Security
  • Menu
  • All Tips
  • FAQs
  • Categories
  • Guidelines
  • Data Security Support
  • Tools
  • Have I Been Pwned?
  • Pwned Passwords
  • Email Checker
  • Password Generator
  • My IP
  • Privacy
DATA PRIVACY NOTICE AND CONSENT FORM

Cloudstaff is committed to protecting the privacy of its data subjects, and ensuring the safety and security of personal data under its control and custody. This policy provides information on what personal data is gathered by Cloudstaff Security Tips about its current, past, and prospective employees; how it will use and process this; how it will keep this secure; and how it will dispose of it when it is no longer needed. This information is provided in compliance with the Philippine Republic Act No. 10173, also known as, the Data Privacy Act of 2012 (DPA) and its Implementing Rules and Regulations (DPA-IRR). It sets out Cloudstaffs’ data protection practices designed to safeguard the personal data of individuals it deals with, and also to inform such individuals of their rights under the Act.

The personal data obtained from this application is entered and stored within the Cloudstaff system and will only be accessed by the Cloudstaff’s authorized personnel. Cloudstaff have instituted appropriate organizational, technical and cloud security measures (Amazon Web Services Shared Responsibility) to ensure the protection of the users personal data.

Information collected will be automatically deleted after three (3) years inactivity.

Furthermore, the information collected and stored in the application are as follows:
  • Given Name
  • Family Name
  • Avatar [Profile Picture]

USER CONSENT

I have read the Data Privacy Statement and expressed my consent for Cloudstaff to collect, record, organize, update or modify, retrieve, consult, use, consolidate, block, erase or destruct my personal data as part of my information.

I hereby affirm my right to be informed, object to processing, access and rectify, suspend or withdraw my personal data, and be indemnified in case of damages pursuant to the provisions of the Republic Act No. 10173 of the Philippines, Data Privacy Act of 2012 and its corresponding Implementing Rules and Regulations.

If you want to exercise any of your rights, or if you have any questions about how we process your personal data, please contact Cloudstaff’s Data Protection Officer, through the following channel:

Email to privacy@cloudstaff.com

  • Log in Now
Have some tips? Write it down and share it to your friends!

Click Login Now button to start!


First Known Malicious Outlook Add-In Caught Stealing User Logins
 

Cybersecurity researchers found the first known harmful Microsoft Outlook add-in used in a real attack. The add-in, called AgreeTo, was once a normal calendar tool but was abandoned after 2022. An attacker took control of its expired web address and replaced it with a fake Microsoft login page. When users entered their passwords, the attacker stole them. Over 4,000 accounts were affected.

This happened because Outlook add-ins load content from a web link that can change over time. Microsoft checks the add-in when it is first approved, but it does not always monitor the live web content later. If a web address expires and someone else takes it, they can use it for phishing or other attacks.

How users can protect themselves:

  • Avoid installing old or unused add-ins.
  • Remove add-ins you no longer use.
  • Turn on multi-factor authentication (MFA) for your Microsoft account.
  • Check the web address carefully before entering your...
    February 11, 2026 15:51 (on 2/11/26) |  0 | 1 minute read
Microsoft Warns macOS Users of Rising Data-Stealing Attacks
 

Microsoft is warning that cybercriminals are increasingly targeting Apple macOS users with data-stealing malicious software, expanding beyond their traditional focus on Windows systems.

The company says attackers are using deceptive online ads, fake websites, and phishing messages to trick people into installing malicious software. These scams often appear when users search for popular tools, including AI-related apps or utility software, and are sometimes delivered through platforms like Google Ads.

Once installed, the malware can quietly steal sensitive information such as saved passwords, browser data, financial details, and even cryptocurrency credentials. In some cases, attackers also gain access to cloud accounts and developer information.

Microsoft noted that some of these campaigns are linked to organized threat groups and have been spread not only through email but also through messaging apps like WhatsApp. The stolen data is then sent back to the...


February 4, 2026 17:12 (on 2/5/26) |  0 | 2 minutes read
Fake AI Coding Assistant on VS Code Installs Malware
 

Security researchers found a fake add-on for Visual Studio Code that claimed to be a free AI helper for Moltbot, a popular tool. The add-on appeared in the official VS Code store but secretly installed harmful software that let attackers take control of users’ computers. Moltbot does not have an official VS Code add-on, and attackers used its popularity to trick people. Microsoft has now removed the fake add-on.

After installation, the add-on ran automatically whenever VS Code was opened and downloaded harmful files from the attackers. This allowed them to quietly access and control the computer. Researchers also warned that many Moltbot setups are not well protected, leaving chat messages and login details exposed. Since Moltbot can send messages and perform actions for users, attackers could pretend to be them, steal information, or spread more harmful add-ons.

Safety Tips for Users:

  • Install extensions only from trusted and verified...
    January 28, 2026 16:14 (on 1/29/26) |  0 | 1 minute read
LinkedIn Becomes New Target for Malicious software Scams, Researchers Warn
 

Cybersecurity researchers are warning about a new scam on LinkedIn where hackers use private messages to trick people into downloading harmful files.

According to security firm ReliaQuest, attackers contact professionals through LinkedIn, build trust, and convince them to download what appears to be a harmless file. In reality, the download secretly installs malicious software on the victim’s computer.

Once opened, the file allows attackers to quietly gain ongoing access to the system, steal sensitive information, and potentially move deeper into company networks—without the victim noticing anything unusual.

Researchers say this method is especially dangerous because most companies focus on protecting email, while social media messages often go unmonitored. This gives attackers an easier way to bypass security defenses.

ReliaQuest noted that the campaign appears widespread and targets users across different industries and regions. The company warned that...


January 21, 2026 16:14 (on 1/22/26) |  0 | 1 minute read
Hackers Can Trick Copilot Into Sharing Secrets with Just a Link
 

Researchers have discovered a new attack called Reprompt that can steal sensitive data from AI chatbots like Microsoft Copilot. The attack works with just one click on a real Microsoft link and does not need any plugins or extra user actions. It tricks the chatbot into following hidden instructions from the attacker’s server, even after the chat is closed, so data can be taken without the user knowing. Microsoft has fixed this issue, and enterprise users of Microsoft 365 Copilot are safe. This attack shows that AI systems can’t always tell the difference between safe user instructions and harmful ones, and similar attacks have been found on many AI platforms.

Safety tips for users:

  • Think before you click: Avoid clicking on unexpected AI links in emails or messages.
  • Limit personal info: Avoid entering sensitive data into AI tools unless necessary.
  • Check...
    January 15, 2026 16:07 (on 1/16/26) |  0 | 1 minute read
Millions May Be Sharing AI Chats Without Knowing It
 

Security experts have found two popular Chrome browser extensions that secretly read and send users’ ChatGPT and DeepSeek conversations to outside servers without their knowledge. Together, the extensions have been downloaded by more than 900,000 people.

The affected extensions are:

  • Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI
  • AI Sidebar with Deepseek, ChatGPT, Claude, and more

The extensions claim they only collect basic, anonymous data to improve user experience. In reality, they copy full chat conversations, along with the websites users visit, and send this information to the people who created the extensions.

Experts warn that this stolen information could include personal details, work discussions, or confidential business data. It could be misused for scams, identity theft, or spying on companies.

Researchers say this is part of a growing trend called...


January 7, 2026 16:12 (on 1/8/26) |  0 | 2 minutes read
Don’t Gift Your Passwords Away
 

The holiday season often brings travel, shopping, and shared devices — all of which increase the risk of password exposure. Avoid reusing passwords and never share them through email or chat. When you need to send credentials, use secure tools like Password Pusher with one-time access and short expiration. A few extra seconds of caution can prevent account compromise and keep your holidays worry-free.


December 15, 2025 22:21 (on 12/16/25) |  0 | QR Ready | 1 minute read
Unpair from Danger
 

Turn off Bluetooth when you’re not using it to reduce your exposure to wireless attacks. Attackers can sometimes exploit open Bluetooth connections to access your device or track its location. Disabling it when it’s not needed helps keep your data and privacy safer. Make it a habit to switch Bluetooth on only when you actively need it. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support. 


December 11, 2025 16:13 (on 12/12/25) |  0 | QR Ready | 1 minute read
56 Security Flaws Fixed by Microsoft, Including Actively Exploited Bug
 

Microsoft has rolled out its final set of security updates for 2025, fixing 56 vulnerabilities in Windows, including one that has already been exploited by hackers.

Of these issues, three are critical and the rest are considered important. The problems affect a wide range of Windows features and could allow attackers to take control of computers or access sensitive information if left unpatched.

One of the most serious flaws affects the Cloud Files feature, used by services like OneDrive and Google Drive. Hackers could exploit this flaw to gain full control of a computer, although they would need to first gain access to the system through other means. Because of its severity, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to install the patch by December 30, 2025.

Two other notable issues involve Windows PowerShell and...


December 10, 2025 22:08 (on 12/11/25) |  0 | 2 minutes read
Trust Isn’t Instant
 

Be cautious of social engineering scams, where attackers try to trick you, not your computer, by pretending to be trusted people or companies. If a message or call creates urgency, fear, or pressure to act quickly, pause and verify before responding. Always double-check using official contact information and never share personal details with anyone who contacted you first.

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support.


December 10, 2025 16:28 (on 12/11/25) |  0 | QR Ready | 1 minute read
  • First
  • «
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • »
  • Last


Submit New Tip



  2021 © Mazer

Security Tips v2.0.1 | Crafted with by Saugi