Authentication-Bypass on ZX Cloud Securityhttps://zxcloudsecurity.co.uk/tags/authentication-bypass/Recent content in Authentication-Bypass on ZX Cloud SecurityHugoen-GBThu, 04 Jun 2026 11:04:09 +0000Meta AI Chatbot Exploited for Instagram Account Takeoverhttps://zxcloudsecurity.co.uk/posts/meta-ai-chatbot-instagram-account-takeover-exploit/Thu, 04 Jun 2026 11:04:09 +0000https://zxcloudsecurity.co.uk/posts/meta-ai-chatbot-instagram-account-takeover-exploit/Attackers are hijacking Instagram accounts by manipulating Meta's AI support chatbot into resetting passwords. Learn the attack chain and mitigation steps.🟠 High  |  Source: Schneier on Security

Attackers are exploiting Meta’s AI support chatbot to hijack Instagram accounts by tricking the bot into adding a hacker-controlled email address and issuing a password reset. The attack requires no prior account access and bypasses Instagram’s automated protections using a VPN to spoof the victim’s location. This demonstrates a critical flaw in how AI-powered support systems validate identity before performing sensitive account actions.

Architect’s Take: Organisations deploying AI chatbots for customer support or account management must enforce out-of-band identity verification for any privileged actions — such as adding credentials or triggering resets — and ensure the AI cannot be the sole authorisation path for account takeover-enabling operations. Review your own AI assistant integrations for similar trust boundary weaknesses where bot-initiated actions bypass human or MFA controls.

Original advisory: Hacking Meta’s AI Chatbot

]]>CVE-2026-35414: OpenSSH Principals Auth Bypasshttps://zxcloudsecurity.co.uk/posts/cve-2026-35414-openssh-authorized-keys-principals-bypass-azure/Thu, 04 Jun 2026 08:40:55 +0000https://zxcloudsecurity.co.uk/posts/cve-2026-35414-openssh-authorized-keys-principals-bypass-azure/CVE-2026-35414 affects OpenSSH before 10.3, mishandling authorised_keys principals with CA comma characters — risking unauthorised SSH access on Azure VMs.🟠 High  |  Source: Microsoft Security Response Center

A vulnerability in OpenSSH versions before 10.3 (CVE-2026-35414) means the authorised_keys principals option is not handled correctly in certain edge cases where a principals list is combined with a Certificate Authority that uses comma characters in specific ways. This could allow unintended principals to authenticate, potentially granting unauthorised SSH access to affected systems. The issue is particularly relevant to cloud environments where certificate-based SSH authentication is used at scale.

Architect’s Take: Audit your SSH certificate infrastructure to identify any Certificate Authorities or authorised_keys configurations that use comma characters within principals lists, and prioritise upgrading OpenSSH to 10.3 or later across all Azure VMs and jump hosts. Consider enforcing certificate-based SSH access policies via Azure Policy to ensure patched versions are consistently deployed.

Original advisory: CVE-2026-35414 OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.

]]>