VulnHub

Real-time Cybersecurity News

Articles tagged "Meta"

Found 4 articles

Facebook login thieves now using browser-in-browser trick

BleepingComputer

Actively Exploited

Hackers have started using a new technique called the browser-in-the-browser (BitB) method to steal Facebook login credentials. This method creates a fake Facebook login window that appears to be part of the user's browser, tricking them into entering their username and password. Over the past six months, this tactic has gained traction among cybercriminals, making it easier for them to capture sensitive information. Users are at risk, especially if they are not aware of this deception. It's crucial for Facebook users to be vigilant and ensure they are logging in through the official website or app to avoid falling victim to these scams.

Impact: Facebook accounts
Remediation: Users should verify the URL and ensure they are on the official Facebook site before entering credentials; consider enabling two-factor authentication for added security.
Phishing
Read Original
Meta fixes Instagram password reset flaw, denies data breach

Security Affairs

Meta has addressed a vulnerability in Instagram that allowed unauthorized parties to send password reset emails. This flaw raised concerns about potential account takeovers, as attackers could exploit it to gain access to user accounts. Despite claims of leaked data, Meta has denied any data breach, stating they have only fixed the reset issue. Users should be aware of this vulnerability, especially if they received unexpected password reset emails, as it indicates the possibility of malicious activity. It's important for users to enable additional security measures, such as two-factor authentication, to further protect their accounts.

Impact: Instagram accounts
Remediation: The vulnerability has been fixed by Meta, but specific patch numbers or updates were not provided.
ExploitVulnerabilityData Breach
Read Original
Opto 22 groov View

All CISA Advisories

The article discusses a vulnerability in Opto 22's groov View that allows for the exposure of sensitive information through metadata, potentially leading to credential and key exposure as well as privilege escalation. This vulnerability, assigned CVE-2025-13084, has a CVSS v4 score of 6.1 and affects multiple versions of groov View, necessitating immediate remediation to mitigate risks.

Impact: Affected products include: groov View Server for Windows (Versions R1.0a to R4.5d), GRV-EPIC-PR1 Firmware (Versions prior to 4.0.3), GRV-EPIC-PR2 Firmware (Versions prior to 4.0.3). Vendor: Opto 22.
Remediation: Opto 22 recommends upgrading to groov View Server for Windows Version R4.5e and GRV-EPIC Firmware Version 4.0.3. Additionally, CISA advises minimizing network exposure for control system devices, using firewalls, securing remote access with VPNs, and performing impact analysis and risk assessment before deploying defensive measures.
WindowsCVEVulnerabilityPatchUpdatePrivilege Escalation+1 more
Read Original
Opto 22 GRV-EPIC and groov RIO

All CISA Advisories

The Opto 22 GRV-EPIC and groov RIO products are vulnerable to an OS Command Injection flaw that could allow remote attackers to execute arbitrary shell commands with root privileges. This vulnerability, identified as CVE-2025-13087, has a CVSS v4 score of 7.5, indicating a significant risk to affected systems.

Impact: Affected products include GRV-EPIC-PR1 and GRV-EPIC-PR2 (Firmware versions prior to 4.0.3), groov RIO GRV-R7-MM1001-10, GRV-R7-MM2001-10, and GRV-R7-I1VAPM-3 (all with Firmware versions prior to 4.0.3). Vendor: Opto 22.
Remediation: Opto 22 has published a patch to address this vulnerability. Users are recommended to upgrade to GRV-EPIC and groov RIO Firmware Version 4.0.3. Additional defensive measures include minimizing network exposure for control system devices, using firewalls, and employing secure remote access methods like VPNs.
CVEVulnerabilityPatchUpdateCritical
Read Original