MOBILE

week in security

A week in security (December 22 – December 28)

December 29, 2025

A list of topics we covered in the week of December 22 to December 28 of 2025

Spotify logo

Hacktivists claim near-total Spotify music scrape

December 23, 2025

Hacktivists have scraped almost 100% of the content available on Spotify. Is there anything users need to worry about?

Pornhub logo

Pornhub tells users to expect sextortion emails after data exposure

December 22, 2025

Users affected by the data breach may be contacted directly by cybercriminals, Pornhub warns.

week in security

A week in security (December 15 – December 21)

December 22, 2025

A list of topics we covered in the week of December 15 to December 21 of 2025

ASUS logo

CISA warns ASUS Live Update backdoor is still exploitable, seven years on

December 19, 2025

Seven years after the original attack, CISA has added the ASUS Live Update backdoor to its Known Exploited Vulnerabilities catalog.

Scrooge running after lost money

The ghosts of WhatsApp: How GhostPairing hijacks accounts

December 18, 2025

Criminals are tricking WhatsApp users into linking an attacker’s browser to their account using fake login pages and routine-looking prompts.

slurp

Chrome extension slurps up AI chats after users installed it for privacy

December 18, 2025

The extension disclosed its AI data collection, but not in a way most users would recognize—or knowingly agree to.

Chrome logo

Two Chrome flaws could be triggered by simply browsing the web: Update now

December 17, 2025

Google's patched two flaws in Chrome, both of which can be triggered remotely when a user loads specially crafted web content.

phish hook in laptop

Inside a purchase order PDF phishing campaign

December 17, 2025

A “purchase order” PDF blocked by Malwarebytes led to a credential-harvesting phishing site. So we analyzed the attack and where the data went next.