Find notable cyber news and cases, enriched with sources, timelines, and signals.

TikTok for Business phishing campaign using Turnstile and reverse proxy

Campaign
First reported
Last updated
Happening score
H score 31
2 unique sources, 2 articles

Summary

Hide ▲

A phishing campaign is targeting TikTok for Business accounts and uses Cloudflare Turnstile to block automated analysis before exposing a reverse-proxy credential-stealing page. The operation can let attackers hijack accounts even when 2FA is enabled, increasing risk of ad fraud, malvertising, and malicious-content distribution. Victims are funneled through Google Storage redirects to lookalike pages registered on March 24. The activity matters because business-account abuse can translate into broader advertising and platform abuse.

Related Happenings

REF6045 ClickFix banking fraud campaign targeting Mexican financial users

Campaign
H score36 First: 08.07.2026 15:52 Last: 08.07.2026 15:52 Sources 1

About this happening: The **REF6045** campaign is actively targeting **customers of Mexican banks, fintechs, payment processors, and cryptocurrency exchanges**, using **ClickFix** lures to push victims...

Hotel and hospitality photo-ZIP phishing campaign

Campaign
H score40 First: 26.06.2026 12:27 Last: 26.06.2026 12:27 Sources 1

About this happening: An **active phishing campaign** is targeting **hotel and hospitality organizations** across **Europe and Asia**, increasing the risk of **front-desk machine compromise** and durab...

Google civil lawsuit against Outsider Enterprise

Regulatory/Legal Action
H score55 First: 14.06.2026 17:36 Last: 14.06.2026 17:36 Sources 1

About this happening: **Google** filed a **civil lawsuit** against **Outsider Enterprise**, adding legal pressure to a major **phishing infrastructure** operation that sent fraudulent texts at scale. T...

Google DoubleClick malspam campaign delivering DesckVB RAT

Campaign
H score33 First: 03.06.2026 19:29 Last: 03.06.2026 19:29 Sources 1

About this happening: A **new malspam campaign** is abusing **Google's DoubleClick** redirect path to evade detection and deliver **DesckVB RAT**, putting users and organizations at risk of malware inf...

Google Chrome DBSC rolls out session-cookie theft protection for all users

Security Tool/Service
H score10 First: 29.05.2026 15:08 Last: 29.05.2026 15:08 Sources 1

About this happening: Google's **Chrome Device Bound Session Credentials (DBSC)** is now **generally available** and rolling out to **all users**, reducing the risk of **account takeovers** from stolen...

Timeline

  1. 26.03.2026 16:09 2 articles · 3mo ago

    TikTok for Business phishing pages are registered

    Campaign Scope Update

    Cloudflare-hosted phishing pages targeting TikTok for Business accounts are registered on March 24 via NiceNIC, and the setup uses lookalike domains hosted in the same Google Storage bucket.

    Show sources
  2. 26.03.2026 16:09 1 articles · 3mo ago

    Public disclosure of the TikTok for Business phishing campaign

    Initial Disclosure

    Threat actors target TikTok for Business accounts through Cloudflare-hosted phishing pages that use a Cloudflare Turnstile check to block automated analysis and a reverse-proxy login page to steal credentials and session cookies, allowing account hijacking even when 2FA is enabled and possible abuse through Google single sign-on (SSO).

    Show sources