Meta says it has stopped a phishing campaign linked to Israeli spyware company NSO Group that tried to trick people into clicking harmful links.

The attacks attempted to redirect users outside of WhatsApp to external websites designed to steal information. Meta also found and removed fake accounts and groups linked to the activity.

The company did not share how many users were affected or when the attacks occurred, but confirmed the campaign has been blocked and is under investigation.

Meta is also pursuing legal action, saying NSO Group violated a court order that previously prohibited targeting WhatsApp users. This follows earlier legal rulings involving large-scale spyware abuse through WhatsApp.

Meta reminded users that WhatsApp messages are protected by default security features and encouraged everyone to stay alert and report suspicious activity.

Recommended actions:

• Keep your apps and device software...

  ---

  June 10, 2026 19:16 (14 hours, 43 minutes ago) |  0 | 1 minute read

Keep your personal and work activities separate to help protect company information and reduce security risks. Avoid using personal email accounts or personal cloud storage services for work-related tasks, as they may not provide the same level of protection as company-approved systems. Using dedicated work accounts and approved platforms helps prevent accidental data exposure and keeps sensitive information better protected.

Do you have a question? Submit a ticket at [PB-8324] Tech QuickSupport Request.

AI can speed up your work, but every prompt carries responsibility. Anything you enter may be processed or exposed, so avoid sharing sensitive information. Keep prompts clean, intentional, and necessary.

Do:
• Use AI for general tasks
• Remove personal/company data
• Follow AI usage policies
• Use approved platforms
• Review before sending

Avoid:
× Share personal data (IDs, addresses, health info)
× Include confidential company/client info
× Paste contracts, financials, or internal docs
× Upload passwords or API keys
× Assume AI is fully private

Think before you prompt.

Do you have a question? Submit a ticket at [PB-8324]...

Hackers exploit trust, fear, urgency, curiosity, and authority to trick people into sharing sensitive information. Social engineering attacks rely on psychology more than technology.

Key Tactics:
• Trust – Impersonating coworkers, leaders, or trusted brands.
• Fear & Urgency – Pressuring quick decisions.
• Curiosity – Using enticing messages or attachments.
• Obligation – Taking advantage of people's willingness to help.
• Authority & Social Proof – Using fake credibility or peer pressure.

"Awareness Beats Manipulation"

Do you have a question? Submit a ticket at...

Only enter company information on trusted and verified websites. Before logging in or providing any details, check that the website is legitimate and that the URL matches the official site. Be cautious when a website asks for company credentials, employee information, financial details, or other sensitive data. If anything seems unusual or unexpected, verify the website before entering any information. 

Do you have a question? Submit a ticket at [PB-8324] Tech QuickSupport Request. 

Disable auto-connect for Wi-Fi networks and manually select trusted networks whenever possible. Attackers can create fake Wi-Fi hotspots that mimic legitimate networks, potentially allowing them to intercept data or steal login credentials. Before connecting, verify the network name and avoid joining unknown or suspicious Wi-Fi networks, especially in public places.

Do you have a question? Submit a ticket at [PB-8324] Tech QuickSupport Request

Treat unexpected QR codes with the same caution as suspicious links. Cybercriminals can use QR codes to direct users to fake websites, malicious software downloads, or phishing pages designed to steal sensitive information. Before scanning, verify the source and ensure the QR code comes from a trusted and legitimate provider. If a QR code seems out of place or arrives unexpectedly, avoid scanning it and confirm its authenticity through another trusted channel. 

Do you have a question? Submit a ticket at [PB-8324] Tech QuickSupport Request. 

Avoid using unauthorized applications, websites, cloud services, or AI tools for work-related tasks, as these may bypass company security protections and expose sensitive information to unnecessary risks. Even trusted or popular tools can create hidden security gaps if they have not been reviewed and approved by the organization. Always use company-approved tools and consult IT or security team before adopting new tools or services.

Do you have a question? Submit a ticket at [PB-8324] Tech QuickSupport Request

A single harmful notification from apps like WhatsApp, Slack, SMS, Signal, Instagram, or Messenger could trick Google’s Gemini voice assistant on Android into following fake instructions. This could lead it to send false messages, open apps, join video calls like Zoom, control smart home devices, or even save wrong information in its memory. The attack does not need any malicious app installed—only Gemini’s ability to read notifications and treat them as trusted input. Security researcher Or Yair from SafeBreach found this issue after earlier similar attacks using fake calendar invites, and later discovered a way to bypass Google’s added protections. Google has since fixed the problem, and there is no evidence it was used in real-world attacks.

Yair’s method, called “Fake Context Alignment,” tricks both the system and the user by hiding real permission prompts in confusing ways, such as using another language or placing instructions inside links that are not read aloud....

Always install updates for your devices as soon as they become available. These updates often include critical security fixes that help protect against emerging threats. Running outdated software can increase the risk of cyberattacks and unauthorized access. Keeping your devices up to date is one of the easiest ways to improve your overall cybersecurity. 

Do you have a question? Submit a ticket at [PB-8324] Tech QuickSupport Request.