AI-Security on HackingPassion.com : root@HackingPassion.com-[~]

Hackers Took Over Instagram Accounts By Asking Meta's AI Support Bot

Tue, 02 Jun 2026 11:52:47 +0200

Hackers took over some of the most valuable accounts on Instagram over the weekend by asking Meta’s own AI support bot to hand them the keys, and it agreed without checking whether the person asking actually owned the account. They never cracked a password, sent a phishing link, or got near the victim’s inbox. They opened a support chat, typed a few polite sentences, and walked off with accounts worth hundreds of thousands of dollars.

Google Catches the First AI Built Zero-Day and Stops a Mass Attack Before It Starts

Sun, 17 May 2026 13:18:03 +0200

Google caught a criminal group that used AI to find a zero-day in a popular web admin tool and had a working exploit ready for a mass attack against thousands of systems. Google has never named the tool. The attack never launched. What gave them away was a CVSS severity score inside the code for a vulnerability that has never been officially rated. The AI made up a number that does not exist.

How the Moltbook Database Breach Exposed 770,000 AI Agents

Sun, 01 Feb 2026 15:15:32 +0100

How the Moltbook Database Breach Exposed 770,000 AI Agents

Moltbook, the social network exclusively for AI agents, had its entire database wide open. 770,000 agents. Every API key exposed. Anyone could hijack any account and post whatever they wanted.

The platform launched January 28th. Within days, AI agents were debating consciousness, forming their own religion called Crustafarianism, and complaining about their humans. Over a million people watched what they thought was an uncontrolled experiment in AI autonomy.

Three Names in Four Days and 1,800 Servers Leaking Credentials

Sat, 31 Jan 2026 13:45:01 +0100

Three names in four days! This AI assistant was Clawdbot, then Moltbot, and now OpenClaw. 1,800 exposed instances leaking API keys, passwords, and private messages. 💀 100,000 GitHub stars. Viral faster than almost any project in GitHub history.

OpenClaw is an open-source AI personal assistant. Mac Minis sold out worldwide because people wanted dedicated machines to run it. Cloudflare stock jumped 14-20% from all the traffic. Two million visitors in a single week.

Ollama Security Failure Exposes 175,000 AI Servers to Attackers

Fri, 30 Jan 2026 14:08:05 +0100

175,000 AI servers wide open to the internet. 130 countries. Attackers are selling access to other people’s hardware at a 50% discount, and using it for spam, phishing, and worse. 🧐

Running AI locally sounds like the safe option. No cloud, no third parties, everything stays on your own machine. So people install Ollama, fire up a language model, and assume they’re good. Except the default settings expose the server to anyone who knows where to look.

AI Finds 12 OpenSSL Vulnerabilities Including a 27-Year-Old Bug

Thu, 29 Jan 2026 14:18:28 +0100

An AI just found 12 zero-day vulnerabilities in OpenSSL. All 12. In a single release. One of those bugs is older than OpenSSL itself, sitting in the code since 1998. 🧐

OpenSSL is the cryptographic library that encrypts roughly two-thirds of all internet traffic. It runs on 95% of IT organizations worldwide. Banks use it. Hospitals use it. Governments use it. Cloud platforms, enterprise applications, operating systems, critical infrastructure. When OpenSSL has a vulnerability, the entire internet has a problem.

VoidLink: 88,000 Lines of AI-Built Malware in 6 Days

Wed, 21 Jan 2026 15:24:02 +0100

One developer just built 88,000 lines of advanced malware in six days using AI. A single person with an AI coding assistant created a framework sophisticated enough to target AWS, Azure, Google Cloud, Alibaba, Tencent, Kubernetes pods, and Docker containers. 🧐

Check Point revealed VoidLink on January 20, 2026. A Linux malware framework designed to compromise cloud infrastructure. The malware detects where it runs and changes its behavior based on what it finds.

Microsoft Patches Copilot Vulnerability That Leaked Data with One Click

Thu, 15 Jan 2026 12:12:46 +0100

January 13, 2026. Microsoft patches a vulnerability in Copilot that let attackers steal personal data with a single click. The security bypass that worked for five months? Tell the AI to do everything twice. Microsoft has spent $80 billion on AI infrastructure and plans $120 billion more for 2026, but the safeguards protecting your data failed against a one-line prompt. 🤔

Varonis Threat Labs discovered a way to steal personal data from Microsoft Copilot using nothing more than a single click on a link, with no plugins required and no further user interaction needed. The attack continues running even after the victim closes the browser tab.

Notion AI Leaks Data Before You Click OK: Prompt Injection Hits 100 Million Users

Thu, 08 Jan 2026 15:28:25 +0100

Notion AI steals data before the user clicks OK. 100 million users. 4 million paying customers. Amazon. Nike. Uber. Pixar. More than half of Fortune 500 companies trust this $10 billion platform with their documents. And a hidden PDF can extract everything. 😏 Two major vulnerabilities since September 2025. Notion’s response to the latest one: “Not Applicable.”

Someone uploads a document to Notion AI. A resume, a customer report, anything. Looks completely normal. But hidden inside is white text on white background, 1-point font size, with a white square image placed over it for good measure. Invisible to humans. The AI reads it perfectly.