Cyber Security News

Hacking Editorial Brief — June 2, 2026

Meta AI Chatbot Exploited for Instagram Account Takeovers

Meta has patched a critical vulnerability in its AI support chatbot that allowed threat actors to hijack high-profile Instagram accounts through social engineering prompts. Attackers manipulated the chatbot into adding attacker-controlled email addresses to target accounts, requesting password reset codes, and providing reset links—all without requiring access to the victim's original email. Compromised accounts include the Obama-era White House Instagram profile and numerous premium accounts. Videos circulating online demonstrate attackers using simple conversational prompts to instruct Meta AI to perform these account modifications. Meta confirmed the issue has been resolved and is working to secure affected accounts, though the scope of the campaign and total number of compromised accounts remains unclear. The incident highlights emerging attack surfaces created by AI-powered customer support systems with excessive permissions.

DriveSurge Campaign Deploys Mass Malware Distribution

A threat actor tracked as DriveSurge is conducting large-scale malware distribution campaigns by compromising thousands of websites and weaponizing them with ClickFix and FakeUpdate attack techniques. The campaign leverages hijacked legitimate sites to serve malicious payloads disguised as software updates or required user actions, redirecting visitors to attacker infrastructure. Both ClickFix social engineering and FakeUpdate browser exploitation methods have proven effective at achieving code execution on victim systems. The widespread site compromise indicates either automated exploitation of common vulnerabilities or access to compromised credentials across hosting platforms.

Sources: Yahoo Finance · Bleeping Computer · Engadget · The Next Web