At least one TikTok Business account
March 24, 2026
•[ phishing, adversary-in-the-middle, credential theft ]
Threat actors used adversary-in-the-middle phishing pages impersonating TikTok for Business and Google Careers to capture credentials and session cookies and hijack at least one TikTok Business account while bypassing 2FA.
Apex Legends
January 9, 2026
•[ security incident, account hijacking, gameplay disruption ]
BleepingComputer reported that Apex Legends players experienced a security incident over the weekend beginning at least January 9, 2026, where an external actor hijacked player characters during live matches, attempted to move characters off-map, disconnected players, and altered nicknames. Respawn publicly acknowledged an active security incident and stated that its initial investigation found no evidence that the bad actor could install or execute code (i.e., no RCE/injection) and did not frame the incident as a malware infection. The primary confirmed impact described is disruption of gameplay integrity and player sessions during live matches.
X account of nonprofit consortium ‘The Green Grid'
January 3, 2024
•[ account hijacking, cryptocurrency scam, social media compromise ]
The X (formerly Twitter) account of nonprofit consortium The Green Grid' is hijacked to promote a cryptocurrency scam.
