Data from Phones appeared first on First Hackers News.