Tor Browser Emergency Patch; Phishing & SSO Exploits Drive Account Hacks
This newsletter is AI generated and may hallucinate sometimes 😊
30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign
- A sophisticated phishing campaign leveraged Google AppSheet to compromise over 30,000 Facebook accounts, primarily targeting users in Vietnam.
- The attack chain involved distributing malicious URLs through Facebook Messenger, leading victims to phishing pages disguised as legitimate Google sign-in prompts.
- While Google AppSheet was used as a benign platform to host the phishing kits, the campaign's success relied on social engineering and credential theft via browser interaction.
Source: The Hacker News | Date: May 02, 2026
Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks
- Cybercrime groups are employing sophisticated tactics, including vishing and single sign-on (SSO) abuse, to conduct rapid SaaS extortion attacks against organizations.
- Attackers are exploiting the browser-based nature of SSO by leveraging compromised credentials or session tokens to gain unauthorized access to SaaS applications.
- These campaigns often bypass multi-factor authentication (MFA) by exploiting weaknesses in its implementation or by tricking users into approving fraudulent login requests via vishing.
Source: The Hacker News | Date: May 02, 2026
Privacy-OS Tails Releases Emergency Patch for Tor Browser Vulnerabilities
- The privacy-focused operating system Tails released an emergency patch, version 6.3.1, to address critical vulnerabilities affecting the embedded Tor Browser.
- These vulnerabilities could allow attackers to execute arbitrary code or leak sensitive information, potentially compromising user anonymity within the Tor network.
- Users of Tails are strongly advised by the NCSC to update their systems immediately to the latest version to mitigate the risks associated with these critical Tor Browser flaws.
Source: Security.nl | Date: May 01, 2026