// Latest Report
Latest · June 8, 2026
Meta High Touch Support AI Chatbot Exploitation — 20,225 Instagram Accounts Hijacked via Password Reset Bypass
Unattributed operators discovered Meta's HTS AI-powered account recovery tool failed to validate whether the requestor's email matched the account owner's, dispatching valid password reset links to attacker-controlled inboxes. High-profile accounts (Obama White House, Sephora, US Space Force) were compromised and listed on dark web markets. Confirmed by Meta's June 8 disclosure to the Maine Attorney General's Office: 20,225 accounts potentially affected. No IOCs available — attack leveraged Meta's own infrastructure. Priority action: enable 2FA on all brand and enterprise social media accounts immediately.
1
High
1
Phishing
0
IOC Sets
—
Actors
// All Reports — Most Recent First
June 8, 2026
● New
Threat
Meta HTS AI Chatbot — 20,225 Instagram Accounts Hijacked via Password Reset Bypass
0
Critical
1
High
0
IOC Sets
1
Findings
June 5, 2026
Threat
Cisco SD-WAN Zero-Day + SolarWinds Serv-U DoS — Active Exploitation Campaigns Confirmed
0
Critical
2
High
1
IOC Sets
2
Findings
June 2, 2026
Threat
Device Code Phishing Surge — EvilTokens / Tycoon2FA PhaaS Pivot + Gemini IPI Disclosure
1
Critical
1
High
2
IOC Sets
2
Findings
May 21, 2026
Threat
Storm-2949 Azure Cloud Exfiltration · Tycoon2FA OAuth Device Code Pivot
1
Critical
2
High
3
IOC Sets
3
Findings
May 20, 2026
Threat
CloudZ RAT Abuses Windows Phone Link · QR Code Quishing Wave Targets Finance Sector
0
Critical
2
High
1
IOC Sets
2
Findings
May 19, 2026
Threat
Microsoft Reveals AiTM "Code of Conduct" Campaign — 35,000 Users Across 13,000 Orgs
1
Critical
1
High
2
IOC Sets
2
Findings
May 18, 2026
Threat
TA4903 BEC Campaign · Fox Tempest Malware Signing via MSaaS Platform
0
Critical
3
High
2
IOC Sets
3
Findings