Hackers breached Dashlane password manager users<\/h2>\n
Attackers bypassed two-factor authentication (2FA) and downloaded encrypted vaults containing user credentials from Dashlane accounts, the password manager\u2019s developer said<\/a>.<\/p>\n The campaign began<\/a> on May 31, 2026, and targeted API<\/span> endpoints for new device registration. The hackers brute-forced six-digit one-time codes sent to victims via email or generated by authenticator apps.<\/p>\n Although Dashlane\u2019s automated security systems flagged the anomaly and began temporarily locking targeted accounts, the attackers managed to guess valid codes for a small number of victims. After passing 2FA, they authorized their own devices on user profiles, triggering the app to automatically download full copies of the encrypted vaults.<\/p>\n The company said \u201cfewer than 20 users\u201d were affected. Dashlane\u2019s internal infrastructure and servers were not compromised. The company implemented additional verification layers and blocking of suspicious traffic.<\/p>\n Experts emphasized that the stolen password databases remain inaccessible without the victim\u2019s master password. Thanks to ZKP<\/a> architecture and strong encryption, the data are protected from quick cracking.<\/p>\n Because the vaults now physically reside on the attackers\u2019 servers, they can use unlimited computing power for local cracking. The situation largely mirrors the incident<\/a> with LastPass in 2022.<\/p>\n Security chip developer Tropic Square disclosed<\/a> a vulnerability in its TROPIC01 product, used in the Trezor Safe 7 hardware crypto wallet.<\/p>\n The issue was discovered by Ledger Donjon\u2019s security research team during an independent audit. The specialists executed a successful Laser Fault Injection<\/span> attack. In lab conditions, the method allowed them to bypass firmware signature verification and extract some secret data protected by the chip.<\/p>\n Based on Donjon\u2019s report, Tropic Square identified a complex exploitation method to extract another secret. It affects TROPIC01 functions related to the PIN code.\u00a0<\/p>\n As Trezor representatives explained in an email to ForkLog, even with the additional finding, compromising the chip alone is insufficient to access the Trezor Safe 7 PIN. Moreover, users\u2019 private keys and seed phrases are not stored on TROPIC01. To execute the exploit, an attacker would need full physical access to the victim\u2019s wallet, expensive specialized equipment and expert knowledge.<\/p>\n Trezor said users do not need to take any action, as the wallet\u2019s design fully mitigates the risk in practice.<\/p>\n Since March 2026, the pace of attacks by the China-linked group TA4922 has reached unprecedented levels, with the geography expanding to include organizations in Europe, according to Proofpoint<\/a>.<\/p>\n The group had previously focused solely on East Asia, but recent campaigns shifted to commercial and government organizations in Germany, Italy, the UK and South Africa.<\/p>\n For initial compromise, the hackers use high-quality localized phishing lures mimicking payroll notifications, tax audits, VAT returns and HR messages. In addition to email, they reach out via WhatsApp, LINE and Microsoft Teams.<\/p>\n In recent attacks they deployed a previously unknown remote-access trojan, Atlas. The backdoor supports a wide range of espionage features:<\/p>\n Atlas also includes sandbox-evasion mechanisms: it checks registry keys and usernames for signs of Microsoft Defender Application Guard and the CExecSvc service.<\/p>\n The group\u2019s toolkit further includes a new loader, RomulusLoader, to stealthily launch remote administration tools such as AnyDesk and China-popular SyncFuture. Researchers also observed a Python installer, SilentRunLoader, aimed at stealing Google Chrome session cookies and passwords.<\/p>\n Proofpoint believes TA4922 leverages large language models (LLMs) to accelerate development, citing an abundance of specific comments and structural patterns in the code characteristic of AI.<\/p>\n Some Instagram users lost access to their pages due to a critical vulnerability in the architecture of Meta\u2019s AI support, BleepingComputer<\/a> reports.<\/p>\n Attackers industrialized the bypass of platform safeguards, including two-factor authentication (2FA), by manipulating the AI assistant.<\/p>\n An attacker initiated the standard password-recovery protocol, claiming the page had been hacked. When Instagram\u2019s automated system requested video identity verification, the hackers used a deepfake produced after obtaining images of the victim.<\/p>\n According to media reports, the attackers also enabled a VPN to mimic the victim\u2019s usual geolocation, helping them bypass server-side security checks. The attacker then forced a change of the account\u2019s linked email and reset the password.<\/p>\n Compromised accounts included unique short handles like @hey, @korn, @e and @f, as well as app researcher Jane Manchun Wong\u2019s profile and a page previously used by the White House team during the Obama administration. Such rare digital assets can fetch tens of thousands of dollars on the black market.\u00a0<\/p>\n my instagram (@ korn) was stolen overnight via the Meta AI exploit and was subsequently disabled.<\/p>\n it was Meta Verified, facial scan verified, and had 0 TOS violations.<\/p>\n the account is the sole source of my income.<\/p>\n i spent 6 hours trying to get human support and meta’s support\u2026 pic.twitter.com\/k5x846H8AG<\/a><\/p>\n \u2014 korn (@kornbuilds) June 1, 2026<\/a><\/p><\/blockquote>\n Flaw found in Trezor Safe 7 wallet\u2019s security chip<\/h2>\n
China-linked hackers target Europe<\/h2>\n
![\"image\"](\"https:\/\/forklog.com\/wp-content\/uploads\/img-85820a4f316615f4-6290268700650645.webp\")
\n
Scammers exploited Meta\u2019s AI support to seize rare Instagram accounts<\/h2>\n
\n