Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Instagram accounts for Obama White House hit by account takeover attack

Incident
First reported
Last updated
Happening score
H score 17
1 unique sources, 1 articles

Summary

Hide ▲

The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced after attackers abused Meta’s AI support assistant to reset passwords, creating a public-facing account takeover risk. The reported workflow let the attacker link a new email address and receive a reset code, which enabled the hijack and message injection. Meta reportedly pushed an emergency patch, and the exploit reportedly failed when MFA was enabled.

Related Happenings

Kali365 Microsoft 365 device-code phishing campaign

Campaign
First: 25.05.2026 15:45 Last: 25.05.2026 15:45 Sources 1

About this happening: A **Kali365** phishing campaign is targeting **Microsoft 365** environments worldwide with **device-code login lures**, putting accounts at risk of **token theft** and **MFA bypas...

Open Happening

W3LL Microsoft 365 adversary-in-the-middle phishing campaign

Campaign
First: 13.04.2026 21:55 Last: 13.04.2026 21:55 Sources 1

About this happening: The **W3LL** phishing operation turned into a high-volume **Microsoft 365** credential-theft campaign, exposing **more than 17,000 victims worldwide** to **BEC** risk. The kit use...

Open Happening

Signal and WhatsApp anti-phishing account-hardening guidance

Defensive Guidance
First: 21.03.2026 15:17 Last: 21.03.2026 15:17 Sources 1

About this happening: A **UK National Cyber Security Centre (NCSC)** alert on **March 31** warned that **Russia-based actors** are increasing **targeted attacks** against **high-risk individuals** usin...

Open Happening

Tycoon 2FA-Storm-1747 ecosystem shift changes threat-actor operations

Threat Actor Meta
First: 05.03.2026 08:51 Last: 05.03.2026 08:51 Sources 1

About this happening: **Tycoon2FA** has evolved from a **subscription-based PhaaS** into a more resilient phishing service that now supports **device-code phishing** against **Microsoft 365** accounts....

Latest development: 17.05.2026 17:43

eSentire says Tycoon2FA now uses device-code phishing to target Microsoft 365 accounts, with invoice-themed lure emails carrying Trustifi click-tracking URLs that redirect through Trustifi, Cloudflare Workers, obfuscated JavaScript layers, and a fake Microsoft CAPTCHA page before sending victims to microsoft.com/devicelogin. The kit also adds anti-analysis defenses, including detection of Selenium, Puppeteer, Playwright, and Burp Suite, plus blocks for security vendors, VPNs, sandboxes, AI crawlers, and cloud providers.

Open Happening

Bitpanda impersonation phishing campaign using fake MFA flow

Campaign
First: 24.02.2026 18:05 Last: 24.02.2026 18:05 Sources 1

About this happening: A **phishing campaign** impersonating **Bitpanda** is stealing **credentials** and **personal data** from cryptocurrency brokerage users, raising account-takeover risk. The operat...

Open Happening

Timeline

  1. 01.06.2026 20:32 1 articles · 1h ago

    Telegram channels spread a Meta AI support assistant password-reset trick

    Initial Disclosure

    Telegram channels begin circulating instructions for abusing Meta’s AI support assistant during Instagram password resets by adding a new email address, creating a path to take over an account.

    Show sources
    Open in new tab
  2. 01.06.2026 20:32 2 articles · 1h ago

    Obama White House and U.S. Space Force Instagram accounts are briefly defaced

    Victim Impact Update

    The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force are briefly defaced with pro-Iranian images and messages after the password-reset abuse path is used, and Meta reportedly pushes an emergency patch while saying no back-end database was breached.

    Show sources
    Open in new tab