Microsoft warns of password reset exploits by hackers

Microsoft has alerted users that hackers are targeting password reset processes to breach accounts. The activity is attributed to the group Storm-2949.

Microsoft issued the warning about ongoing efforts to exploit password resets for unauthorized access. The hackers involved are described as operating a methodical, sophisticated, and multi-layered campaign under the name Storm-2949.

Makala yanayohusiana

Illustration of a hacker exploiting Meta's AI chatbot to hijack Instagram accounts by changing email addresses and bypassing security.
Picha iliyoundwa na AI

Meta patches ai chatbot flaw used to hijack instagram accounts

Imeripotiwa na AI Picha iliyoundwa na AI

Hackers exploited Meta's AI support chatbot to take over Instagram accounts by tricking it into changing associated email addresses. The vulnerability allowed password resets without two-factor authentication after matching locations via VPN. Meta resolved the issue with an emergency patch on May 29.

Seventy-three Microsoft open source packages were compromised late last week with malware that steals credentials from cloud services and developer tools. The malicious code activates when opened in AI coding agents.

Imeripotiwa na AI

Security specialists have raised alarms over the vulnerability of online accounts, stating that almost half of all passwords in use today can be broken within minutes.

The US State Department is offering a reward of up to $10 million for information on two Russian state-linked cyber groups behind a phishing campaign targeting Signal and WhatsApp accounts. The operation has compromised thousands of accounts since at least March.

Imeripotiwa na AI

Security researcher Alexander Hagenah has released an updated tool called TotalRecall Reloaded that reveals weaknesses in Microsoft Windows 11's Recall feature. Despite Microsoft's security overhauls, the tool can intercept user data after Windows Hello authentication without needing administrator privileges. Microsoft maintains that this does not represent a vulnerability.

Jumanne, 7. Mwezi wa saba 2026, 10:35:46

KDDI cyberattack exposes 12 million emails and 7 million passwords

Jumatatu, 25. Mwezi wa tano 2026, 20:53:09

FBI warns of Kali phishing scam targeting Microsoft OAuth tokens

Jumatatu, 25. Mwezi wa tano 2026, 12:40:21

Trend Micro Apex One zero-day exploited in the wild

Alhamisi, 14. Mwezi wa tano 2026, 20:13:57

Zero-day exploit bypasses default windows 11 bitlocker encryption

Alhamisi, 7. Mwezi wa tano 2026, 00:48:14

Experts warn Microsoft Phone Link tool exploited by unknown threat

Jumatatu, 27. Mwezi wa nne 2026, 08:47:08

Microsoft fixes Outlook outage but iOS users need to re-login

Tovuti hii inatumia vidakuzi

Tunatumia vidakuzi kwa uchambuzi ili kuboresha tovuti yetu. Soma sera ya faragha yetu kwa maelezo zaidi.
Kataa