Cyber Security News

A critical logic bug in Instagram’s web-based password reset flow on June 6, 2026, exposed unredacted email addresses and phone numbers associated with user accounts, including those belonging to high-profile individuals such as Meta CEO Mark Zuckerberg and model Georgina Rodriguez. Instagram’s parent company Meta deployed an emergency hotfix within hours of the disclosure, but The post Instagram Fixes Password Reset Flaw That Exposes User Emails and Phone Numbers appeared first on Cyber Security News.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Linux kernel vulnerability, tracked as CVE-2022-0492, to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is being actively leveraged in real-world attacks. The issue, categorized as improper authentication, affects Linux systems using the cgroups v1 release_agent feature and may allow attackers The post CISA Warns of Linux Kernel Improper Authentication Vulnerability Exploited in Attacks appeared first on Cyber Security News.

OpenAI has released ChatGPT Lockdown Mode, a new security feature designed to limit outbound network access and reduce the risk of data exfiltration from prompt-injection attacks. The feature is now available to eligible personal accounts, self-serve ChatGPT Business users, and managed enterprise workspaces. Prompt injection, where malicious instructions are embedded in content processed by an The post New ChatGPT Lockdown Mode to Mitigate Prompt Injection and Data Exfiltration Attacks appeared first on Cyber Security News.

Free apps available on Samsung, LG, Roku, and other major smart TV platforms have been quietly enrolling millions of living room devices into a commercial residential proxy network used to scrape web data for AI training all through a consent dialog buried in a TV remote’s arrow-key navigation, according to new research from Include Security. The post Free Apps on Samsung and LG Smart TVs Secretly Turning Your Devices Into AI Proxies appeared first on Cyber Security News.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical SolarWinds Serv-U vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that threat actors are actively exploiting the flaw in the wild. Tracked as CVE-2026-28318, the vulnerability affects SolarWinds Serv-U file transfer software and enables unauthenticated attackers to crash the service through specially The post CISA Warns of SolarWinds Serv-U Vulnerability Exploited in Attacks appeared first on Cyber Security News.

Last year, a botnet hurled 31.4 Tbps of junk traffic at a single target—enough data to stream every Netflix movie at once. The record-shattering flood forced boards, regulators, and cloud teams to ask one question: are we sure our defenses work when the internet turns hostile? That’s where safe, controlled DDoS simulations come in. By The post Top 5 Best Tools for Simulated DDoS Attacks in 2026 appeared first on Cyber Security News.

A newly disclosed critical vulnerability in the HuggingFace Transformers library, tracked as CVE-2026-4372, allows attackers to achieve remote code execution (RCE) through malicious model configuration files. The flaw exposes a significant supply chain risk in one of the most widely used machine learning frameworks, impacting developers, enterprises, and AI pipelines globally. The vulnerability stems from The post Critical Hugging Face Transformers Vulnerability Enables Remote Code Execution Attacks appeared first on Cyber Security News.

CVE Lite CLI is a free, open-source vulnerability scanner officially recognized as an OWASP Incubator Project, designed to bring dependency security directly into developers’ terminals rather than leaving it buried in CI pipelines. Maintained by Sonu Kapoor and backed by the same organization behind the OWASP Top 10, the tool addresses a longstanding gap in The post OWASP CVE Lite CLI – New Tool to Scan for Vulnerabilities in Your Projects appeared first on Cyber Security News.

Anthropic’s Claude platform suffered a significant service disruption on June 5, 2026, with elevated error rates impacting multiple frontier AI models and key services, including claude.ai, Claude API, Claude Code, and Claude Cowork, raising concerns not just about infrastructure resilience but also about potential customer data exposure. The outage began at 8:08 PT / 15:08 The post Anthropic’s Claude Services Down — claude.ai, Claude Code, and Cowork Affected [Updated] appeared first on Cyber Security News.

A deceptive Python package quietly made its way into the PyPI repository, putting thousands of developers at risk before it was caught and removed. The package, named “parsimonius,” was crafted to look almost identical to the widely used “parsimonious” library, a popular Python tool for building expression grammar parsers. The single missing letter was no The post Hackers Publish Malicious Python Package Mimicking Legitimate Parsimonious Parser appeared first on Cyber Security News.