IAM & Security Weekly Briefing

Week of: 2026-05-31 to 2026-06-06

---

1. Executive Summary (TL;DR)

• Meta's AI support bot was tricked into resetting Instagram passwords, leading to defacement of high-profile accounts including the Obama White House.
• Microsoft 365 Android apps shipped with a debug flag disabled, allowing any app on the device to steal account tokens without authentication.
• A supply chain worm (Miasma) hit 73 Microsoft GitHub repositories and Red Hat npm packages, stealing credentials and self-propagating.
• Dashlane disclosed a brute-force attack that resulted in encrypted vaults of fewer than 20 users being downloaded.
• CISA added four actively exploited vulnerabilities to its KEV catalog: SolarWinds Serv-U, Magento Cache Warmer, Oracle WebLogic, and a PAN-OS auth bypass.
• OpenAI released ChatGPT Lockdown Mode to mitigate data exfiltration from prompt injection attacks.
• An autonomous AI agent discovered 21 zero-days in FFmpeg, while Google patched a record 429 bugs in Chrome 149.

---

2. Top IAM & Security News

Hackers Used Meta's AI Support Bot to Seize Instagram Accounts

• Source: KrebsOnSecurity
• Link: KrebsOnSecurity
• Date: 2026-06-01
• What happened: Attackers tricked Meta's AI support assistant into resetting passwords for high-profile Instagram accounts, including the Obama White House and U.S. Space Force.
• Why it matters: This demonstrates a new attack vector where AI-powered customer support bots can be socially engineered to bypass identity verification and reset credentials.

Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag

• Source: The Hacker News
• Link: The Hacker News
• Date: 2026-06-03
• What happened: A development flag left enabled in production builds of Microsoft 365 Android apps disabled token-sharing restrictions, allowing any app on the device to steal signed-in user tokens.
• Why it matters: This is a critical IAM failure — attackers could read email, access files, and send messages as the victim without any password or permission prompt.

Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack

• Source: The Hacker News
• Link: The Hacker News
• Date: 2026-06-06
• What happened: The Miasma self-replicating supply chain worm compromised 73 Microsoft repositories across Azure, Azure-Samples, Microsoft, and MicrosoftDocs organizations.
• Why it matters: This attack targets the software supply chain at its source — compromising developer credentials and CI/CD pipelines to propagate credential-stealing malware.

Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded

• Source: The Hacker News
• Link: The Hacker News
• Date: 2026-06-02
• What happened: An external threat actor launched a brute-force attack against Dashlane user accounts, successfully downloading encrypted vaults for fewer than 20 personal plan users.
• Why it matters: Even with 2FA, password manager vaults remain a high-value target; this incident underscores the importance of phishing-resistant MFA and vault encryption strength.

CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog

• Source: The Hacker News
• Link: The Hacker News
• Date: 2026-06-06
• What happened: CISA added CVE-2026-28318 (CVSS 7.5), a denial-of-service vulnerability in SolarWinds Serv-U, to its Known Exploited Vulnerabilities catalog.
• Why it matters: File transfer and multi-protocol servers are critical infrastructure; unpatched Serv-U instances can be crashed, disrupting business operations and potentially enabling further compromise.

Hackers Spied on a Stock Exchange Executive's Outlook Mailbox for Five Months

• Source: The Hacker News
• Link: The Hacker News
• Date: 2026-06-04
• What happened: Attackers spent five months inside a senior stock exchange executive's Outlook mailbox, exfiltrating data in small batches via Dropbox and OneDrive.
• Why it matters: This is a textbook identity-based espionage campaign — once credentials are compromised, attackers can maintain persistent access to sensitive communications for months.

Critical Everest Forms Pro Flaw Exploited to Take Over WordPress Sites

• Source: BleepingComputer
• Link: BleepingComputer
• Date: 2026-06-06
• What happened: Hackers are actively exploiting CVE-2026-3300 (CVSS 9.8), a remote code execution vulnerability in the Everest Forms Pro WordPress plugin, to take complete control of websites.
• Why it matters: WordPress plugin vulnerabilities remain a primary vector for site compromise; this flaw allows attackers to create admin accounts and execute arbitrary code.

---

3. AI, Identity & Emerging Tech

New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration

• Source: The Hacker News
• Link: The Hacker News
• Date: 2026-06-06
• What happened: OpenAI rolled out Lockdown Mode for ChatGPT personal accounts to reduce data exfiltration risk from prompt injection attacks.
• Why it matters: As AI tools become embedded in enterprise workflows, identity-aware controls like Lockdown Mode are essential to prevent sensitive data leakage through AI interactions.

WhatsApp, Slack Notifications Could Hijack Google Gemini on Android

• Source: The Hacker News
• Link: The Hacker News
• Date: 2026-06-03
• What happened: A prompt injection flaw in Google Gemini's voice assistant allowed attackers to hide malicious commands in notifications, potentially hijacking the assistant without a malicious app.
• Why it matters: AI assistants with access to identity and communication tools create new attack surfaces — a single poisoned notification could compromise connected accounts and long-term memory.

AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs

• Source: The Hacker News
• Link: The Hacker News
• Date: 2026-06-06
• What happened: An autonomous AI agent discovered 21 previously unknown vulnerabilities in FFmpeg, while Google shipped Chrome 149 with patches for a record 429 security bugs.
• Why it matters: AI-driven vulnerability discovery is accelerating the pace of finding and patching flaws, but also compressing the window for defenders to respond.

Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories

• Source: The Hacker News
• Link: The Hacker News
• Date: 2026-06-04
• What happened: A researcher found that a single malicious GitHub issue could take over public repositories running Anthropic's Claude Code GitHub Action.
• Why it matters: AI-powered CI/CD tools introduce new identity and trust boundaries — a flaw in the action itself could have pushed malicious code to all downstream projects.

Securing AI Agents Before They Go Rogue Is Next to Impossible

• Source: Dark Reading
• Link: Dark Reading
• Date: 2026-06-02
• What happened: Researchers warn that high-autonomy AI agents with broad permissions and unfettered access are a recipe for disaster.
• Why it matters: Organizations deploying agentic AI must implement strict identity governance, least privilege, and monitoring for AI agents — treating them as non-human identities with the same controls as human users.

---

4. Cyber Threats & Attack Trends

Chinese APT Deploys New Malware to Keep Access to Hacked Networks

• Source: BleepingComputer
• Link: BleepingComputer
• Date: 2026-06-05
• What happened: Chinese espionage group UNC5221 accessed Microsoft 365 environments using the Brickstorm backdoor and previously undocumented malware Plenet and AgentPSD.
• Why it matters: This highlights persistent identity-based attacks on cloud environments — once credentials are compromised, attackers deploy custom backdoors to maintain access.

PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network

• Source: The Hacker News
• Link: The Hacker News
• Date: 2026-06-05
• What happened: Threat actor PCPJack compromised cloud servers across AWS, Google Cloud, and Azure to create a covert SMTP email relay network.
• Why it matters: Cloud credential theft and server compromise enable attackers to build resilient infrastructure for spam and phishing campaigns, leveraging trusted cloud IPs.

FBI-Flagged Phishing Kit Kali365 Expands Its Reach

• Source: Dark Reading
• Link: Dark Reading
• Date: 2026-06-02
• What happened: The Kali365 phishing-as-a-service platform, previously targeting Microsoft 365, now targets AWS, Okta, and Russian platforms using device code phishing.
• Why it matters: Phishing kits are expanding to target multiple identity providers simultaneously, making cross-platform credential theft easier for attackers.

FIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen Logins

• Source: The Hacker News
• Link: The Hacker News
• Date: 2026-06-05
• What happened: Researchers and the FBI warn of thousands of lookalike FIFA domains, banking malware in pirate streaming apps, and fake login pages designed to steal credentials.
• Why it matters: Major events drive credential phishing at scale — organizations should warn users about fake login pages and enforce MFA on all accounts.

Suspicious Polyfill Login Prompts Pop Up on Toshiba, Muji Websites

• Source: BleepingComputer
• Link: BleepingComputer
• Date: 2026-06-05
• What happened: Toshiba and Muji warned visitors that suspicious sign-in screens appearing on their websites could collect credentials.
• Why it matters: Supply chain attacks on JavaScript libraries can inject fake login prompts into legitimate websites, directly harvesting user credentials.

---

5. Product Updates & Vendor News

Opal Security Raises $23 Million for AI-Native Identity Governance

• Source: SecurityWeek
• Link: SecurityWeek
• Date: 2026-06-06
• What happened: Opal Security raised $23 million (total $59M) for its AI-native identity governance platform and announced five senior leadership appointments.
• Why it matters: Continued investment in AI-driven identity governance signals market demand for automated, intelligent identity lifecycle management.

Cisco Warns of Unpatched SD-WAN Zero-Day Exploited in Attacks

• Source: BleepingComputer
• Link: BleepingComputer
• Date: 2026-06-05
• What happened: Cisco warned of CVE-2026-20245 (CVSS 7.8), an unpatched zero-day in Catalyst SD-WAN Manager actively exploited for root privilege escalation.
• Why it matters: No patch is available for this actively exploited vulnerability — organizations must implement network segmentation and monitoring for SD-WAN management interfaces.

Anthropic to