#2600net #irc #secnews #huntinghackers

Exploiting a confused deputy weakness, the hackers simply asked the chatbot to link the account to a new email address.

https://www.securityweek.com/meta-ai-hands-over-high-profile-instagram-accounts-to-hackers/

Threat actors compromised multiple high-profile Instagram accounts last week by simply asking Meta’s AI-powered account recovery assistant to hand them over.

The attackers exploited a logic flaw in the AI assistant, a classic ‘confused deputy’ issue, to have their own email addresses linked to the targeted accounts and take them over.

Confused deputy weaknesses have been known to security researchers for decades and involve tricking a deputy that has elevated privileges into performing specific actions on the attacker’s behalf.

In this case, the Meta AI assistant had API access to account management systems, being deployed to help users re-link email addresses, reset passwords, and verify they are the owners of specific accounts.

Due to the logic flaw, hackers were able to simply ask the chatbot to link a targeted account to a new email address, under the pretense that they had been hacked or that they had lost access to the previously linked email address.

To bypass Meta’s fraud detection protections, they used VPNs to appear as if they were in the target’s geographic location.

CISOs are now facing machine-speed attacks and asking, “How do I agent?” The industry must provide remediation at scale.

https://www.securityweek.com/raising-the-cybersecurity-stakes-ante-up-for-the-agentic-era/

Organizations are making a big bet on AI, but if their plans don’t include a cybersecurity strategy, then they are gambling with their future.

Over the past few years, GenAI platforms have matured from pattern-matching large language models (LLMs) to tool-calling agents. Many enterprises now report that the majority of their code is written by AI. However, threat actors have also upped the ante – agentic attacks shape offense faster than human defenses can respond.

In the last decade, the fundamental questions of cybersecurity have evolved. When CISOs asked, “What do I have?”, the industry provided context on assets. When they asked, “What is important?”, the industry provided prioritization. When they asked, “How do I fix it?”, the industry provided remediation.

Now, virtually every cybersecurity solution has implemented conversational AI that can make recommendations, but manual remediation cannot keep pace with AI-powered cyberattacks.

The agentic era is forcing manual remediation processes to evolve rapidly. CISOs are now facing machine-speed attacks and asking, “How do I agent?” The industry must provide remediation at scale.

AI has changed the game in both the scope of the attack surface and the scale of agentic attacks. This attack surface (and the control plane) spans assets, identity, and decision context. Enterprise AI agents and AI-generated code are both sources of risk.

In February 2026, OpenClaw, an agentic assistant, became so popular that its creator was recruited to join OpenAI. Although early adopters of OpenClaw may pose a shadow AI risk in enterprise environments, they also serve as a proof of concept for the agentic enterprise.

But the agentic enterprise is a security nightmare. Connecting AI to everything creates a flat network that runs counter to the principles of network segmentation and isolation that the security industry has advocated for decades.

One risk is that AI agents have the ability to execute tasks and make decisions autonomously, but they lack the discernment to avoid harming themselves or their enterprise.

Many parents have scolded their children by asking, “If everyone jumped off a bridge, would you?” There are numerous examples of AI-induced outages and data leaks that demonstrate AI would jump off a bridge. Therefore, organizations must implement guardrails.

Another risk is that threat actors are targeting AI. Model poisoning can manipulate training data to corrupt the foundational logic of AI models. Evasion of logic attacks bypasses defensive decision-making algorithms. Autonomous systems create blind spots that humans might miss. AI-powered cyberattacks continuously learn from their failed attempts to improve future attacks.

It has been estimated that within the next few years, the ratio of humans to agents will increase to 1:100 (or more). That means the typical large enterprise with 10,000 employees will be contending with a million or more agents – the size of a major metropolitan city.

Organizations should think of managing the agentic enterprise like a major metropolitan city, implementing infrastructure, establishing proactive policies, and governing it with controls.

The Agentic Detection Gap

As bad actors reshape the threat landscape with agentic cyberattacks, the defensive paradigm has yet to adapt. In Armis’ 2026 State of Cyberwarfare Report (PDF), 43% of respondents reported that their organization still detects and responds to significant cyberattacks as they happen or after they have already occurred.

The cybersecurity industry optimizes for detection, but threat actors optimize for avoidance, which means security teams have to focus on finding threats after ingress. Alerts don’t change outcomes – knowing about a breach doesn’t prevent it.

The speed of adaptation on both offense and defense determines whether a cyberattack will succeed, but currently, the odds favor attackers. It used to take threat actors a week to create exploits when vulnerabilities were disclosed (and even then, patch management struggled to keep pace). Threat actors can now create exploits in minutes by weaponizing agentic coding platforms.

The irony is that many of the cybersecurity solutions that were developed to address the challenges of legacy technology have now become legacy cybersecurity solutions as well. Cybercriminals have outscaled static rules, periodic assessments, alert generation, and human-in-the-loop processes.

Organizations have been reluctant to adopt machine automation, but they can no longer afford to delay. At a minimum, cybersecurity requires dynamic threat hunting, continuous monitoring, and proactive exposure management. These are the table stakes today, but what about tomorrow?

The New Paradigm: From Human vs Human to AI vs. AI

It should be readily apparent that AI is driving the new paradigm of offense and defense. Speed, scale, and autonomy are redefining the competitive advantage between threat actors and defenders.

Pragmatically, cybersecurity teams must adapt to this paradigm in a few ways. First, they must move from reactive detection to preemptive protection. Organizations can stop attacks before they happen by operationalizing alert generation into prioritized exposure management.

Cybersecurity must also follow the AI paradigm shift from disconnected tools and ad hoc manual processes to unified, comprehensive platforms and autonomous action. Here are three principles that can help catalyze that shift.

When it comes to making big bets, they say the house always wins. Defenders actually do have an advantage over attackers: they know what matters most to their business. Agentic cyberattacks create an asymmetrical advantage in attack speed, but defenders can even the odds by adopting agentic cybersecurity.

Only approximately 50 companies have had access to Mythos until now and they have found thousands of vulnerabilities in their products

https://www.securityweek.com/anthropic-expanding-mythos-access-to-150-new-organizations/

Proof-of-concept (PoC) exploit code has been released for the CIFSwitch flaw, which allows low-privileged users to escalate to root on vulnerable Linux systems.

https://www.securityweek.com/19-year-old-linux-kernel-vulnerability-exposes-systems-to-root-access/

A vulnerability that lurked in the Linux kernel for 19 years allows low-privileged users to obtain root-level privileges on numerous distributions.

Dubbed CIFSwitch, the issue impacts the Linux kernel’s CIFS subsystem and the cifs-utils userspace helper it uses for handling authentication. CIFS handles parts of the SMB network filesystem protocol, such as mounting shares, read/write actions, and SMB communication to the server.

When authenticating a mount, the subsystem sends a request_key call for a cifs.spnego key. The request checks the key in userspace and calls cifs.upcall as root to parse the key description, which contains fields such as UID, PID, credential cache, and namespace.

According to SpaceX security engineer Asim Viladi Oglu Manizada, the kernel does not check the origin of the request and the key description, which allows an attacker to call the request_key function directly and can supply their own key description fields, bypassing CIFS origin.

Because cifs.upcall is called as root, the helper switches into the namespaces of the PID supplied in the modified key description, providing the attacker with root access.

Furthermore, during the operation, before privileges are dropped, the helper also performs account lookup, which goes through Name Service Switch (NSS) and enables the loading of NSS modules.

Certain Linux Mint, CentOS, Rocky Linux, Kali Linux, AlmaLinux, and SLES SAP distributions that have cifs-utils installed by default are vulnerable. According to the researcher, some distros are vulnerable only if cifs-utils was manually installed.

Many Ubuntu, Fedora, CentOS, Rocky Linux, AlmaLinux, Oracle Linux, openSUSE, and SLES distros block the execution path by default, while Amazon Linux 2 KVM and Kali Linux 2019.4/2020.4 are not affected.

Major Linux distributions rolled out fixes for the security defect earlier this month.

Hackers published 96 malicious package versions, injected with a credential-stealing worm similar to Mini Shai-Hulud.

https://www.securityweek.com/supply-chain-attack-hits-32-red-hat-npm-packages/

A simple development setting bypassed protections designed to prevent unauthorized Android apps from accessing Microsoft account tokens, exposing billions of installations.

https://www.securityweek.com/exclusive-how-one-line-of-code-put-billions-of-microsoft-android-app-downloads-at-risk/

Six Microsoft 365 Android apps contain an identical flaw that could risk billions of downloads being compromised.

The findings, shared exclusively with SecurityWeek ahead of the expected public release of the research on Tuesday, were uncovered by Enclave, an AI-powered exploitable bug hunter. It is nothing more than a single debug flag being left in the production code of Word, PowerPoint, Excel, Microsoft 365 Copilot, Microsoft Loop and OneNote for Android. Someone left debug mode enabled in production: – set IsDebugMode(true). This was enabled across all six apps, but was not enabled in other Microsoft (MS) apps such as Teams. These were not affected by any consequent potential exploitation attempt.

The effect of such debug flags varies. Sometimes the purpose is simply to affect logging or to test output. “This one changed the behavior around account access token sharing,” explains Enclave reporting its findings. “With debug mode enabled, the protection that should have blocked untrusted apps from receiving tokens was skipped.”