Commonwealth Sentinel: Cyber Security Consulting

06/04/2026

06/04/2026

Hackers are exploiting a critical privilege escalation vulnerability (CVE-2026-8206) in the Kirki plugin for WordPress to take over any user account, including those belonging to administrators.

06/04/2026

Have you thought about what happens to your online accounts when you're gone? Your movies, music, photos, and apps don't automatically pass to your family. Facebook, Google, Twitter, and Apple all handle it differently, and if you haven't set things up, your digital life could just disappear. Here's what you need to know and what to do about it now.

When you pass on, what happens to your online accounts? In some cases, nothing. They continue to exist ad infinitum. However, for some, they will be deleted.

06/04/2026

How do you fight terrorism online without sacrificing the freedoms that define the internet? "Terror on the Internet" by Gabriel Weimann explores how terrorist groups use the web and what governments have done about it, including actions that drew criticism for potentially violating civil rights. It's a thought-provoking read that's only become more relevant since it was written.

Terror on the Internet tackles fundamental aspects of civil rights (such as privacy or freedom of expression) and public safety against possible cyber threats.

06/03/2026

Ever gotten a notification you didn't expect and just tapped "approve" to make it go away? That's exactly what hackers are counting on. It's called MFA prompt bombing, and it's how attackers got into Uber's network in 2022. They don't crack your security, they just annoy you until you let them in. The good news? MFA still blocks 99% of attacks. You just need to know what to do when your phone starts buzzing for no reason. Here's what to watch for and how to stay safe.

MFA prompt bombing is a growing threat, but multifactor authentication remains one of your best defenses. Here is what changed and what to do about it.

06/03/2026

Hackers took over high-profile Instagram accounts, including the Obama-era White House account, by doing something shockingly simple: they asked Meta's AI support bot to change the email address, then used a code sent to their own inbox to reset the password. That's it. No exploit, no code, just a polite conversation with a chatbot that never checked who it was actually talking to. The good news? Accounts with two-factor authentication turned on were protected. If your Instagram account matters to you or your business, make sure 2FA is enabled right now. It's the difference between safe and compromised.

A prominent victim of the Instagram hacks blamed 'gullible AI bots.' Here's what happened.

06/03/2026

Someone analyzed 16,699 ransomware leak-site posts across 200 groups over two years and asked the question most threat intelligence reports dance around: when does this actually happen? The answer is mundane and useful. Ransomware runs on a workweek, peaks during European office hours, spikes every October, and the operator population is growing fast.

l

16,699 ransomware leak posts over 2 years show 84% drop Monday–Friday, peak at European afternoon hours. October spikes yearly.

06/02/2026

Hackers convinced Meta's AI support bot to hand over access to Instagram accounts. They simply asked the chatbot to link a new email address to a target account, and it did it. No sophisticated exploit, no code, just a conversation. Meta says it's fixed, but it's a clear warning: when companies replace human support with AI systems that have access to account controls, the attack surface changes. AI assistants are powerful, but they can also be manipulated in ways humans wouldn't be. If you use Meta platforms for your business, make sure your account recovery settings are locked down tight.

A series of screenshots and videos revealed the steps taken to override security features and steal accounts, per a report from 404 Media.