20,000 Instagram accounts hacked with AI tool abuse

A bug in Meta's AI-powered account recovery tool compromised 20,000 Instagram accounts.

In this week's Intel Chat, Chris and Matt discuss how the flaw allowed attackers to bypass email verification. Meta patched the tool after discovering the abuse on May 31st.

Matt's takeaway: tools given broad API access become attractive targets. Meta should have caught this in basic testing, yet it took an adversary to expose the weakness.

The episode also covers Depth First finding 21 zero-days in FFmpeg, Bundler 4.0.13's cooldown feature for supply chain protection, and the Shahalud worm targeting AI development tools.