Meta’s AI has shown that the weakest link in your cybersecurity could be a very gullible chatbot. A massive logical flaw was just exposed in Meta’s AI-powered Instagram account recovery assistant. Hackers didn't have to intercept SMS codes or crack passwords. Instead, they simply talked the AI into bypassing two-factor authentication for them. Within minutes, highly valuable Instagram handles were stolen and flipped on Telegram. Even prominent researchers and the dormant Obama White House account fell victim to the exploit.

Meanwhile, Facebook’s legal attacks are literally silencing its critics, a developer is laying booby traps for vibe coders, and you should be thinking twice before pasting code into any LLM.

Subscribe to this newsletter

A logical flaw in Meta’s AI-powered Instagram account recovery assistant let attackers bypass two-factor authentication entirely not by cracking a code or intercepting an SMS, but by talking the chatbot into doing the work for them. High-value “OG” Instagram handles worth hundreds of thousands of dollars were stolen and resold on Telegram within minutes of each compromise. The dormant Obama White House account got hijacked. Prominent researchers woke up locked out of their own profiles.
https://thecybersecguru.com/news/instagram-meta-ai-vulnerability-account-recovery-exploit/

A lightweight Python web framework called Starlette carried a high-severity vulnerability which could allow malicious actors to exfiltrate sensitive data from millions of AI agents, experts have warned. Some researchers are even suggesting current descriptions of the flaw don’t do it justice as it is one of the bigger and potentially more disruptive flaws in recent times.
https://www.techradar.com/pro/security/worrying-open-source-security-issue-badhost-could-affect-millions-of-ai-agents-experts-warn

Facebook whistleblower Sarah Wynn-Williams was forced to sit in silence on stage at an event at Hay festival, after lawyers advised her not to speak because of ongoing legal action brought by Meta.
https://www.theguardian.com/technology/2026/may/31/meta-legal-action-forces-facebook-whistleblower-to-stay-silent-at-hay-festival

On May 27, 2026, OX Security researchers identified a malicious npm package, mouse5212-super-formatter, designed to exfiltrate files from /mnt/user-data, the directory Anthropic's Claude AI uses to handle user uploads and outputs. The package had an estimated 676 downloads before detection. The attacker embedded their own GitHub private token in the package source; OX Security used it to attribute the account, which was subsequently deleted. As of the OX Security report, the package remained available on npm.
https://elephas.app/resources/claude-npm-user-data-exfiltration

Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique, named FROST (fingerprinting remotely using OPFS-based SSD timing), allows sites to monitor other sites a visitor is viewing and what apps are open on their devices. The technique, laid out in a research paper, exploits a side channel, a form of leak resulting from physical manifestations such as electromagnetic emanations, data caches, or the time required to complete a task. By measuring the manifestations, attackers can decrypt encrypted traffic and infer other confidential data.
https://arstechnica.com/security/2026/05/websites-have-a-new-way-to-spy-on-visitors-analyzing-their-ssd-activity/

https://hannesweissteiner.com/pdfs/frost.pdf

Johannes Link embedded a prompt injection attack in jqwik 1.10.0, a widely used Java testing library. Concealed with ANSI escape sequences, the instruction directed AI coding agents to silently delete all jqwik tests and source files from any project running it. Any automated pipeline pulling the updated Maven dependency would execute the deletion, no additional exploit required.
https://aiweekly.co/alerts/johannes-link-hides-code-deleting-trap-in-jqwik-1100

Authorities in the Netherlands said they dismantled a botnet that comprised more than 17 million devices and were managed by 200 servers in a joint operation by the police and the National Cyber Security Center. “The police then seized several botnet servers from a hosting provider for investigation,” the NCSC said. “The botnet was taken offline by the provider because it was used for criminal purposes.”
https://arstechnica.com/security/2026/05/botnet-of-more-than-17-million-devices-dismantled/

Between late February and March 2026, threat group TeamPCP conducted a highly calculated, escalating sequence of supply chain threats. It systematically compromised widely trusted open-source security tools, including the vulnerability scanners Trivy and KICS and the popular AI gateway LiteLLM. The affected software also includes the official Python SDK of Telnyx. These ongoing supply chain attacks injected malicious infostealer payloads directly into GitHub Actions and Python Package Index (PyPI) registries. Once executed during routine automated workflows, the malware silently extracts highly sensitive data. These attacks also establish persistent backdoors for lateral movement across clusters.
https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/

Every time someone pastes their code or config files into LLMs to debug something, or to review code, they assume the conversation stays between them and the AI. But it doesn't. Any extension installed in your browser can read that conversation. All of it and In real time without you knowing.
https://thewhiteh4t.github.io/blog/ai-chat-llmreaper/

Palo Alto Networks is warning that hackers are now exploiting a PAN-OS GlobalProtect authentication bypass flaw, tracked as CVE-2026-0257, in attacks attempting to breach corporate networks. The company fixed the CVE-2026-0257 flaw earlier this month, warning that it could be used to establish unauthorized VPN connections on the device. "GlobalProtect portal and gateway of Palo Alto Networks PAN-OS software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection," reads Palo Alto's advisory.
https://www.bleepingcomputer.com/news/security/palo-alto-globalprotect-vpn-auth-bypass-flaw-now-exploited-in-attacks/

On 2026-05-11 between 19:20 and 19:26 UTC, an attacker published 84 malicious versions across 42 @tanstack/* npm packages by combining: the pull_request_target "Pwn Request" pattern, GitHub Actions cache poisoning across the fork↔base trust boundary, and runtime memory extraction of an OIDC token from the GitHub Actions runner process. No npm tokens were stolen and the npm publish workflow itself was not compromised.
https://tanstack.com/blog/npm-supply-chain-compromise-postmortem

The U.S. Food and Drug Administration is building a new regulatory framework for artificial intelligence and machine learning in medical software. This article argues that the FDA’s evolving approach extends beyond a compliance issue for technology developers; it is a market-shaping force that will change how healthcare providers buy, deploy, and govern AI-enabled tools.
https://www.pymnts.com/cpi-posts/beyond-the-algorithm-how-lifecycle-regulation-is-building-entry-barriers-and-concentrating-the-healthcare-ai-market/

OpenZeppelin CEO Manuel Araoz has raised concerns about AI agents undermining contract security in DeFi. He noted these tools are now 'superhuman' at finding smart contract vulnerabilities. DeFi’s total value locked has fallen over $20 billion since January, with more than $1.1 billion stolen in hacks over the past year. Araoz pointed to the imbalance in blockchain security, where attackers only need one exploit while defenders must fix all bugs. Anthropic’s restricted Claude Mythos model can autonomously detect and weaponize flaws faster than current tools. The warning highlights the need for stronger contract security, including formal verification, bug bounties, and runtime monitoring.
https://www.kucoin.com/news/flash/openzeppelin-ceo-warns-ai-agents-pose-new-threat-to-defi-security

Meta plans to expand its smart glasses lineup and internally test a new AI pendant, according to an internal memo. The devices will run on Meta's AI model Muse Spark and an unreleased AI agent called Hatch.Meta is also going after corporate customers with a "Wearables for Work" offering and plans to add more eyewear brands to its lineup.
https://the-decoder.com/metas-leaked-memo-reveals-ai-pendant-supersensing-glasses-and-enterprise-wearables-strategy/

A critical authentication bypass vulnerability in Palo Alto Networks PAN-OS and Prisma Access is now being actively exploited in the wild, prompting CISA to add CVE-2026-0257 to its Known Exploited Vulnerabilities (KEV) catalog on May 29, 2026.
https://cyberpress.org/pan-os-globalprotect-authentication-bypass/

The FBI has issued an advisory warning about a phishing-as-a-service platform that has recently emerged, which can hijack Microsoft 365 accounts without ever stealing a password. And it has no difficulty waltzing past MFA while it's at it. Kali365 is a subscription service for scammers that was first spotted in April 2026, and has been promoted largely through Telegram.
https://www.bitdefender.com/en-us/blog/hotforsecurity/fbi-kali365-phishing-kit-breaks-microsoft-365-accounts-no-password-required

Microsoft is facing criticism for its handling of zero-day exploits. Someone going by the name Nightmare Eclipse has been publicly feuding with the company, posting proof-of-concept exploit code. Some of their posts suggest that they’re a disgruntled former employee. But what caught cyber security researcher Kevin Beaumont’s eye was how Microsoft has responded. Microsoft suggests it plans to bring a criminal case against Nightmare Eclipse for failing to follow “proper coordination” in disclosing vulnerabilities.
https://www.theverge.com/tech/940416/microsoft-nightmare-eclipse-zero-day-vulnerability

Cruise operator Carnival confirmed on Wednesday that hackers stole personal information, including passport and driver's license details, in an April cyberattack claimed by the ShinyHunters hacking group. The company said the threat actor gained access to a limited portion of its IT environment last month after compromising an employee account. By the end of April, Carnival determined that the attacker had copied personal information from its systems.
https://therecord.media/cruise-giant-carnival-confirms-data-breach-affecting-6-million

A Russian-speaking group called GreyVibe operating in the Moscow time zone has been using AI platforms such as Ideogram AI, ChatGPT, and Google Gemini to launch attacks, underscoring the use by threat actors of commonly used AI tools. In a May 28 blog post, WithSecure researchers said the threat group uses custom-developed obfuscators generating fake content to drop loaders and malware that attacks military, government, civilian, and business organizations in the Ukraine across five common attack chains: PhantomMail, PhantomClick, Princess Club, DroneLink, and Nebo.
https://www.scworld.com/news/ai-helps-russian-speaking-greyvibe-run-five-parallel-attack-chains-on-ukrainian-targets

North Korea-linked threat actors are using fake job scams to distribute malware through a self-propagating "contagious interview" technique, where a compromised developer's repository acts as a worm-like infection vector. The attack spreads remote access Trojans (RATs) and other malware without requiring additional user interaction. The campaign leverages social engineering tactics, including fraudulent job offers, to trick victims into executing malicious payloads. No specific dates, CVE IDs, or technical indicators (e.g., malware names, affected systems) were disclosed in the reported details. The primary impact involves unauthorized access, data exfiltration, and potential lateral movement within compromised networks.
https://www.cyberhub.blog/article/24592-north-korea-uses-self-propagating-contagious-interview-malware-in-fake-job-scams

According to monitoring conducted by the ThreatMon Threat Intelligence Team, the AiLock ransomware operation has publicly listed Schneebeli among its latest victims. While limited technical details have been released regarding the alleged compromise, the announcement highlights the persistent threat posed by modern ransomware groups operating within dark web environments. The disclosure surfaced on June 1, 2026, as part of ongoing threat intelligence tracking of ransomware leak sites and underground criminal infrastructure. Such public victim listings have become a common tactic used by ransomware gangs to pressure organizations into negotiations, increase reputational damage, and demonstrate the effectiveness of their operations.
https://undercodenews.com/a-darkweb-threat-actor-claims-schneebeli-as-new-victim-in-expanding-ailock-ransomware-campaign-video/?utm_source=bluesky&utm_medium=jetpack_social