Hackers duped Meta AI support chatbot to steal celebrity Instagram accounts
… Such accounts can be valuable even if hackers hold them for just a few days because of “clout, resale or brand impersonation,” the security blog reported. …
Search
Can't make sense of Dashlane's vault theft notification? You're not alone.
… Dashlane doesn’t explicitly say it placed a rate limit on the number of submissions a user can make, although it appears likely based on language in the advisory saying “Because of the high volume of attempts on user accounts, Dashlane’s security controls automatically locked accounts that were tar… …
Dozens of Red Hat packages backdoored through its official NPM channel
… OIDC is a security measure designed to interact with cloud services through the use of temporary credentials. …
Millions of AI agents imperiled by critical vulnerability in open source package
Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to breach the servers running them and make off with sensitive data and credentials to third-party accounts, a security researcher is warning. …
Secret CISA credentials found in public GitHub repo
Security researcher Brian Krebs brings us the news that America’s Cybersecurity & Infrastructure Agency CISA has had a large store of plaintext passwords, SSH private keys, tokens, and “other sensitive CISA assets” exposed in a public GitHub repo since at least November 2025. …
Spooked by Mythos, Trump suddenly realized AI safety testing might be good
… And to ensure that evaluators understand top national security concerns as they emerge across government, a “group of interagency experts” has formed a task force “focused on AI national security concerns,” CAISI said. …
For the 2nd time in weeks, Microsoft packages laced with credential stealer
… The Microsoft GitHub account compromised in the May attack is the same one used late last week. The explanation for this double compromise isn’t currently known. It may mean that Microsoft failed to fully change credentials for the account. …
Linux bitten by second severe vulnerability in as many weeks
… Once the exploits run, attackers can use SSH access, web-shell execution, or container escapes, or compromise low-privilege accounts. “Dirty Frag is notable because it introduces multiple kernel attack paths involving rxrpc and esp/xfrm networking components to improve exploitation reliability,” Mi… …
Twin brothers wipe 96 gov't databases minutes after being fired
… Five minutes later, Sohaib was already trying to access his now former employer’s network—but found that his VPN access and Windows account were terminated. Muneeb’s account had been overlooked, however, and he immediately embarked on a campaign of destruction. …
FBI agent explains how easy it is to ID people posting AI porn without consent
… That second account was linked to Hernandez’s PayPal account, the complaint said, and an IP address often used to log in to it was the same IP that Hernandez’s Apple records showed he’d used to log in to his iCloud. …