Tag: account takeover
58 articles

Zoom Patches Flaw That Could Enable Account Takeover
Zoom just patched a critical security flaw that could let hackers hijack your account - and you need to update your software ASAP to stay safe! This vulnerability, tracked as CVE-2026-53412, could allow anyone on your network to take over your Zoom account.

Zoom Discloses High-Severity Account Takeover Vulnerability
Zoom has warned users of a high-severity vulnerability in its Windows desktop client and software development kit that could let hackers hijack accounts without authentication. This critical flaw, tracked as CVE-2026-53412, has a severity score of 9.8 out of 10.

Account Takeover Attacks Target Verification Step as New Battleground
As more people and companies switch to passkeys, a new battleground emerges in the fight against account takeover attacks - the verification step. Attackers are now targeting these previously trusted processes, like account recovery and device re-enrollment, to gain control of accounts.

Banks Expose Accounts to Thieves by Making MFA Optional
Leaving multi-factor authentication optional has left countless bank accounts vulnerable to theft, with devastating consequences - just ask the 84-year-old victim who lost nearly $30,000 when thieves exploited this security gap. By making MFA optional, banks are inadvertently rolling out the red carpet for thieves.

Texas Hunting License Data Breach Exposes Millions
A recent data breach at the Texas Parks and Wildlife Department may have exposed over three million hunting and fishing license customers, putting sensitive information like driver's license numbers and passport data at risk of being used for account takeover, synthetic identity fraud, and targeted phishing. This breach is just the beginning, as stolen data can be used for a range of malicious activities.

Threat Actors Monetize Stolen Credentials with Searchable Underground Services
Cybercriminals are cashing in on stolen credentials with a new breed of underground services that allow buyers to search and purchase specific, verified login details. This emerging market acts as a middleman between hackers who steal sensitive info and those who want to use it to take over accounts.

phpBB Flaw Enables Instant Account Takeover
A single HTTP request can give an attacker instant access to any user's account, including administrator accounts, without needing a password - a vulnerability rated 9.4 on the CVSS scale that's affecting phpBB versions up to 3.3.16 and 4.0.0 alpha.

Meta Exposes Flaw in AI Support System Used to Hijack 20,000 Instagram Accounts
Meta revealed that over 20,000 Instagram accounts were hijacked after attackers exploited a vulnerability in its AI-powered support system, allowing them to reset passwords and gain unauthorized access. The flaw was found in a system called High Touch Support, an AI-assisted account recovery tool designed to help users regain control of their accounts.

Meta's AI Chatbot Exposed to Account Takeover Vulnerability
A recent vulnerability in Meta's AI chatbot has raised red flags about the security of LLM chatbots, which can be exploited through various tactics that are difficult to block. This alarming weakness was demonstrated in a video showing an attacker taking over an Instagram account by simply interacting with Meta's AI support chatbot.
Meta AI Exploited to Hijack High-Value Instagram Accounts
A shocking security breach has hit Instagram, where hackers exploited Meta's AI-powered support system to hijack high-value accounts, leaving users helpless and zero humans in the loop to fix the issue. Attackers cleverly tricked Meta's AI into thinking they were the legitimate owners by using an AI-generated video, bypassing automated checks and taking control of rare or valuable accounts.

Hackers Exploit Meta's AI Bot to Hijack Instagram Accounts
This weekend, hackers exploited a vulnerability in Meta's AI-powered customer support tool to hijack high-profile Instagram accounts, highlighting the platform's notoriously poor human support infrastructure. A simple sequence of steps, documented in a video circulated on Telegram, allowed attackers to add a new email address to an account and seize control.

Zapier Fixes Bug Chain That Exposed Millions to Account Takeover Risk
A security firm recently uncovered a chain of five weaknesses in popular workflow automation service Zapier that could have put millions of users at risk of account takeover - and thankfully, the issue has now been fixed. The vulnerabilities were surprisingly easy to exploit, requiring only a free Zapier account to potentially gain unauthorized access to user accounts.

FBI Warns of Kali365 Phishing Service Targeting Microsoft 365 Accounts
Beware of Kali365, a sneaky phishing service that's hijacking Microsoft 365 accounts by exploiting a legitimate authentication flow - and it's happening fast, with the platform emerging as recently as April 2026. This clever trick uses a short code to trick victims into handing over control of their accounts.

GoDaddy Domain Transfer Exposes Non-Profit to Security Risks
A shocking security breach occurred when a 27-year-old domain was transferred from a GoDaddy account to another customer without any authentication checks, putting a non-profit at risk. The alarming transfer was completed in just four minutes, raising serious concerns about GoDaddy's domain transfer process.

Multifaceted Phishing Scheme Stunningly Damages Bitpanda
Thousands of Bitpanda users are reeling after a sophisticated phishing campaign spun up convincing lookalike sites—with disposable domains and SSL certificates—to harvest credentials and fuel criminal markets. The attack shows how industrialized phishing‑as‑a‑service turns takedown efforts into whack‑a‑mole, leaving customers, companies and regulators scrambling to restore digital trust.

Chrome extensions Exclusive: Malicious AI steal API keys
Before you add that shiny AI assistant to Chrome, pause: researchers found 30+ extensions secretly siphoning API keys, emails and other sensitive data from hundreds of thousands of users. What promised convenience turned into a fast track for credential theft and account takeover.

Password Reuse: Exclusive Risks of Effortless Workarounds
Password reuse is the digital equivalent of leaving a master key under the mat—effortless workarounds and recycled credentials give attackers a straightforward path to account takeover. Even helpful conveniences like autofill and brittle browser extensions can betray reused passwords, turning everyday browsing into a security shortcut.

FBI Issues Critical Alert on Dangerous QR Phishing
Dont let a quick scan be your undoing: the FBI warns that QR-enabled spear-phishing is turning everyday convenience into a precision tool for state-backed espionage, tricking victims into handing over credentials or approving authentications that give attackers persistent access.

Rey Exclusive: Inside the Best Scattered Lapsus$ Admin
When a reporter called his father and unmasked Rey, the public face of Scattered LAPSUS$ Hunters, it upended a group built on anonymity and exposed how social‑engineering, account takeovers and micropaid crowds power a new, scalable extortion playbook. The fallout forces a rare reckoning about motive, accountability—and the practical fixes defenders and regulators can’t ignore.

Android TV streaming box: Exclusive Dangerous botnet alert
Think twice before buying a bargain Android TV streaming box—some models quietly turn your home network into a botnet relay, routing illicit traffic that can slow your connection, invade your privacy and even expose you to legal risk. Here’s what to watch for so convenience doesn’t end up costing you more than you bargained for.

Android TV Streaming Box Danger: Exclusive Security Alert
If it sounds too good to be true, it probably is — investigative reporting reveals Superbox firmware can turn your Android TV into a hidden internet relay, exposing your home network to fraud and account-takeover schemes.

630M Passwords Stolen: Stunning, Alarming Credential Cost
Some 630 million passwords have been leaked to criminal marketplaces — a stark reminder that passwords are no longer sacred. Now’s the moment to stop reusing credentials, enable MFA, and push for faster detection and smarter defenses.

French Football Federation Exclusive: Damaging Data Breach
Imagine names, birthdates and contact details for more than two million amateur players suddenly exposed — that’s the frightening possibility tied to a suspected breach at the French Football Federation. Players and parents should be on alert for phishing and scams while the federation works to lock down access and notify those affected.

FBI Exclusive: Stunning $262M Costly Account Takeovers
Imagine waking to find your bank account emptied by someone who cloned your bank’s site — the FBI says over $262M has been lost to account takeover scams since January 2025. Learn how phishing, credential stuffing and fake reporting pages let criminals turn stolen logins into instant cash — and what you can do to stop them.