Cyber Security Blog

72 million customers. 191 million records. And now it’s all floating across hacker forums.

If you thought the Everest ransomware group was bluffing, think again. The Under Armour breach — first whispered about in November 2025 — has officially gone full dark web. And the data? It’s not just usernames and emails. It’s names, phone numbers, addresses, genders, purchase history, loyalty preferences, and more.

Blog Here

YouTube Here

TikTok Here

😬 YIKES 😬 - LINKEDIN.COM SCAM

You’re scrolling LinkedIn, sipping your morning coffee, maybe checking in on your network — and suddenly you see it:

“Your account has been restricted. Click here to fix it.”

It’s posted under your content. It looks official. It feels urgent. And it’s designed to make you panic.

But here’s the truth: LinkedIn does NOT notify users of restrictions through comments. Ever.

Blog Here

YouTube Here

TikTok Here

😮 WHOA 😮 — The Instagram Breach: What Happened?

In early January 2026, Instagram users around the world woke up to something unsettling: legitimate password‑reset emails they never requested, arriving in waves. At first, it looked like a glitch. Then cybersecurity researchers uncovered the truth — Instagram data tied to 17.5 million accounts had been leaked and was already circulating on dark‑web forums.

This wasn’t rumor. It wasn’t a phishing campaign. It was a massive data exposure event, and attackers immediately weaponized the leaked information.

Here’s what happened, what was stolen, why users are receiving real password resets, and what you should do right now.

According to cybersecurity firm Malwarebytes, the exposed dataset includes sensitive account‑linked information from 17.5 million Instagram users:

•  Usernames
•  Full names
•  Email addresses
•  Phone numbers
•  Partial physical addresses
•  Other contact‑related metadata

This data is already being shared on hacker forums and dark‑web marketplaces.

Meta (Instagram’s parent company) has not yet confirmed the breach publicly.

Malwarebytes uncovered the leak during ongoing dark‑web monitoring operations. Shortly after, researchers noticed something strange:

Instagram’s real password‑reset system was being abused at scale.

Attackers began submitting reset requests using the leaked usernames and emails, causing Instagram’s servers to send legitimate password‑reset emails to users who never initiated them.

This is what makes this breach so unusual:

•  The emails are real, not phishing.
•  The reset links point to Instagram’s actual infrastructure.
•  The abuse is in the trigger, not the email itself.

This tactic creates confusion, fear, and urgency — exactly what attackers want.

Security researchers confirmed that attackers are using the leaked data to force Instagram’s automated reset workflow.

This means:

•  You may receive multiple password‑reset emails in a short period.
•  You may see no corresponding entries in Instagram’s “Security Emails” section.
•  You may feel like your account is already compromised — even if it isn’t.

The goal appears to be:

•  Identifying active accounts
•  Pressuring users into mistakes
•  Creating panic
•  Testing which accounts reuse passwords
•  Attempting takeover on accounts with weak or reused credentials

This is not a traditional phishing attack. It’s a legitimate system being exploited.

Right now, we don’t know.

Security researchers say:

•  Meta has not confirmed whether the data came from Instagram directly.
•  It may have come from a third‑party service with access to Instagram account data.
•  The leak is real, the data is real, and the reset‑email abuse is real.

Until Meta provides clarity, the safest assumption is that your Instagram‑linked data may be exposed.

If your data is part of the breach, you may experience:

•  Legit password‑reset emails from security@mail.instagram.com
•  Multiple reset emails within hours
•  No matching entries in your “Security Emails” tab
•  Failed login attempts
•  New device login alerts
•  Unfamiliar activity in your login history

If you see any of these, assume your data is in the leaked dataset.

Even if you still have access to your account, take action immediately.

Use a strong, unique password you don’t use anywhere else.

Prefer app‑based 2FA (Authy, 1Password, Google Authenticator).

Make sure they haven’t been changed.

Look for unfamiliar devices or locations.

Check Instagram’s Accounts Center for anything you don’t recognize.

If you need to reset your password, do it manually through the app.

These steps align with expert recommendations from Malwarebytes and security researchers monitoring the breach.

Yes — according to Malwarebytes, the leaked dataset is already circulating on hacker forums.

This means:

•  Attackers can use your info for impersonation
•  Phishing attempts may increase
•  SIM‑swap risks rise if your phone number was included
•  Credential‑stuffing attacks become more likely

If you reuse passwords across services, you are at significantly higher risk.

Until Meta releases an official statement, the cybersecurity community is piecing together the timeline. But one thing is clear:

This breach is real, the data is real, and the attack pattern is ongoing.

Instagram users should stay alert, monitor their accounts, and treat any unexpected security email as a sign that their data may be part of the leak.

The Instagram breach isn’t just another leak — it’s a new category of attack, where legitimate systems are weaponized using stolen data.

It’s a reminder that:

•  Even real emails can be part of an attack
•  Password reuse is dangerous
•  Social‑media platforms remain high‑value targets
•  Dark‑web data circulates fast — often before companies confirm anything

Stay vigilant, stay skeptical, and secure your accounts.

- Jean-Claude Moritz

jean-claude-moritz.com

#InstagramHack #DataBreach #CyberSecurity #DarkWebLeak #AccountSecurity #MetaBreach #PasswordReset #OnlineSafety #TechNews #DigitalPrivacy #Malwarebytes #SocialMediaSecurity #JeanClaudeMoritz #CyberAlert #InfoSec

The Rise of Albiriox — Android Malware That Hands Your Phone to Criminals

📱 What Is Albiriox?

Security researchers recently uncovered Albiriox, a dangerous new strain of Android malware. Unlike older banking trojans that simply steal login credentials, Albiriox goes further: it allows attackers to stream your phone’s screen in real time, tap, swipe, type, and even approve transactions as if they were holding your device in their hands.

This malware is marketed on underground forums as Malware-as-a-Service (MaaS), meaning even low-skilled cybercriminals can rent it and launch attacks. That accessibility makes it a growing global threat, similar to how LANDFALL spyware operates by exploiting vulnerabilities.

🛑 How Does It Spread?

Fake apps and websites: Attackers create convincing copies of Google Play pages or retailer apps.  

Messaging lures: Links sent via SMS, WhatsApp, or Telegram trick users into downloading malicious APKs.  

Dropper apps: The first app looks harmless but silently installs the Albiriox payload in the background.

Once installed, Albiriox abuses Accessibility Services and VNC-style streaming to give attackers full control. It can even display a black screen or fake update screen so victims don’t notice money being moved.

💸 Why Is It So Dangerous?

On-device fraud: Transactions happen inside your legitimate banking or crypto apps, bypassing protections like OTPs.  

Wide targeting: Albiriox tracks 400+ financial, payment, and crypto apps worldwide.  

Stealth tactics: It hides behind blank screens, fake updates, and obfuscation to avoid detection.

This combination makes Albiriox one of the most advanced Android banking threats to date, particularly in a landscape where zero-click exploits are on the rise, including the Samsung zero-day vulnerability.

🔒 How to Protect Yourself

Download only from official sources: Stick to the Google Play Store or verified company websites.  

Avoid sideloading APKs: Don’t install apps from links in messages or suspicious sites.  

Check permissions carefully: Be wary if an app asks for Accessibility access or “Install unknown apps.”  

Regularly audit your phone: Remove unfamiliar apps and keep Android + banking apps updated.  

Enable multi-factor authentication: Adds another layer of defense, though not foolproof against on-device fraud.  

Use mobile security apps: They can help detect suspicious behavior, though prevention is key.

🌍 The Bigger Picture

Albiriox highlights a troubling trend: cybercrime is becoming democratized. With Malware-as-a-Service, attackers don’t need technical expertise—they just rent powerful tools. For everyday users, this means vigilance is more important than ever.

The takeaway? Your phone is now the battlefield. Treat every app download with caution, and remember: if a deal or link looks too good to be true, it probably is.

Sources:

BleepingComputer – New Albiriox Android malware gives hackers full control of devices  

The Hacker News – New Albiriox Android Malware Offers Full Device Control to Cybercriminals  

SecurityWeek – Albiriox Android Malware Lets Hackers Steal Money Directly From Apps  

TechRadar – Albiriox malware gives crooks total control of your Android phone

Samsung’s Budget Phones: A Bargain with Spyware Built In

When “affordable” comes at the cost of your privacy

💸 The Allure of Budget Phones

Samsung’s Galaxy A, M, and F series have been a lifeline for millions of users worldwide. Affordable, sleek, and backed by a trusted brand, they’ve carved out a huge market share in regions like India, Africa, and the Middle East. For families and students, these phones look like the perfect deal.

But hidden beneath the glossy screens is a problem no one bargained for.

🕵️ The AppCloud Controversy

Pre-installed on many budget Samsung devices is AppCloud, a system-level service developed by ironSource (now owned by Unity). Marketed as an “app recommendation” tool, it quietly runs in the background, collecting data and pushing third-party apps.

Unremovable: Users can’t uninstall it through normal settings.

Persistent: Even after factory resets, it reappears.

Opaque: No clear privacy policy or consent screen.

Digital rights groups argue this is spyware by another name, likening it to LANDFALL spyware that exploits users’ personal information without consent.

🔒 Privacy at Risk

Investigations suggest AppCloud may collect:

- Biometric data

- IP addresses

- App usage patterns

For users in politically sensitive regions, this raises alarms about surveillance and exploitation, especially in light of Samsung's potential zero-day vulnerabilities that could be exploited through zero-click exploits.

🌍 Global Backlash

Social media posts calling out “unremovable Israeli spyware” have gone viral, sparking outrage across Egypt, Saudi Arabia, and India. Advocacy groups like SMEX are demanding accountability, while Samsung insists it complies with privacy standards.

🛠️ What You Can Do

- Disable AppCloud in settings (though it may return).

- Limit permissions to reduce data exposure.

- Advanced removal via ADB or rooting (risky, voids warranty).

⚡ The Bigger Picture

Budget phones are supposed to democratize technology. But when affordability is subsidized by hidden surveillance, the real cost is your privacy. Samsung’s controversy is a reminder that in tech, nothing is truly free—especially your data.

👉 Takeaway for readers: If you’re shopping budget, weigh the trade-offs. A cheaper phone may come with a hidden price tag: your personal information.

📌 Sources: Android Authority, Malwarebytes, CyberSecurityNews, Android Authority.

A recently identified Samsung zero-day vulnerability (CVE-2025-21042) enabled attackers to seize control of Galaxy devices without any user interaction. This security flaw was exploited in the wild by LANDFALL spyware, which specifically targeted flagship Samsung phones throughout 2024 and early 2025 before being patched in April 2025.

What Happened?

The vulnerability was found in Samsung’s image processing library (libimagecodec.quram.so). Attackers utilized malicious DNG image files distributed via messaging apps like WhatsApp. The exploit was a zero-click attack: victims didn’t need to open or interact with the file—merely receiving it triggered the compromise.

Impact

Once infected, the LANDFALL spyware could:

- Record microphone audio

- Track location

- Steal photos, contacts, call logs, SMS, and files

- Evade detection and persist for months

Targeted devices included Galaxy S22, S23, S24, Z Fold 4, and Z Flip 4 models running Android 13–15 (One UI 5–7). Most reported attacks occurred in the Middle East and North Africa, but the threat was global.

Why It Matters

This incident underscores the alarming trend of zero-click exploits—attacks that do not depend on user errors. For both businesses and individuals, it emphasizes the need for:

- Regular security updates: Samsung addressed the CVE-2025-21042 vulnerability in April 2025, but many devices remained vulnerable for months.

- Awareness of spyware threats: LANDFALL resembles tools used by commercial surveillance vendors, raising significant concerns about privacy and espionage.

What You Should Do

Update immediately: Ensure your Samsung device is running the latest firmware and security patch.

Stay alert: Even seemingly harmless files can be weaponized.

Follow official advisories: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included CVE-2025-21042 in its Known Exploited Vulnerabilities catalog, requiring federal agencies to patch by December 1, 2025.

Final Thoughts

While Samsung has resolved the flaw, the LANDFALL spyware campaign serves as a stark reminder that mobile devices are prime targets for advanced spyware. Keeping your phone updated isn’t solely about acquiring new features—it’s crucial for defending against silent, invisible attacks that can jeopardize your privacy and security.

Sources: Android Authority, BleepingComputer, SecurityWeek, The Hacker News, HotHardware, Malwarebytes

The Fake PayPal Invoice from “Geek Squad” Scam

If you’ve received a PayPal invoice that looks like it’s from Geek Squad or Best Buy, don’t panic—and don’t call the number. This scam has been circulating for months, catching people off guard with official-looking emails and urgent language that may even reference issues like LANDFALL spyware or the Samsung zero-day vulnerability to create a sense of urgency.

📬 How the Scam Works

You get an email from PayPal with an invoice attached, supposedly from Geek Squad. The invoice claims you’re being charged $359.99 (or similar) for a “security services” subscription. It includes a phone number to call if you want to cancel or dispute the charge. When you call, a fake “customer service agent” tries to:

- Get access to your bank account

- Convince you to install remote support software

- Trick you into refunding money that never left your account, often using tactics similar to those seen in zero-click exploits.

🧠 Why It’s Convincing

The invoice often comes from legitimate invoicing platforms like PayPal, QuickBooks, or Housecall Pro. It uses real logos and corporate-style formatting. The scammers use urgency and fear to push you into acting fast, sometimes referencing cybersecurity threats to make their case seem more credible.

🔐 What to Do If You Get One

- Do not call the number listed in the invoice.

- Do not click any links or download attachments.

- Log into PayPal directly (not through the email) and check your activity.

- Report the invoice as fraudulent through PayPal’s resolution center.

- Forward the email to phishing@paypal.com to help others avoid it.

✅ How to Stay Safe

Keep track of your subscriptions—if you don’t use Geek Squad, it’s likely fake. Know how real invoices look and how companies contact you. Use antivirus software and browser extensions that block phishing attempts. Educate friends and family—especially those less tech-savvy—about these scams and the dangers posed by threats like LANDFALL spyware.

Meta has rolled out new scam protection tools for WhatsApp and Messenger to help users—especially older adults—stay safe from fraud and manipulation. These updates include AI-powered scam detection, screen-sharing alerts, and stronger account security options, which are crucial as threats like LANDFALL spyware and Samsung zero-day vulnerabilities continue to emerge, exposing users to potential zero-click exploits.  

Meta’s latest safety push targets the growing wave of scams across messaging platforms. On WhatsApp, users now receive alerts when they attempt to share their screen during video calls with unknown contacts—a tactic scammers often use to steal sensitive data like bank details or verification codes (Techworm The Hacker News).  

On Messenger, a new “Scam Detection” feature warns users about suspicious messages from unfamiliar senders. If flagged, users can submit recent messages for AI review, which then offers safety tips and options to block or report the sender (The Hacker News Bleeping Computer).  

To reinforce account security, Meta has introduced Passkey-based logins across WhatsApp, Messenger, Facebook, and Instagram. These use fingerprint, facial recognition, or device PINs to reduce the risk of unauthorized access (Techworm). The company also enhanced its Privacy and Security Checkup tools, helping users manage group chat settings, visibility controls, and password strength.  

Behind the scenes, Meta has taken down over 8 million scam-linked accounts and 21,000 fake customer support pages in 2025 alone. Many of these were tied to organized scam centers operating in Southeast Asia and the Middle East, targeting users through romance scams, crypto fraud, and impersonation tactics (Techworm The Hacker News DMR News).  

These updates reflect Meta’s broader commitment to consumer protection and digital safety—especially for vulnerable users navigating increasingly sophisticated scam networks.