The last week has been fairly slow in the world of cyber activity. However, there are a few hacks to talk about.

Meta continues to keep up their AI shenanigans, router vendors keep shipping bad code, and Anthropic released a disappointing model.

Let's break it down.

Hackers Used Meta's Own AI Bot to Steal 20,000 Instagram Accounts

On May 31, Meta discovered that its AI-powered support tool for Instagram, called High Touch Support, had been compromised. The Meta AI support bot didn't verify whether an email address actually belonged to the account someone was requesting a reset for. Attackers fed the bot a target account and an email they controlled, got a password reset link, and changed the password... that's the whole hack.

The compromised accounts included the Obama-era White House Instagram handle and the account of the U.S. Space Force's chief master sergeant. High-value short-handle accounts were seized and appear to have been resold, with some reportedly worth over half a million dollars on the market. Others were defaced with pro-Iran messaging.

Meta confirmed the incident affected at least 20,225 accounts, issued an emergency patch, and said no backend database was breached. Hopefully this shows that AI shouldn't be used for authentication.

Sponsored

Today's MSB is brought to you by... ME 😈

The world is becoming increasingly more dependent on AI, especially in software engineering. Even more scary, is less people actually know how computers actually work, and what their code is doing.

One way to stand out from the crowd is to LEARN how computers work with low level languages.

At Low Level Academy, watch videos, code in the browser, and learn low level languages like C and Assembly. Gain an edge in today's competitive markets.

AND, it's on sale! (for a limited time).

Okay back to the hacks.

Acer Wave 7 Routers: Two CVSS 10.0 Zero-Days

Security researcher Gergo Pap disclosed two critical zero-days in Acer's Wave 7 mesh routers last week. Both score a perfect 10.0. Acer says fixes are coming by end of June 2026.

The first, CVE-2026-49200 is a broken access control flaw. The router's acer_cgi.log file is publicly accessible through the web interface without any authentication. Inside that file? Plaintext web admin credentials and Telnet passwords.

The second, CVE-2026-49201, involves a hardcoded AES cryptographic key embedded in the firmware. That key is used to encrypt and decrypt system backups. An attacker who obtains a backup, decrypts it with the known key, modifies it, and re-uploads it gets persistent backdoor access. The key is identical across all affected devices, so it only needs to be extracted once.

Affected firmware: T7c_GBL_1.01.000055 and earlier.

Check Point VPN Zero-Day: Attackers Had a Month-Long Head Start

Check Point published its advisory for CVE-2026-50751 on June 8. Exploitation had been underway since May 7. The vulnerability is an authentication bypass in Check Point Remote Access VPN, Mobile Access, and Spark Firewall products. The flaw lives in the certificate validation logic for the deprecated IKEv1 key exchange protocol.

An unauthenticated remote attacker can establish a full VPN session without a valid password. CVSS score: 9.3. CISA added it to the Known Exploited Vulnerabilities catalog on June 8, with federal agencies required to patch by June 11.

At least one confirmed attack has been linked to a Qilin ransomware affiliate. The actor used VPS infrastructure geolocated to match victim geography, and there's infrastructure overlap with previous campaigns targeting Palo Alto, Fortinet, and F5 VPN products. This is a dedicated team running systematic campaigns against corporate network perimeters.

Claude Fable 5 Lands. The Cybersecurity Restrictions Are Already Causing Problems.

Anthropic launched Claude Fable 5 on June 9: a public release of its Mythos-class model, the same one it had restricted to vetted infrastructure partners since April over concerns about its capabilities in offensive security.

Fable 5 comes with hard blocks in cybersecurity, biology, chemistry, and nuclear topics. When triggered, it falls back to Claude Opus 4.8 and displays an explicit message telling the user why. Anthropic acknowledges the filters "will sometimes catch harmless requests" but says they trigger in fewer than 5% of sessions on average.

Security researchers are already reporting otherwise. Examples of the filters activating on routine defensive queries are circulating publicly, and the sensitivity is drawing criticism from the research community.

Fable 5 is available today, included on Pro, Max, Team, and Enterprise subscription plans at no extra cost through June 22. After that, it requires usage credits, with a return to standard plans planned once capacity allows.

Anyway, that's it for now! I hope you enjoyed this weeks MSB.

As a reminder, Low Level Academy is on sale for a limited time! Stay ahead of the crowd and learn how computers actually work by learning to code in C & Assembly.

Happy Hacking!

Low Level

Keep Reading