Cyber Security News

Hacking Editorial Brief — June 4, 2026

Meta AI Chatbot Exploited to Hijack Instagram Accounts

Threat actors have successfully exploited Meta's AI-powered customer support chatbot to gain unauthorized access to Instagram accounts by manipulating the automated assistant into changing account email addresses without proper identity verification. The attack method involves social engineering the AI chatbot during the account recovery process, bypassing traditional security controls. Multiple high-profile Instagram accounts were compromised through this technique, which exploits weaknesses in AI-assisted support workflows that lack adequate authentication safeguards. The incident highlights a new attack surface as companies increasingly deploy AI chatbots for sensitive account management functions without implementing sufficient verification mechanisms to prevent manipulation.

Active Exploitation of Trend Micro Apex One Zero-Day

CISA added CVE-2026-34926 to its Known Exploited Vulnerabilities catalog following confirmed active exploitation of a directory traversal vulnerability in Trend Micro Apex One. The agency set a June 4 patching deadline for federal agencies, indicating threat actors are currently leveraging this zero-day in ongoing attack campaigns. Separately, attackers exploited a one-click vulnerability in GitHub's development environment to extract full OAuth tokens, granting complete repository access. Microsoft confirmed the GitHub.dev flaw has been mitigated following disclosure. Additionally, a new malspam campaign is abusing Google DoubleClick infrastructure to deliver DesckVB RAT, utilizing dynamic personalization that incorporates victim email addresses during payload delivery to evade detection systems.

Sources: The Next Web · The Hacker News · The Hacker News · Bleeping Computer