Cybersecurity With Sandra
Posts
Cyber News Bytes: What’s Happening in Cybersecurity This Week

Cyber News Bytes: What’s Happening in Cybersecurity This Week

This week's latest cybersecurity news and industry updates

Sandra L
June 09, 2026

Hey friends! It’s been another crazy week for cybersecurity news.

Before we dig into the headlines, a quick note for anyone looking to level up.

If reading about these breaches makes you want to actually build the skills to defend against them, my 5 Technical Cybersecurity Projects course is built for exactly that.

It walks you through five hands-on projects designed to take you from theory to real, resume-ready experience, whether you are just breaking in or sharpening skills you already have.

This is one of the fastest ways to turn what you read here into things you can actually do!

Now, four stories worth your time this week, from a viral Instagram bug exposing the data of high-profile users to a quiet scheme turning living room TVs into web-scraping machines, let’s get into it!

1. Instagram bug exposed user emails and phone numbers, including Zuckerberg's

A logic flaw in Instagram's web-based password reset flow let anyone pull the full, unredacted email address and phone number tied to any account just by starting a reset. The bug exposed contact data for high-profile individuals including Meta CEO Mark Zuckerberg, and Meta deployed an emergency hotfix within hours. The recovery screen was supposed to show only partially masked options, but instead returned fully visible emails and phone numbers.

Why it matters: Exposed emails and phone numbers are the raw material for phishing, SIM-swapping, and social engineering. A small logic error in a routine flow can leak data at scale, which is why account recovery screens deserve the same scrutiny as any login system.

Read more at Cyber Security News

2. Free apps are turning Samsung, LG, and Roku TVs into web-scraping proxies

New research from Include Security found that free apps across major smart TV platforms quietly enroll devices into a commercial residential proxy network used to scrape the web for AI training. The culprit is an SDK from Bright Data, a company that markets the world's largest residential proxy network with more than 150 million IP addresses sourced through software embedded in partner apps. When installed, the SDK turns a connected TV or mobile device into an exit node, routing paying customers' scraping traffic through the user's home internet connection. Consent is buried in a dialog navigated with a TV remote's arrow keys.

Why it matters: Your home connection and bandwidth can become someone else's scraping infrastructure without you ever knowing. It is a reminder that "free" apps often monetize you in ways that never show up on screen, and that consent dialogs designed to be skipped are not real consent.

Read more at The Hacker News

3. OpenAI launches ChatGPT Lockdown Mode to fight prompt injection

OpenAI rolled out a new opt-in security setting built to blunt prompt injection attacks, where hidden malicious instructions in webpages or files trick a model into leaking data. Lockdown Mode is designed to disrupt the final stage of these attacks, the unauthorized transfer of sensitive data to an attacker-controlled destination through outbound network requests. The feature disables live web browsing, agent mode, deep research, image retrieval, Canvas networking, and file downloads, and is available across Free, Go, Plus, Pro, and self-serve Business plans. OpenAI was clear that it is not a silver bullet, since prompt injections can still appear in cached content or uploaded files.

Why it matters: Prompt injection is one of the defining unsolved problems in AI security, and the industry's answer so far is to trade functionality for safety. For anyone building or using AI agents that touch sensitive data, this is the model to study before turning agents loose on real workflows.