A novel Rust-based information stealer named EDDIESTEALER is being spread via a malware campaign that uses the ClickFix social engineering tactic. Initiated through fake CAPTCHA verification pages, it prompts users to a series of actions which executes a malicious script harvesting sensitive data. The campaign begins with threat actors compromising legitimate websites with malicious JavaScript payloads. EDDIESTEALER, written in Rust, can collect system data and exfiltrate it to a command-and-control (C2) server.
Meta to Permanently Remove End-to-End Encryption Feature in Instagram DMs
Meta has confirmed it will permanently remove end-to-end encryption (E2EE) support from Instagram direct messages, with the feature officially shutting down after May 8, 2026.
