TikTok and Instagram Reels Exploited to Spread Password-Stealing Malware A recent report from ReversingLabs reveals a surge in malicious campaigns on short-form video platforms like TikTok and Instagram Reels, targeting users with fake offers for free subscriptions to services such as Spotify Premium, Microsoft Office, and Adobe. The scams lure cash-strapped users by promising cost-saving alternatives amid economic pressures. Instead of traditional phishing emails, attackers instruct victims to open command-line tools like PowerShell and execute a provided command. This action downloads and installs Vidar, an infostealer malware that harvests usernames, passwords, cookies, session tokens, cryptocurrency wallet data, and personal files. Unlike conventional phishing, which relies on a single click, this method requires victims to manually input commands, making it a more patient and targeted approach. Researchers note that the shift to social media platforms allows threat actors to drive traffic to attacker-controlled websites, increasing the reach of their campaigns. The attack underscores the persistent effectiveness of social engineering, particularly as users seek free or discounted alternatives to paid services. While basic security measures like multi-factor authentication can mitigate risks, the evolving tactics highlight the need for vigilance against seemingly legitimate offers.

Pro-Iran Hacker Groups Launch Coordinated Cyberattacks Targeting Spotify and Israeli Citizens A pro-Iran hacker collective, the Islamic Cyber Resistance in Iraq – 313 Team, claimed responsibility for a DDoS attack that disrupted Spotify’s services on Tuesday, causing widespread access issues for users. Reports of outages surfaced on Wednesday evening around 8 p.m., with Spotify acknowledging the incident on X (formerly Twitter), stating that its app, support site, and web player were experiencing slowdowns or failures. The group later boasted on Telegram that the attack had "completely disabled" the platform’s main servers. In a separate campaign, Iran-linked hackers targeted Israeli citizens with threatening WhatsApp messages on Monday, sent from hijacked or spoofed business accounts. The messages, written in English, warned recipients of impending missile strikes if Israel did not cease military actions, referencing "Sayid Majid missiles" and urging civilians to stockpile supplies. The National Cyber Directorate is investigating the source, attributing the activity to Handala, a group known for combining cyberattacks with psychological warfare. The same group, Handala, also published a "target list" on Sunday allegedly exposing 60 senior officers from the IDF’s Egoz commando unit. However, the list included only 48 individuals, most of whom were veterans and reservists not active officers with some openly identifying their past service on social media. The group framed the disclosure as a threat, declaring the individuals would become targets for "the resistance’s shadows." Analysis by The Jerusalem Post found that none of those listed held senior ranks, with the highest being a non-commissioned officer (NCO). The incidents reflect a broader pattern of Iran-backed cyber operations targeting both digital infrastructure and civilian morale, leveraging disruptions and psychological tactics in ongoing regional tensions.

Spotify’s Entire Music Catalog Leaked by Pirate Activist Group A pirate activist collective, Anna’s Archive, extracted and released Spotify’s near-complete music catalog—approximately 300 terabytes of audio files and metadata—across peer-to-peer networks. The leak, documented on Thursday, includes 86 million audio files and 256 million rows of track metadata, representing 99.6% of all listening activity on the platform. Spotify confirmed the breach, stating that a third party scraped public metadata and bypassed digital rights management (DRM) to access audio files. A spokesperson told Billboard that the company is actively investigating and mitigating the incident. Anna’s Archive, known for preserving books and academic papers, framed the leak as a "preservation archive" for music, aligning with its mission to safeguard cultural knowledge. The dataset is 37 times larger than MusicBrainz, the previous largest open-source music database, containing 186 million unique International Standard Recording Codes (ISRCs)—covering 99.9% of Spotify’s 256 million tracks. The group prioritized files using Spotify’s own popularity metrics, capturing songs available through July 2025. Metadata is already available for download, while audio files are being distributed in stages, ranked by streaming popularity, to avoid overwhelming servers. Yoav Zimmerman, CEO of Third Chair, noted that the leak could enable users to recreate a personal, free version of Spotify using media servers like Plex—with copyright law as the only major barrier. He also highlighted the implications for AI training, as the dataset could allow companies to scale music-based model development more easily. The data is now circulating on peer-to-peer networks, with no way to fully contain its spread.

GitHub Repositories at Risk: Sysdig Uncovers Critical Workflow Vulnerabilities Sysdig researchers have identified a significant security risk in GitHub repositories, where improperly configured workflows could allow attackers to hijack projects by exploiting the `pull_request_target` event in GitHub Actions. Unlike the standard `pull_request` trigger—which runs in the context of a merge commit—`pull_request_target` executes in the base branch (typically the default branch) and has access to repository secrets and write permissions via the `GITHUB_TOKEN`. The vulnerability arises when maintainers use `pull_request_target` to test untrusted code from public contributors, inadvertently exposing sensitive credentials. If misconfigured, attackers could inject malicious code, exfiltrate secrets, and gain elevated privileges within the repository. Sysdig’s investigation revealed multiple affected projects, including: - Spotipy, an open-source Python library for the Spotify Web API, where researchers demonstrated the ability to execute malicious Python packages and steal the `GITHUB_TOKEN`. The flaw has since been patched. - Mitre’s cyber analytics repository, where attackers could exfiltrate the `GITHUB_TOKEN` and other secrets, potentially gaining full control. Mitre addressed the issue promptly. - Splunk’s security_content repository, where two secrets were exposed, though the extracted `GITHUB_TOKEN` had limited read-only access. Stefan Chierici, Sysdig’s threat research lead, warned that the impact depends on the privileges of the extracted token. In severe cases, attackers could modify workflows, exfiltrate additional secrets, or alter files in the main branch—effectively taking over the repository. While `pull_request_target` can be used safely, its nuances require careful handling to avoid exploitation. Sysdig has reported additional vulnerable repositories and is awaiting remediation before disclosing further details. The findings underscore the need for maintainers to audit their GitHub Actions workflows for potential misconfigurations.

A critical security vulnerability was found in Plantronics Hub software, which has been discontinued by HP. Attackers could escalate privileges using an unquoted search path weakness when combined with OpenScape Fusion for MS Office during startup. The vulnerability takes advantage of a flaw in how Windows handles unquoted paths. Attackers with write access to the C:\ directory can plant malicious files that execute with elevated privileges, allowing them to bypass User Account Control and escalate privileges. As OpenScape Fusion launches Plantronics Hub, the malicious code is executed, leading to privilege escalation. HP has not released a patch but recommends quoting the registry path and restricting write permissions to the C:\ directory as mitigation strategies.

Hackers have been attempting to gain access to Spotify accounts using a database of 380 million records with login credentials and personal information collected from various sources. Users have expressed concern that their Spotify accounts were compromised after changing their passwords, when new playlists appeared in their profiles, or when strangers from other countries were added to their family accounts. A recent study describing the active hacking of Spotify accounts using a database of over 380 million records, including login information, may shed some light on these account hacks.

The California Office of the Attorney General reported a data breach involving Spotify USA Inc. on December 9, 2020. The breach, which inadvertently exposed Spotify account registration information, occurred between April 9, 2020, and November 12, 2020. The specific number of individuals affected is unknown.

On the website Pastebin, 100 of Spotify account credentials—including emails, usernames, passwords, account types, and other information got exposed. Confirming that hackers had not gained access to its systems, the corporation denied any data breach. Spotify said that user data is safe and that it has not been compromised. Spotify's security team reportedly resets compromised passwords proactively, and several users have reported account issues, according to the news outlet Techcrunch. While using the site, some customers encountered issues, others discovered that their account email had been changed to an address that did not belong to them.