Over 20,000 Instagram accounts stolen in Meta AI support hack
Meta has revealed that over 20,000 Instagram users had their accounts hijacked in a recent incident where attackers used Meta’s AI-powered support system to reset passwords.…
Month: June 2026
Multiple VMware Stored XSS Vulnerabilities Allow Attackers to Inject Malicious Scripts
Broadcom has disclosed three stored cross-site scripting (XSS) vulnerabilities affecting VMware Cloud Foundation Operations and several related products, warning that authenticated attackers could inject malicious…
All the Ways Europe Is Ditching American Technology
Europe is done with American Big Tech. Well, sort of. Since the start of President Donald Trump’s chaotic second administration last year, concerned governments and…
Instagram Patches Account Recovery Flaw Leaking User Contact Information
A critical logic flaw in Instagram’s web-based account recovery workflow exposed unredacted user contact information, including full email addresses and phone numbers, before Meta rapidly…
DockSec: Open-source AI-powered Docker security scanner
DockSec is an OWASP Incubator Project that combines three container security scanners with a language-model layer for explanation and remediation. Created by Advait Patel, the…
A week in security (June 1 – June 7)
Last week on Malwarebytes Labs: Stay safe! Let’s face it, an incognito window can only do so much. Breaches, dark web trading, credit fraud. Malwarebytes Identity Theft…
VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks
Ravie LakshmananJun 08, 2026Software Supply Chain / Malware Microsoft has announced that Visual Studio Code (VS Code) will apply a two-hour delay before extensions for…
CVE-2026-20245 Exposes Cisco SD-WAN Networks To Risk
Cisco has issued an urgent warning that a high-severity vulnerability in its Catalyst SD-WAN Manager platform is being actively exploited in the wild—and no patch…
Meta Says 20,000 Instagram Accounts Hacked via AI Tool Abuse
Meta says roughly 20,000 Instagram accounts may have been hacked in a recent attack abusing an AI-powered account recovery support tool. Hackers compromised many Instagram…
Phishing, Office 365 and the Commercialization of Cybercrime
We are no longer battling against the classic Hollywood depiction of cyber criminals. Hackers are now acting at the same maturity level as leading software…
Silent Ransom Group targets law firms with fake IT support calls
The Silent Ransom Group extortion gang is actively targeting U.S. law firms and professional services organizations in social engineering attacks that often lead to data…
Hackers Can Hijack Claude Code MCP Traffic to Steal OAuth Tokens
A five-step attack chain that silently redirects Claude Code’s Model Context Protocol (MCP) traffic through attacker-controlled infrastructure, intercepting OAuth bearer tokens that grant persistent, broadly…