Hackers Used Meta's AI Support Bot to Seize Instagram Accounts
The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions began circulating on Telegram showing how to trick Meta's "AI support assistant" bot into resetting account passwords. On May 31, word began to spread on several Telegram instant message channels that Meta's AI bot would happily add an email address to an existing account. READ MORE...
Russian spy agency says foreign spies turned officials' smartphones into surveillance devices
Russia's domestic spy agency says it has uncovered a sprawling foreign espionage operation that allegedly turned the smartphones of senior Russian officials into pocket-sized surveillance devices, though it has so far offered little in the way of evidence. In a statement Tuesday, the Federal Security Service (FSB) claimed foreign intelligence agencies implanted malware on the mobile devices of high-ranking Russian officials. READ MORE...
Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks
A threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and FakeUpdates techniques on compromised sites. Thousands of websites have been compromised in DriveSurge campaigns to redirect visitors to malware-delivery infrastructure, according to researchers at cybersecurity company SilentPush. ClickFix is a popular social engineering tactic that deceives victims into copying and executing malicious commands on their systems. READ MORE...
Android Update Patches Exploited Zero-Day, 123 Other Vulnerabilities
Google on Monday announced its latest Android update, which includes patches for 124 vulnerabilities, including a zero-day that has been exploited in targeted attacks. The exploited vulnerability is CVE-2025-48595, which Google describes as a high-severity privilege escalation issue affecting Android's Framework component. "There are indications that CVE-2025-48595 may be under limited, targeted exploitation," Google said in its advisory. READ MORE...
Sophos uncovers AI-powered malware lab built for EDR evasion
A threat actor used AI technologies to build a malware-testing framework for developing and refining endpoint detection and response (EDR) evasion techniques, according to Sophos. The investigation began after an anomalous endpoint in a customer environment triggered alerts tied to malicious payloads originating from a testing directory. The files pointed to a broader framework focused on evading detection. READ MORE...
Dozens of Red Hat packages backdoored through its official NPM channel
Official Red Hat NPM accounts have been compromised and used to push a malicious worm that spreads from machine to machine, where it pilfers sensitive credentials in hopes of stealing yet more confidential data, researchers said. The supply-chain attack began Monday and remained active at the time this post went live. It's the result of the threat actor taking control of a legitimate channel in the npm repository that's reserved for official Red Hat packages. READ MORE...
Anthropic shares Mythos with 150 more organizations, including critical infrastructure operators
Anthropic is significantly expanding the number of organizations that have access to its powerful Claude Mythos Preview AI model, a move that reflects growing interest in Mythos's vulnerability-hunting capabilities within government agencies and critical infrastructure sectors. The new organizations, which are based in more than 15 countries, include infrastructure operators in sectors that weren't represented in Project Glasswing's membership. READ MORE...
Attackers are exploiting Palo Alto Networks defect that initially flew under the radar
Researchers and threat hunters are scrambling to respond to an actively exploited authentication-bypass vulnerability affecting Palo Alto Networks customers' firewalls. The company initially tagged CVE-2026-0257 with a medium-severity rating when it disclosed the defect May 13, but quickly reassessed it as critical after Rapid7 observed and confirmed active exploitation in the wild. CISA followed suit, and added the vulnerability to its known exploited vulnerabilities catalog Friday. READ MORE...
- ...in 1865, the U.S. Civil War officially ends with the surrender of Gen. Edmund Kirby Smith, dissolving the last Confederate army.
- ...in 1935, Baseball Hall of Famer Babe Ruth ends his Major League playing career after 22 seasons.
- ...in 1953, Queen Elizabeth II is formally crowned monarch of the United Kingdom.
- ...in 1967, The Beatles album "Sgt. Pepper's Lonely Hearts' Club Band" is released in the US.
