✨ The Containment Era is here. Secure AI workloads before they breach. →The Containment Era is here. →The Containment Era is here. →Explore ✨
Newspapers/Journalism
Breach intelligence, attack campaigns, and threat reports targeting the Newspapers/Journalism sector.
Explore Other Sectors
Newspapers/Journalism Threat Reports
Meta Challenges NSO Group Over New WhatsApp Spyware Attacks
In June 2026, Meta identified and disrupted a spear-phishing campaign linked to the Israeli spyware firm NSO Group, targeting WhatsApp users. This activity violated a permanent injunction issued in 2025, which barred NSO from engaging with WhatsApp and its users. The campaign involved deceptive messages designed to lure individuals into clicking malicious links, leading to external websites, and the creation of test accounts and groups within WhatsApp. Meta responded by filing a contempt-of-court complaint against NSO Group for defying the court order. ([cyberscoop.com](https://cyberscoop.com/meta-contempt-complaint-nso-group-spyware/?utm_source=openai)) This incident underscores the persistent threat posed by spyware vendors and the challenges in enforcing legal actions against them. It highlights the need for continuous vigilance and robust security measures to protect users from sophisticated cyber threats.
2 weeks ago
Kill Chain
WhatsApp Thwarts NSO Group's Latest Spyware Phishing Attacks
In June 2026, WhatsApp identified and disrupted spear-phishing campaigns linked to the NSO Group, an Israeli spyware vendor known for its Pegasus tool. These attacks involved social engineering tactics, attempting to lure users into clicking malicious links that redirected them to external websites, aiming to deploy spyware. This activity violated a 2025 U.S. court injunction that barred NSO from targeting WhatsApp and its users. Meta, WhatsApp's parent company, responded by filing a federal court contempt order against NSO for this breach. This incident underscores the persistent threat posed by commercial spyware vendors and highlights the importance of robust security measures and legal frameworks to protect user privacy and national security.
2 weeks ago
Kill Chain
Asin Spyware: A New Threat to Arabic-Speaking Android Users
In early 2025, a sophisticated cyber espionage campaign emerged targeting Arabic-speaking Android users. The threat actor, identified as Arid Viper (also known as APT-C-23, Desert Falcon, or TAG-63), distributed a new spyware variant named Asin through deceptive applications. These malicious apps masqueraded as legitimate utilities, war-related updates, and government news sources, enticing users to download them. Once installed, Asin granted attackers extensive access to victims' devices, enabling the collection of sensitive information such as contacts, messages, and location data. The campaign's strategic use of culturally relevant themes and trusted app appearances significantly increased its effectiveness, leading to widespread data exfiltration and potential national security implications. This incident underscores a growing trend in cyber threats where attackers exploit regional conflicts and cultural contexts to enhance the credibility of their malicious campaigns. The use of sophisticated social engineering tactics, combined with the targeting of specific linguistic and cultural groups, highlights the evolving nature of cyber espionage. Organizations and individuals must remain vigilant, especially in regions experiencing geopolitical tensions, as such environments are increasingly exploited by threat actors to conduct targeted attacks.
2 weeks ago
Kill Chain
WhatsApp Metadata Leak Raises Privacy Concerns
In early 2026, security researcher Tal Be'ery uncovered vulnerabilities in WhatsApp's multi-device encryption protocol that allowed attackers to infer user metadata, including device operating systems and online status, without user interaction. This flaw enabled potential adversaries to perform device fingerprinting, facilitating targeted malware attacks. Meta, WhatsApp's parent company, began rolling out fixes in January 2026 to address these issues, but challenges in fully masking device signatures persist. ([darkreading.com](https://www.darkreading.com/endpoint-security/whatsapp-leaks-user-metadata?utm_source=openai)) This incident underscores the critical importance of securing metadata in encrypted communications. As messaging platforms expand their features, ensuring comprehensive privacy protections becomes increasingly complex, highlighting the need for continuous security assessments and prompt remediation of identified vulnerabilities.
2 months ago
Kill Chain
Navigating the New Threat Landscape: AI-Generated Disinformation in Cybersecurity
In early 2026, multiple organizations faced crises due to AI-generated disinformation campaigns. These incidents involved fabricated news stories and deepfake content falsely alleging data breaches and security incidents. The disinformation was disseminated through social media and news outlets, leading to reputational damage, operational disruptions, and financial losses for the targeted companies. The rapid spread and convincing nature of the AI-generated content made it challenging for organizations to respond effectively. The increasing sophistication of AI technologies has enabled malicious actors to create highly realistic and persuasive disinformation, posing significant challenges to cybersecurity and public trust. This trend underscores the urgent need for organizations to develop strategies to detect and mitigate AI-generated disinformation to protect their reputation and operations.
2 months ago
Kill Chain
Bitter APT's Hack-for-Hire Campaign Targets MENA Journalists
In a series of cyber espionage activities from 2023 to 2024, the Bitter APT group, suspected to have ties to the Indian government, orchestrated a hack-for-hire campaign targeting journalists, activists, and government officials across the Middle East and North Africa (MENA) region. Notably, Egyptian journalists Mostafa Al-A'sar and Ahmed Eltantawy were subjected to spear-phishing attacks aimed at compromising their Apple and Google accounts. These attacks involved deceptive emails leading to counterfeit login pages designed to harvest credentials and two-factor authentication codes. ([thehackernews.com](https://thehackernews.com/2026/04/bitter-linked-hack-for-hire-campaign.html?utm_source=openai)) This incident underscores a concerning trend of state-affiliated threat actors employing sophisticated social engineering tactics to infiltrate the accounts of individuals critical of governmental policies. The Bitter APT group's activities highlight the persistent and evolving nature of cyber threats targeting civil society in the MENA region. ([accessnow.org](https://www.accessnow.org/press-release/hack-for-hire-new-report-egyptian-journalists/?utm_source=openai))
2 months ago
Kill Chain
Unveiling the 2023-2024 Hack-for-Hire Campaign Targeting Journalists in MENA
Between 2023 and 2024, a sophisticated hack-for-hire campaign targeted journalists and activists in the Middle East and North Africa, notably in Egypt and Lebanon. The attackers employed spear-phishing techniques, sending messages that appeared to be from legitimate sources to deceive victims into revealing personal data, including credentials and financial information. This campaign has been linked to the Bitter APT group, known for targeting government and critical infrastructure sectors across South Asia. The operation underscores the persistent threat posed by state-sponsored cyber espionage groups utilizing advanced social engineering tactics to infiltrate and compromise sensitive information. ([accessnow.org](https://www.accessnow.org/press-release/hack-for-hire-new-report-egyptian-journalists/?utm_source=openai))
2 months ago
Kill Chain
Handala Hackers Exploit Telegram for Malware Attacks in 2026
In March 2026, the FBI issued a warning about Iranian state-sponsored hackers, specifically the Handala group, utilizing Telegram as command-and-control infrastructure in malware attacks. These attacks targeted journalists critical of the Iranian government, dissidents, and opposition groups worldwide. The attackers employed social engineering tactics to infect Windows devices, enabling the exfiltration of screenshots and files from compromised systems. This activity led to intelligence collection, data leaks, and reputational harm to the victims. The incident underscores the evolving tactics of state-sponsored cyber actors, who are increasingly leveraging popular communication platforms like Telegram for malicious purposes. This trend highlights the need for heightened vigilance and robust cybersecurity measures to protect against sophisticated social engineering and malware deployment strategies.
3 months ago
Kill Chain
Russian Hackers Exploit Social Engineering to Access Signal and WhatsApp Accounts
In March 2026, Dutch intelligence agencies reported a large-scale global cyber campaign orchestrated by Russian state-sponsored hackers targeting Signal and WhatsApp accounts of government officials, military personnel, and journalists. The attackers employed sophisticated phishing and social engineering techniques, such as impersonating support chatbots, to deceive users into revealing security verification codes and passcodes. This enabled unauthorized access to individual and group conversations, potentially exposing sensitive information. ([themoscowtimes.com](https://www.themoscowtimes.com/2026/03/09/russian-hackers-targeting-messaging-apps-dutch-spies-say-a92164?utm_source=openai)) This incident underscores the evolving tactics of nation-state actors in exploiting widely-used encrypted messaging platforms. Despite the robust end-to-end encryption of these applications, the human element remains a critical vulnerability. Organizations must enhance user awareness and implement stringent security protocols to mitigate such social engineering threats.
3 months ago
Kill Chain
Russian Hackers Exploit Social Engineering to Access Signal and WhatsApp Accounts
In March 2026, Dutch intelligence agencies reported a large-scale global cyber campaign by Russian state-sponsored hackers targeting Signal and WhatsApp accounts of dignitaries, military personnel, civil servants, and journalists. The attackers employed social engineering techniques, such as impersonating Signal support chatbots, to deceive users into revealing verification and PIN codes. This allowed them to gain unauthorized access to accounts, read messages, and infiltrate group chats. The campaign exploited legitimate app features like 'linked devices' to maintain persistent access without the users' knowledge. ([english.aivd.nl](https://english.aivd.nl/latest/news/2026/03/09/russia-targets-signal-and-whatsapp-accounts-in-cyber-campaign?utm_source=openai)) This incident underscores the increasing sophistication of state-sponsored cyber operations and highlights the vulnerabilities associated with social engineering tactics. It serves as a critical reminder for organizations and individuals to exercise heightened vigilance, especially when using encrypted messaging platforms for sensitive communications.
3 months ago
Kill Chain
FBI Uncovers Russian-Linked Phishing Attacks on Encrypted Messaging Apps
In March 2026, the FBI issued a public service announcement attributing phishing campaigns targeting users of encrypted messaging apps, notably Signal and WhatsApp, to Russian intelligence services. These campaigns, active since at least early 2026, have compromised thousands of accounts by tricking users into sharing verification codes or scanning malicious QR codes, thereby granting attackers access to private messages and contact lists. The primary targets include individuals with access to sensitive information, such as U.S. government officials, military personnel, political figures, and journalists. This incident underscores the evolving tactics of nation-state actors in circumventing end-to-end encryption by exploiting human vulnerabilities. The widespread nature of these attacks highlights the urgent need for enhanced user awareness and robust security measures to protect against sophisticated phishing schemes.
3 months ago
Kill Chain
ICE's 2025 Reactivation of Paragon Solutions Spyware Contract Raises Privacy Concerns
In September 2025, the U.S. Immigration and Customs Enforcement (ICE) reactivated a $2 million contract with Israeli spyware vendor Paragon Solutions, initially signed in 2024 but paused for compliance review under an executive order restricting the use of commercial spyware. The contract involves Paragon's Graphite spyware, capable of infiltrating mobile devices and accessing encrypted communications. This reactivation has raised significant concerns among civil rights organizations regarding potential overreach and misuse of surveillance technology. The decision to proceed with the contract underscores the ongoing debate over the balance between national security measures and individual privacy rights, especially in light of previous controversies surrounding the use of commercial spyware by government agencies.
3 months ago
Kill Chain
Stop Active Cloud Data Exfiltration
Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.
Looking for threats in a different sector?
Browse All Threat Reports