#account takeover
Meta AI Flaw Lets Attackers Hijack Instagram Accounts Without Verification — Premium Handles Worth $1M+ Stolen
A critical flaw in Meta's AI account recovery tool allowed attackers to trick the chatbot into sending password reset codes with no identity verification, enabling theft of premium...
Google Chrome’s Device-Bound Session Credentials Go GA — Cryptographically Kills Cookie-Theft Attacks
Google has moved Device Bound Session Credentials (DBSC) to general availability in Chrome on Windows, cryptographically binding session cookies to the originating device via TPM. Enabled by default...