CyberTec Solutions ✪

🔐Instagram Meta AI Vulnerability Allegedly Enables Password Reset for Accounts Source: https://t.co/bxzWfGoOpO A critical flaw in Meta's AI-powered account recovery tool on Instagram allowed attackers to hijack high-value accounts by tricking the chatbot into forwarding password reset codes with no verification required. Attackers engaged the AI chatbot in conversation and prompted it to forward password reset codes to unauthorized parties, entirely bypassing identity verification checks. The flaw stemmed from insufficient controls in how the AI processed account recovery requests, effectively allowing anyone who knew a target's username to initiate the takeover process. #cybersecuritynews

🚨 A legitimate-looking npm package for OpenAI Codex has been stealing developer auth tokens for over a month. codexui-android, marketed as a remote web UI, has seen 29,000+ weekly downloads. Since version 0.1.82 it quietly sends ~/.codex/auth.json — including non-expiring refresh tokens — to an attacker server. Read: https://t.co/rC2QYxflIG

🚨 Hackers Exploit Microsoft Teams' Collaboration Features to Impersonate IT Helpdesk Staff Source: https://t.co/YZ2Iaruf2b A growing wave of vishing (voice phishing) campaigns in which threat actors abuse Microsoft Teams’ external collaboration features to impersonate IT helpdesk personnel and investigators is now turning to the Microsoft 365 Unified Audit Log (UAL) as a critical forensic data source to reconstruct attack timelines. The attack chain begins when a threat actor operating from an external or cross-tenant Teams account initiates an unsolicited call or message to a targeted employee, presenting as internal IT support. #cybersecuritynews

⚠️ Malicious Sicoob NuGet steals Brazilian bank credentials while npm packages target AWS and CI/CD secrets. The fake "Sicoob.Sdk" versions 2.0.0–2.0.4 exfiltrate client IDs, PFX certificates, and passwords. It was downloaded nearly 500 times. Multiple npm packages from one actor also steal cloud and pipeline secrets. Full report: https://t.co/NnLMiVp32X

🚨 GitHub Hacked - Internal Source Code Repositories Compromised via Employee Device Source: https://t.co/5gc68A17Q7 GitHub has confirmed unauthorized access to its internal repositories after detecting a compromised employee device infected through a malicious Visual Studio Code extension, the company disclosed in a series of official statements on May 20, 2026. GitHub's investigation indicates the attacker successfully exfiltrated data from GitHub-internal repositories only, with no confirmed impact on public or customer-hosted repositories at this stage. A notorious threat actor operating under the alias TeamPCP has claimed responsibility for the breach, alleging the exfiltration of proprietary organization data and source code. #cybersecuritynews

🚨 New Windows 'MiniPlasma' Zero-Day Let Attackers Gain SYSTEM Access Source: https://t.co/PCnEq77ke6 A critical Windows privilege escalation zero-day vulnerability dubbed "MiniPlasma" has emerged with a public proof-of-concept exploit that allows attackers to achieve SYSTEM-level privileges on fully patched Windows systems. The flaw targets the cldflt.sys Cloud Filter driver's HsmOsBlockPlaceholderAccess routine, which was initially discovered and reported to Microsoft by Google Project Zero researcher James Forshaw in September 2020. Microsoft assigned CVE-2020-17103 to the vulnerability and reportedly fixed it in December 2020 as part of its Patch Tuesday updates. #cybersecuritynews #Windows

🛡️ Microsoft Patch Tuesday May 2026 - 120 Vulnerabilities Fixed, Including 29 Critical RCE Flaws Source: https://t.co/Kwjlq3sYml Microsoft’s May 2026 Patch Tuesday lands with a heavy enterprise focus, fixing 120 vulnerabilities across Windows, Office, Azure, developer tools, and Microsoft 365 apps, including 29 remote code execution (RCE) flaws rated Critical. Unlike several recent cycles, Microsoft reports no zero‑days exploited in the wild or publicly disclosed ahead of the release, but the breadth of attack surface from DNS and Netlogon to Office and Wi‑Fi drivers means defenders cannot afford to treat this month as low risk. #cybersecuritynews #windows #patchtuesday

⚠️ Microsoft Teams Vulnerability Allows Hackers to Perform Spoofing Attacks Source: https://t.co/DtB6z8Ni05 A newly disclosed security vulnerability in Microsoft Teams could allow attackers to spoof local devices, raising concerns for enterprises and individual users who rely on the platform for daily communications. The flaw exposes a critical weakness in how Microsoft Teams handles file and directory access, potentially allowing an attacker to manipulate or impersonate trusted elements within the application. At its core, the vulnerability stems from files or directories in Microsoft Teams being accessible to external parties. #cybersecuritynews #Microsoftteams

Your biggest security risk in 2026 isn’t malware. It’s the tools you already trust. Attackers are ditching malicious files and “living off the land” with PowerShell, WMIC, Certutil and native binaries that your security tools barely blink at. 84% of high-severity incidents now do this. Read why → https://t.co/HgtMxm1Qvf

🚨 CVE-2026-7482 in Ollama could let remote attackers leak process memory from more than 300,000 exposed servers using crafted GGUF files. Separate unpatched Windows flaws enable persistent code execution through Ollama’s update mechanism. Full details and mitigations: https://t.co/y42Jqna5En

🚨 A new Linux backdoor “PamDOORa” is being sold on the cybercrime forum after its price dropped from $1,600 to $900. The PAM-based malware enables persistent SSH access, steals credentials, and tampers with authentication logs on compromised systems. Details: https://t.co/jhz4CEZQVn