Hackers Tricked Meta’s AI Chatbot Into Handing Over Instagram Accounts
Hackers tricked Meta’s AI chatbot into resetting Instagram passwords and hijacking high-profile accounts. Meta says the exploit is now patched.
Archive
Tag: Cybersecurity
Dutch Police Dismantle 17M-Device Botnet—Residential Proxies Were the Weapon
Dutch police took down a botnet of 17 million infected devices controlled via 200 servers in the Netherlands, linked to Russian proxy service ASOCKS.
ShinyHunters Stole 183K 7-Eleven Records—Tried to Sell for $250K
ShinyHunters stole 183K+ records from 7-Eleven in April, demanded ransom, then offered the data for $250K on a hacker forum after the company refused to pay.
nginx-poolslip—AI Agent Found Unpatched RCE in 30% of the Web
Unpatched NGINX 1.31.0 RCE zero-day nginx-poolslip bypasses ASLR. Found by AI agent 8 days after nginx-rift patch. No CVE, no fix, millions of servers at risk.
1.8M Fingerprints Stolen—This NYC Hospital Breach Is Permanent
Fingerprints and medical records of 1.8M people were stolen from NYC Health + Hospitals. Unlike passwords or SSNs, biometric data cannot be replaced or revoked.
GitHub’s Own Repos Got Hit—One Poisoned VS Code Extension Was All It Took
A poisoned VS Code extension gave TeamPCP 3,800 GitHub internal repos. Days earlier the same group hit Nx Console (2.2M installs) for developer credentials.
CISA’s Own Contractor Leaked AWS GovCloud Keys on GitHub for 6 Months
A CISA contractor exposed AWS GovCloud keys and plaintext passwords on GitHub for six months. Researchers call it the worst government data leak in years.
Bug Bounty Platforms Drowning in AI Slop—Curl and Nextcloud Already Pulled the Plug
Bugcrowd reports submissions surged 334% in three weeks as AI-generated fake vulnerability reports flood platforms. Curl and Nextcloud ended their paid programs. The signal-to-noise crisis is…
Cisco’s 6th SD-WAN Zero-Day of 2026 Is CVSS 10.0—And Already Exploited
Cisco disclosed CVE-2026-20182, a CVSS 10.0 SD-WAN auth bypass exploited by threat actor UAT-8616. CISA gave federal agencies just 3 days to patch the flaw.
Linux Hit by Dirty Frag—Second Root-Level Zero-Day in Two Weeks
Dirty Frag chains two kernel vulnerabilities to grant root access on every major Linux distribution, with a deterministic exploit public and in-the-wild.