Meta patched a bug in Facebook that could have circumvented two-factor authentication (2FA) using SMS. Discovered by security researcher Manoj Gautam, it exploited a rate-limiting issue in Instagram, enabling an attacker to brute-force a verification pin. The bug, patched within a month of its report, was considered one of Meta’s most significant of 2022, and Gautam received a bounty of $27,200.
China-linked cyberespionage group PlushDaemon used South Korean VPN service to inject malware
A China-linked cyberespionage group known as PlushDaemon has reportedly exploited the VPN service of South Korean provider IPany to spread malware and spy on users.
