FBI Warns iPhone and Android Users about Chinese Attack; How to Tell If Your Online Accounts Have Been Hacked; Google’s Zero Day Flaw Fixed – Make Sure Chrome’s Updated… and more!
Every day, we scan the tech world for interesting news, sometimes from outside the tech world. Every Thursday, we feature news articles that grabbed our attention over the past week. We hope you find this week’s ‘Thursday Newsbytes’ informative and interesting!
FBI Warning As iPhone, Android Users ‘Bombarded’ By Chinese Attack
Stop sending texts, the FBI told Americans in December, as Chinese hackers marauded through U.S. networks. But there’s another text threat that’s now rapidly sweeping across America “from state to state,” and this one is more likely to get you, stealing your money, maybe even your identity. And it’s also made in China.
“Have you received a text suggesting you may owe unpaid tolls on your vehicle?” the bureau warned again this week. “There is a good chance it’s a fraudster trying to get your personal information.” We’re talking the smishing texts now targeting iPhone and Android phones across America with fake toll bills. The FBI tells users to delete these texts immediately, and there are lots of them.
In a new report, the Anti-Phishing Working Group (APWG) paints a bleak picture. “Residents of the U.S. are being bombarded with text messages from Chinese phishers, purporting to come from U.S. toll road operators…
How to tell if your online accounts have been hacked
More and more hackers are targeting regular people with the goal of breaking into their bank accounts, stealing their crypto, or simply stalking them. These types of attacks are still relatively rare, so there’s no need for alarm. But it’s important to know what you can do to protect yourself if you suspect someone accessed your email, social media account, chat apps, or any other major service and platform.
A few years ago, I wrote a guide to help people protect themselves, and understand that most of the companies you have an account with already offer you tools to take control of your accounts’ security, even before you contact them for help, which in some cases you still should do.
Here we break down what you can do on several different online services, including Gmail (and more broadly a Google account), Facebook, Apple ID, and more. And come back often because this is a regularly updated resource, both in terms of making sure the instructions for each individual service or platform are up to date, as well as to add new ones…
Google Chrome security flaw could have let hackers spy on all your online habits
Google fixed its first Chrome zero-day of 2025
Google has fixed a high-severity zero-day vulnerability in its Chrome browser that was being exploited in the wild.
In a security advisory, the company described the bug as an “incorrect handle provided in unspecified circumstances in Mojo on Windows”.
The flaw is tracked as CVE-2’25-2783, and it’s yet to be given a severity score. Google just lists it as “high” in its advisory. It was fixed with version 134.0.6998.178 that already rolled out, so make sure to double-check if you’ve already received it…
Creator of HaveIBeenPwned Data Breach Site Falls for Phishing Email
However, the hacker behind the phishing attack appears to have only stolen the email addresses of those who subscribed to Troy Hunt’s blog, rather than Haveibeenpwned.com.
A hacker has managed to phish Troy Hunt, the creator of HaveIBeenPwned.com, tricking the security expert into clicking a malicious email while he was jetlagged.
The breach affects people who subscribed to Hunt’s personal blog, rather than HaveIBeenPwned, a data breach notification site that’s attracted millions of users. “I’m enormously frustrated with myself for having fallen for this, and I apologize to anyone on that list,” he said…
The growing threat of device code phishing and how to defend against It
How to protect against device-code phishing
Just as we think we’re getting one step ahead of cybercriminals, they find a new way to evade our defenses.
The latest method causing trouble for security teams is that of device code phishing, a technique that tricks users into granting access to sensitive accounts without attackers needing to steal a password.
Microsoft recently issued a warning about a particular device code phishing campaign being conducted by Storm-2372, where a supposed Russian-backed threat actor was wreaking havoc by hijacking user sessions through legitimate authentication flows. These attacks are trickier to detect than usual given that they exploit real login pages (rather than the spoofed versions that traditional phishing techniques relied on) and are capable of bypassing multi-factor authentication (MFA).
The recent warning from Microsoft will most likely be the first of many…
Thanks for reading this week’s Thursday Newbytes. We hope these articles were informative, interesting, fun, and helpful.
