Hackers Abused Meta’s AI Support Bot to Hijack Major Instagram Accounts
Hackers abused Meta’s AI support bot to hijack major Instagram accounts, bypassing security checks as videos showed the flaw before Meta fixed the issue.
Hackers abused Meta’s AI support bot to hijack major Instagram accounts, bypassing security checks as videos showed the flaw before Meta fixed the issue.
Um relatório divulgado pela empresa brasileira DANRESA revelou que a campanha fraudulenta do álbum da Copa do Mundo FIFA 2026 opera como um ecossistema econômico maduro, abusando de servidores de nuvem legítimos e utilizando empresas intermediárias de fachada para lavar dinheiro …
Golpes bancários foram alvos da Operação Linha Fantasma, deflagrada pela Polícia Federal (PF) nesta terça-feira (2). A ação mira no esquema da “falsa central telefônica”, que aborda vítimas através do envio de mensagens com um alerta de compra suspeita e um número 0800 para supos…
CISA has ordered government agencies to secure their systems against a high-severity Oracle WebLogic Server vulnerability that was patched two years ago and is now actively exploited in attacks. [...]
GoDaddy researchers found WordPress malware using Steam Community profile comments to hide encoded command and control data, with nearly 1,980 sites affected.
AI-driven exploitation timelines are rapidly shrinking, and they are not going to stop shrinking. Vulnerabilities are being discovered, reproduced, and weaponized faster than ever in the history of enterprise security. As a result, the window between a vulnerability being disclos…
Configurações inseguras em contêineres estão abrindo caminho para cibercriminosos comprometerem ambientes Docker e Kubernetes, com risco de escape para o sistema hospedeiro e controle de recursos críticos da infraestrutura. O problema não está apenas em falhas de software, mas em…
Google has released the June 2026 Android security patches to address 124 vulnerabilities, including one zero-day flaw exploited in targeted attacks. [...]
Data breaches have been announced by Bridle Trails Family Dentistry, Verber Dental Group, and Bronsky Orthodontics. Across the three incidents, […] The post Patient Data Exposed in Cyberattacks on Dental Practices appeared first on The HIPAA Journal.
Cybersecurity researchers have disclosed details of a spear-phishing campaign likely undertaken by the Pakistan-aligned SideCopy group targeting Afghanistan's Ministry of Finance with an open-source remote access trojan called Xeno RAT. "The campaign opens with a spear phishing …
A vulnerabilidade CVE-2026-8732 (CVSS de 9.8) do plugin WP Maps Pro permite que atacantes não autenticados criem contas administrativas e assumam o controle total de sites WordPress afetados, conforme alerta publicado ontem pela empresa de segurança Defiant. A empresa afirma ter …
A agência de cibersegurança dos EUA (CISA) adicionou ontem a vulnerabilidade CVE-2026-0257 (CVSS de 7.8) do PAN-OS, da Palo Alto Networks, ao seu catálogo de vulnerabilidades conhecidas exploradas (KEV). A falha afeta os componentes GlobalProtect portal e gateway, permitindo que …
A threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and FakeUpdates techniques on compromised sites. [...]
Mais da metade das campanhas no último ano concentraram-se em escolas de treinamento para transporte marítimo e fluvial, além de atingirem energia, finanças e serviços diplomáticos russos, conforme pesquisa publicada ontem. Os ataques começaram com e-mails de phishing contendo ar…
More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware, dubbed "Miasma." [...]
Pricey Instagram handles were stolen and resold before Meta patched the exploit.
Anyone who has downloaded affected Red Hat packages should investigate immediately.
After a disgruntled security researcher published several zero-day exploits in recent weeks, Microsoft seemingly indicated criminal charges were in order.
When a predator contacts a child through an online platform, the details of how it happened often expose…
A new Mini Shai-Hulud supply chain attack campaign, codenamed Miasma, has compromised @redhat-cloud-services packages to steal credentials and secrets from developer machines and deliver a self-propagating worm. "This is effectively a Mini Shai-Hulud campaign: it uses the same c…