🔐 This Week’s Securityish Brief
Instagram denies breach as 17 million account details appear on leak forums
Chinese hackers exploit VMware ESXi zero day flaws to escape virtual machines
ZombieAgent exploit shows how AI agents can be hijacked silently
Kimwolf Android botnet abuses home networks through proxy apps
Instagram data leak scare and password reset chaos
Breach
🔐 The Securityish Brief: A dataset with more than 17M Instagram profiles appeared on leak forums with emails, addresses, and contact details. Meta denies a breach and attributes the exposure to past scraping and a now-fixed password reset bug.
🔍 The Breakdown:
The leaked dataset reportedly holds 17,017,213 account profiles with usernames, emails, and physical addresses but no passwords.
Researchers say the data likely comes from large scale scraping against Instagram APIs in 2022, not a fresh break in to Meta’s core systems.
A now fixed bug let outsiders trigger Instagram password reset emails in bulk, which helped confirm that many contact details were real.
People are seeing waves of unexpected reset emails and texts, which attackers can use to scare users into handing over codes.
📢 Why it matters: Even without passwords, a list of names, emails, phone numbers, and addresses tied to Instagram handles is perfect fuel for phishing, password reset scams, and SIM swap attempts that can reach far beyond Instagram into your email, bank, and cloud accounts.
🛡️ What You Should Do: Use an authenticator app for two factor login on Instagram, ignore any password reset messages you did not start yourself, and change your Instagram password plus your email password if you see logins or alerts you do not recognize.
Chinese hackers exploit VMware ESXi zero day flaws to escape virtual machines
Vulnerability
🔐 The Securityish Brief: Chinese speaking hackers used three VMware ESXi zero day flaws to escape from guest virtual machines to the host system after first getting in through a compromised SonicWall VPN. Huntress found and stopped the attack in December before it could turn into a full ransomware incident.
🔍 The Breakdown:
The bugs allow memory leaks and code execution in the ESXi virtual machine process.
Attackers used a hacked SonicWall VPN appliance for initial access, then ran a toolkit that disabled guest protections and loaded an unsigned kernel driver.
A backdoor called VSOCKpuppet gave persistent access over a special VM to hypervisor channel that many monitoring tools do not inspect.
The toolset likely existed many months before the flaws were publicly disclosed, which means others may have used similar exploits quietly.
📢 Why it matters: If an attacker reaches the ESXi hypervisor, they can potentially take over many virtual machines at once, which turns one mistake on a VPN or management interface into a whole data center problem for backups, databases, and internal apps.
🛡️ What You Should Do: Patch ESXi to the latest version, lock down and monitor VPN appliances closely, and review logging and alerts around virtualization hosts so any unusual management actions stand out quickly.
ZombieAgent shows how OpenAI style AI agents can be turned into silent data thieves
AI Risk
🔐 The Securityish Brief: Radware disclosed a zero click attack pattern called ZombieAgent that targets OpenAI’s Deep Research agent and lets attackers plant hidden rules in the agent’s memory. Those rules can silently run later whenever the agent is used, with all the activity happening inside OpenAI cloud systems instead of on your laptop or phone.
🔍 The Breakdown:
ZombieAgent is an indirect prompt injection technique that works without the victim clicking anything after the initial compromise.
Malicious instructions live in the agent’s long term memory and can quietly collect data or trigger actions across connected tools.
Because the work happens in the provider’s cloud environment, there may be no endpoint logs or obvious network traces for defenders to follow.
Radware has not seen live exploitation yet, but the method is simple enough that real world attacks are considered likely.
📢 Why it matters: AI agents that can read email, update tickets, or touch cloud systems often have more access than a normal user, so a hidden rule inside an agent can quietly leak customer data or change records over time without any single dramatic event that triggers alarms.
🛡️ What You Should Do: Limit what AI agents are allowed to access, ask your vendors how they log and audit agent actions, and treat AI incident response as a real scenario you plan and test for instead of a theoretical risk.
Kimwolf Android botnet grows fast by abusing residential proxy networks
Botnet
🔐 The Securityish Brief: The Kimwolf Android botnet has taken over more than two million devices by abusing residential proxy networks and exposed Android Debug Bridge services on things like cheap TV boxes. Many of those gadgets were likely already compromised before customers even took them out of the box.
🔍 The Breakdown:
Kimwolf is an Android variant of the Aisuru malware and uses residential proxies to reach devices on internal home and office networks.
Researchers found that about two thirds of Android devices in one proxy pool allowed unauthenticated remote access, which made infection easy.
Compromised devices are used for distributed denial of service attacks, proxy resale, and paid app installation schemes.
Infection is especially common in regions like Vietnam, Brazil, India, and Saudi Arabia where low cost Android TV boxes are widely sold.
Synthient and others observed Kimwolf generating up to 12 million unique IP addresses per week, which shows how broad the scanning and abuse has become.
📢 Why it matters: A compromised streaming box or Android device on your home network can be part of large attack campaigns and may also give attackers a path toward other devices like laptops, routers, or work from home systems.
🛡️ What You Should Do: Favor Android devices that are Google Play Protect certified, avoid very cheap unbranded TV boxes, and if a device is flagged as part of Kimwolf strongly consider resetting it to factory settings or retiring it entirely.
📰 Other Trending Articles
💡 Tip Of The Week
Turn on app based two factor authentication for your most important accounts, especially email and social media, because it makes password reset scams and stolen password dumps far less useful to attackers and you can usually enable it in a few minutes from the security or login settings page in each app.
🧠 Key Terms & Concepts
API leak: When someone pulls large amounts of data from an online service through its programming interface instead of breaking in directly, for example scraping millions of public profiles faster than normal users ever could.
Zero day vulnerability: A software flaw that attackers can use before a patch or fix is available, such as the ESXi bugs that allowed hackers to escape from virtual machines to the host.
Indirect prompt injection: A way to hide malicious instructions in content an AI agent later reads, which then causes it to follow the attacker’s rules without any obvious user command.
Botnet: A network of hacked devices controlled by an attacker, like Kimwolf using many Android TV boxes to launch denial of service attacks or resell proxy access.
