Skip to main content

Hackers already targeting vulnerable XP users

hackers already targeting vulnerable xp users windows
Image used with permission by copyright holder

Microsoft officially abandoned Windows XP this week and urged customers to upgrade, which means no more security updates and patches for the majority of users still running the operating system. According to research carried out over the weekend by security firm Malwarebytes, there are already plenty of scams and dodgy downloads that XP users should be steering clear of.

“XP may be dead and gone in terms of updates, but that doesn’t mean pitfalls and boobytraps have followed suit,” wrote Christopher Boyd, Malware Intelligence Analyst at Malwarebytes, on the company blog. Boyd and his team have discovered a variety of different threats that masquerade as useful security programs, key generators and setup files for XP.

One of the XP-related downloads spotted by the firm was for a driver update suite that users have to pay to register. It scored a 5/51 on Malwarebytes’ internal scoring system, which makes it a low-level threat, but Boyd advises against using unverified third-party applications to plug the holes that Microsoft has left. While commercial packages can help protect your copy of XP, look for products that are well-established and extensively reviewed by technology press outlets.

Boyd concludes: “Take care with the last minute surge of XP themed downloads and offers — whether on social networks, forums or video sharing sites a lot of what you’re going to see over the coming weeks will probably not do you any favours to install or sign up to.” For more on staying safe as a Windows XP user, see our guide to surviving the end of support.

David Nield
Dave is a freelance journalist from Manchester in the north-west of England. He's been writing about technology since the…
This dangerous new hacker tool makes phishing worryingly easy
Computer user touching on Microsoft Word icon to open the program.

Setting up phishing campaigns for Microsoft 365 has become a relatively straightforward process due to a phishing-as-a-service (PhaaS) platform named Caffeine.

As reported by Bleeping Computer, the service offers a way for cybercriminals to target individuals in order to obtain access to their Microsoft 365 accounts.

Read more
This severe TikTok vulnerability gives hackers 70 ways to steal your info
Person's hand holding a smartphone with TikTok's logo on screen, all in front of a blurred background.

After internal testing, Microsoft discovered an exploit in the Android version of TikTok that could have given attackers access to huge amounts of personal data with a single click.

The vulnerability has already been fixed, and it does not appear that anyone has been affected by the exploit. The attackers could have used this vulnerability to access user profiles, allowing outside forces to publicize private videos, send messages, and even upload videos.

Read more
This vulnerability allowed hackers to access every aspect of your Mac
The MacBook Air on a table in front of a window.

Apple just released an update for your Mac and MacBook that includes two important security fixes. The vulnerability is in MacOS Monterey and you need to have version 12.5.1 to keep your Mac safe from active exploits.

An active exploit is a computer security term that means this security flaw has already been found and used by hackers. While the full details of the vulnerabilities are being withheld to give people a chance to download the update, Apple did share some information about the issues.

Read more