Security
  • Menu
  • All Tips
  • FAQs
  • Categories
  • Guidelines
  • Data Security Support
  • Tools
  • Have I Been Pwned?
  • Pwned Passwords
  • Email Checker
  • Password Generator
  • My IP
  • Privacy
DATA PRIVACY NOTICE AND CONSENT FORM

Cloudstaff is committed to protecting the privacy of its data subjects, and ensuring the safety and security of personal data under its control and custody. This policy provides information on what personal data is gathered by Cloudstaff Security Tips about its current, past, and prospective employees; how it will use and process this; how it will keep this secure; and how it will dispose of it when it is no longer needed. This information is provided in compliance with the Philippine Republic Act No. 10173, also known as, the Data Privacy Act of 2012 (DPA) and its Implementing Rules and Regulations (DPA-IRR). It sets out Cloudstaffs’ data protection practices designed to safeguard the personal data of individuals it deals with, and also to inform such individuals of their rights under the Act.

The personal data obtained from this application is entered and stored within the Cloudstaff system and will only be accessed by the Cloudstaff’s authorized personnel. Cloudstaff have instituted appropriate organizational, technical and cloud security measures (Amazon Web Services Shared Responsibility) to ensure the protection of the users personal data.

Information collected will be automatically deleted after three (3) years inactivity.

Furthermore, the information collected and stored in the application are as follows:
  • Given Name
  • Family Name
  • Avatar [Profile Picture]

USER CONSENT

I have read the Data Privacy Statement and expressed my consent for Cloudstaff to collect, record, organize, update or modify, retrieve, consult, use, consolidate, block, erase or destruct my personal data as part of my information.

I hereby affirm my right to be informed, object to processing, access and rectify, suspend or withdraw my personal data, and be indemnified in case of damages pursuant to the provisions of the Republic Act No. 10173 of the Philippines, Data Privacy Act of 2012 and its corresponding Implementing Rules and Regulations.

If you want to exercise any of your rights, or if you have any questions about how we process your personal data, please contact Cloudstaff’s Data Protection Officer, through the following channel:

Email to privacy@cloudstaff.com

  • Log in Now
Have some tips? Write it down and share it to your friends!

Click Login Now button to start!


Massiv Malware Targets Mobile Banking Users Through Bogus IPTV Downloads
 

Cybersecurity firm ThreatFabric has identified a new Android malware strain called Massiv that enables criminals to take over victims’ phones and steal money from their bank accounts.

The malware spreads through fake IPTV apps distributed via SMS phishing. Posing as an “important update,” it tricks users into granting permissions that give attackers full control of the device. Findings shared with The Hacker News warn that despite limited campaigns so far, the threat to mobile banking users is significant.

Massiv has primarily targeted users in Portugal and Greece. In one campaign, attackers impersonated Portugal’s government services app, gov.pt, stealing phone numbers and PIN codes — in some cases using the data to open bank accounts for fraud or money laundering.

Once installed, Massiv can remotely control the phone, hide activity with a black screen, intercept text messages, capture banking credentials, and install additional malware. Unlike...

February 25, 2026 17:57 (on 2/26/26) |  0 | 2 minutes read
Copilot and Grok Found Vulnerable to Secret Hacker Control Channel
 

Cybersecurity experts have revealed a new way hackers can misuse AI assistants like Microsoft Copilot and Grok to secretly control infected computers. The method, called “AI as a C2 proxy” by Check Point, lets attackers send commands and steal information through AI tools, all while blending into normal online activity.

The process works like this: a hacker first infects a computer with malware. Then, the malware talks to the AI assistant using specially designed prompts. The AI fetches instructions from the hacker and sends back responses, effectively acting as a hidden communication channel. Surprisingly, this can happen without needing any account or API key, making it harder to detect or stop.

Experts warn that this is more than just a way to sneak commands past defenses. Hackers could use AI to plan attacks in real time, figure out which computers are valuable targets, and even avoid detection—turning AI into a smart accomplice.

This...

February 18, 2026 18:26 (on 2/19/26) |  0 | 2 minutes read
First Known Malicious Outlook Add-In Caught Stealing User Logins
 

Cybersecurity researchers found the first known harmful Microsoft Outlook add-in used in a real attack. The add-in, called AgreeTo, was once a normal calendar tool but was abandoned after 2022. An attacker took control of its expired web address and replaced it with a fake Microsoft login page. When users entered their passwords, the attacker stole them. Over 4,000 accounts were affected.

This happened because Outlook add-ins load content from a web link that can change over time. Microsoft checks the add-in when it is first approved, but it does not always monitor the live web content later. If a web address expires and someone else takes it, they can use it for phishing or other attacks.

How users can protect themselves:

  • Avoid installing old or unused add-ins.
  • Remove add-ins you no longer use.
  • Turn on multi-factor authentication (MFA) for your Microsoft account.
  • Check the web address carefully before entering your...
    February 11, 2026 15:51 (on 2/11/26) |  0 | 1 minute read
Microsoft Warns macOS Users of Rising Data-Stealing Attacks
 

Microsoft is warning that cybercriminals are increasingly targeting Apple macOS users with data-stealing malicious software, expanding beyond their traditional focus on Windows systems.

The company says attackers are using deceptive online ads, fake websites, and phishing messages to trick people into installing malicious software. These scams often appear when users search for popular tools, including AI-related apps or utility software, and are sometimes delivered through platforms like Google Ads.

Once installed, the malware can quietly steal sensitive information such as saved passwords, browser data, financial details, and even cryptocurrency credentials. In some cases, attackers also gain access to cloud accounts and developer information.

Microsoft noted that some of these campaigns are linked to organized threat groups and have been spread not only through email but also through messaging apps like WhatsApp. The stolen data is then sent back to the...

February 4, 2026 17:12 (on 2/5/26) |  0 | 2 minutes read
Fake AI Coding Assistant on VS Code Installs Malware
 

Security researchers found a fake add-on for Visual Studio Code that claimed to be a free AI helper for Moltbot, a popular tool. The add-on appeared in the official VS Code store but secretly installed harmful software that let attackers take control of users’ computers. Moltbot does not have an official VS Code add-on, and attackers used its popularity to trick people. Microsoft has now removed the fake add-on.

After installation, the add-on ran automatically whenever VS Code was opened and downloaded harmful files from the attackers. This allowed them to quietly access and control the computer. Researchers also warned that many Moltbot setups are not well protected, leaving chat messages and login details exposed. Since Moltbot can send messages and perform actions for users, attackers could pretend to be them, steal information, or spread more harmful add-ons.

Safety Tips for Users:

  • Install extensions only from trusted and verified...
    January 28, 2026 16:14 (on 1/29/26) |  0 | 1 minute read
LinkedIn Becomes New Target for Malicious software Scams, Researchers Warn
 

Cybersecurity researchers are warning about a new scam on LinkedIn where hackers use private messages to trick people into downloading harmful files.

According to security firm ReliaQuest, attackers contact professionals through LinkedIn, build trust, and convince them to download what appears to be a harmless file. In reality, the download secretly installs malicious software on the victim’s computer.

Once opened, the file allows attackers to quietly gain ongoing access to the system, steal sensitive information, and potentially move deeper into company networks—without the victim noticing anything unusual.

Researchers say this method is especially dangerous because most companies focus on protecting email, while social media messages often go unmonitored. This gives attackers an easier way to bypass security defenses.

ReliaQuest noted that the campaign appears widespread and targets users across different industries and regions. The company warned that...

January 21, 2026 16:14 (on 1/22/26) |  0 | 1 minute read
Hackers Can Trick Copilot Into Sharing Secrets with Just a Link
 

Researchers have discovered a new attack called Reprompt that can steal sensitive data from AI chatbots like Microsoft Copilot. The attack works with just one click on a real Microsoft link and does not need any plugins or extra user actions. It tricks the chatbot into following hidden instructions from the attacker’s server, even after the chat is closed, so data can be taken without the user knowing. Microsoft has fixed this issue, and enterprise users of Microsoft 365 Copilot are safe. This attack shows that AI systems can’t always tell the difference between safe user instructions and harmful ones, and similar attacks have been found on many AI platforms.

Safety tips for users:

  • Think before you click: Avoid clicking on unexpected AI links in emails or messages.
  • Limit personal info: Avoid entering sensitive data into AI tools unless necessary.
  • Check...
    January 15, 2026 16:07 (on 1/16/26) |  0 | 1 minute read
Millions May Be Sharing AI Chats Without Knowing It
 

Security experts have found two popular Chrome browser extensions that secretly read and send users’ ChatGPT and DeepSeek conversations to outside servers without their knowledge. Together, the extensions have been downloaded by more than 900,000 people.

The affected extensions are:

  • Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI
  • AI Sidebar with Deepseek, ChatGPT, Claude, and more

The extensions claim they only collect basic, anonymous data to improve user experience. In reality, they copy full chat conversations, along with the websites users visit, and send this information to the people who created the extensions.

Experts warn that this stolen information could include personal details, work discussions, or confidential business data. It could be misused for scams, identity theft, or spying on companies.

Researchers say this is part of a growing trend called...

January 7, 2026 16:12 (on 1/8/26) |  0 | 2 minutes read
Don’t Gift Your Passwords Away
 

The holiday season often brings travel, shopping, and shared devices — all of which increase the risk of password exposure. Avoid reusing passwords and never share them through email or chat. When you need to send credentials, use secure tools like Password Pusher with one-time access and short expiration. A few extra seconds of caution can prevent account compromise and keep your holidays worry-free.

December 15, 2025 22:21 (on 12/16/25) |  0 | QR Ready | 1 minute read
Unpair from Danger
 

Turn off Bluetooth when you’re not using it to reduce your exposure to wireless attacks. Attackers can sometimes exploit open Bluetooth connections to access your device or track its location. Disabling it when it’s not needed helps keep your data and privacy safer. Make it a habit to switch Bluetooth on only when you actively need it. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support. 

December 11, 2025 16:13 (on 12/12/25) |  0 | QR Ready | 1 minute read
  • First
  • «
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • »
  • Last


Submit New Tip



  2021 © Mazer

Security Tips v2.0.1 | Crafted with by Saugi