Attackers exploited Meta’s AI support chatbot to reset Instagram passwords and hijack accounts without accessing victims’ email inboxes. Attackers abused Meta’s AI-powered support chatbot to reset Instagram passwords and hijack accounts without accessing victims’ email inboxes. The issue affected several users, including high-profile accounts, before Instagram fixed the flaw. Security researcher Jane Wong and other…
Tag: hijack
AI, Global Security News
Hackers Abused Meta’s AI Support Bot to Hijack Major Instagram Accounts
Hackers abused Meta’s AI support bot to hijack major Instagram accounts, bypassing security checks as videos showed the flaw before Meta fixed the issue.
Global Security News
Zero-Click pretalx XSS Flaw Lets Hackers Hijack Conference Organizer Accounts
pretalx XSS flaw lets attackers hijack conference organizer accounts, steal sessions, auto-accept talks, and demote admins. Patched in v2026.1.0.
Global Security News
FBI warns of Kali365 phishing service targeting Microsoft 365 accounts
The FBI is warning about the Kali365 phishing-as-a-service platform (PhaaS) that is used to hijack Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass multi-factor authentication (MFA). […]
Global Security News
FBI Warns of Kali365 Phishing Service Targeting Microsoft 365 Account
FBI warns of Kali365, a PaaS scam kit that lets cybercriminals bypass MFA and hijack Microsoft 365 accounts without passwords.
AI, Global Security News
Hugging Face Packages Weaponized With a Single File Tweak
A tokenizer library file present in Hugging Face AI models can be manipulated to hijack the model’s outputs and exfiltrate data.
AI, Exploits, Global Security News, Russia
Russian hackers hijack internet traffic using vulnerable routers
The Russian state cyber group APT28 has been compromising routers to hijack web traffic and spy on victims, the UK’s The National Cyber Security Centre (NCSC) has warned. Attackers are exploiting vulnerable routers to alter DHCP and DNS settings, redirecting traffic through servers they control. “We assess that APT28 is almost certainly the Russian General…
AI, Global Security News, malware
New AITM phishing wave hijacks TikTok Business accounts
A new AITM phishing campaign targets TikTok Business accounts to hijack them for malvertising, continuing tactics seen in earlier Google-themed scams. Push Security researchers uncovered a new wave of AITM phishing pages targeting TikTok for Business accounts, aiming to hijack them for malvertising. The campaign includes TikTok and Google-themed fake pages, showing links to previous…
AI, Global Security News
Zero Trust: Bridging the Gap Between Authentication and Trust
Passing MFA doesn’t mean a session is safe, attackers can hijack tokens and bypass identity checks. Specops Software explains why Zero Trust must verify both user identity and device health. […]
Exploits, Global Security News
Unpatched ScreenConnect servers open to attack (CVE-2026-3564)
ConnectWise has patched a critical vulnerability (CVE-2026-3564) that could enable attackers to hijack ScreenConnect sessions by abusing ASP.NET machine keys to forge trusted authentication. About CVE-2026-3564 The ScreenConnect remote access platform is popular with managed service providers, IT departments, and technology solution providers. They can opt for the cloud-hosted version or can deploy it on…
Global Security News, malware
New BeatBanker Android malware poses as Starlink app to hijack devices
A new Android malware named BeatBanker can hijack devices and tricks users into installing it by posing as a Starlink app on websites masquerading as the official Google Play Store. […]
Global Security News, Russia
Russian Hackers Target WhatsApp and Signal Accounts of Global Military and Government Officials
Dutch intelligence reveals Russian state hackers are trying to hijack the Signal and WhatsApp accounts of key targets
AI, Global Security News
Zero-Click FreeScout Bug Enables Remote Code Execution
Ox Security warns that Mail2Shell could enable threat actors to hijack FreeScout systems without user interaction
AI, Apps, Exploits, Global Security News, malware
Researchers discover suite of agentic AI browser vulnerabilities
Researchers have discovered multiple vulnerabilities that let attackers to quietly hijack agentic AI browsers. Researchers at Zenity Labs discovered these flaws, which affected multiple AI browsers, including Perplexity’s Comet. Before being patched, an attacker could exploit them via a legitimate calendar invite, using a prompt injection to force the AI browser to act against its…
AI, Global Security News, Network Security, Risk Management
Chrome security flaw enabled spying via Gemini Live assistant
A Google Chrome vulnerability lets malicious extensions hijack Gemini Live to spy on users and steal sensitive files. Researchers at Palo Alto Networks found a Chrome vulnerability, tracked as CVE-2026-0628, that could let malicious extensions take control of the Gemini Live AI assistant. By abusing the flaw, attackers could spy on users and exfiltrate sensitive…
AI, Global Security News
ClawJacked flaw exposed OpenClaw users to data theft
“ClawJacked” flaw let malicious sites hijack OpenClaw AI agents to steal data; patch released in version 2026.2.26. A high-severity vulnerability called ClawJacked in OpenClaw allowed malicious websites to brute-force and take control of local AI agent instances. Oasis Security discovered the flaw, which enabled silent data theft. OpenClaw addressed the issue with version 2026.2.26, released…
AI, Apps, china, Exploits, Global Security News, Government & Policy, malware
Notepad++ patches flaw used to hijack update system
Notepad++ patched a vulnerability that attackers used to hijack its update system and deliver malware to targeted users. Notepad++ fixed a vulnerability that allowed a China-linked APT group to hijack its update mechanism and selectively push malware to chosen targets. In early February, the Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider’s infrastructure,…
Global Security News
Supply Chain Attack Embeds Malware in Android Devices
Keenadu downloads payloads that hijack browser searches, commit ad fraud, and execute other actions without user knowledge.
AI, Apps, Breaking News, china, Endpoint, Exploits, Global Security News, hacking, malware, Mobile, Network Security, Security
DKnife toolkit abuses routers to spy and deliver malware since 2019
DKnife is a Linux toolkit used since 2019 to hijack router traffic and deliver malware in cyber-espionage attacks. Cisco Talos found DKnife, a powerful Linux toolkit that threat actors use to spy on and control network traffic through routers and edge devices. It inspects and alters data in transit and installs malware on PCs, phones,…
AI, Global Security News, linux, malware, Security
DKnife Linux toolkit hijacks router traffic to spy, deliver malware
A newly discovered toolkit called DKnife has been used since 2019 to hijack traffic at the edge-device level and deliver malware in espionage campaigns. […]
AI, Cybersecurity, Data Breaches, Global Security News, privacy
Poisoned Calendar invites, ChatGPT, and Bromide
A poisoned Google Calendar invite that can hijack your smart home, a man is hospitalised after ChatGPT told him to season his food with… pesticide, and some thoughts on Superman’s latest cinematic outing. All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley, joined this…
AI, Compliance, Cybersecurity, Global Security News, privacy
Choo Choo Choose to ignore the vulnerability
In episode 426 of the “Smashing Security” podcast, Graham reveals how you can hijack a train’s brakes from 150 miles away using kit cheaper than a second-hand PlayStation. Meanwhile, Carole investigates how Grok went berserk, which didn’t stop the Department of Defense signing a contract with Elon’s AI chatbot. So who is responsible when your…