Commonwealth Sentinel: Cyber Security Consulting

06/11/2026

Here's a number worth sitting with. A UK bank, Lloyds, reports that two thirds of the fraud its customers experience starts on a Meta platform: Facebook, Instagram, or WhatsApp.

The scams are everyday stuff. Concert tickets, a cheap used car, a rental that looks like a deal. They work because the ads run right next to legitimate ones, and an ad on a trusted platform feels like a stamp of approval. It isn't. Scammers pay for that spot too.

A few habits go a long way. Treat an unsolicited ad promising a hard-to-find deal as untrustworthy until proven otherwise. Pay with a card that offers chargeback protection, never by bank transfer, gift card, or crypto. And be especially careful when a seller wants to move the conversation to WhatsApp. That move off the public platform is a classic scammer play.

Facebook, Instagram, and WhatsApp account for more than two thirds of fraud reports made by Lloyds customers.

06/10/2026

06/10/2026

More than 20,000 Instagram accounts were hijacked, and how it happened is worth a minute of your time.

Attackers didn't crack any code. They asked Meta's AI-powered support bot to send account verification codes to their own email addresses. The bot did exactly that. A human support agent would have stopped it cold.

This is the quiet risk in handing sensitive jobs to AI. A chatbot follows instructions, including the ones it never should. As more companies replace people with these tools, that gap matters.

For your own accounts, the basics still protect you. Turn on a second login step, use a password you don't reuse anywhere else, and be wary of any message asking you to confirm a code you didn't request.

Meta sent out notifications to the affected users, according to This Week in Security, but the incident highlights larger artificial intelligence vulnerabilities.

06/10/2026

Ever wonder what a cyber security consultant actually does? Think of your doctor. They ask questions, run tests, then prescribe what will keep you healthy. We do the same for your network. And having an IT person is not the same as having cyber security. Here is the difference.

As one IT consultant said, “I’m like the general practitioner [in IT]. [Cyber security consultants] are the specialists.”

06/09/2026

We read "Tribe of Hackers: Security Leaders" so you have a place to start. Authors Carey and Jin sat down with 70 cyber security professionals, and the same theme keeps coming up: protecting your systems is not just the IT person's job, it is everyone's. A good read whether you are new to the field or just want to understand it better.

In the “Tribe of Hackers” series, authors Carey and Jin interview 70 cybersecurity professionals to gain their perspectives on the field of cyber security.

06/09/2026

06/09/2026

Adobe just released its monthly batch of security fixes, and this one's big: 123 flaws across 11 products.

Most are rated low priority, so there's no need to panic. But the list includes bugs in Acrobat and Reader, tools a lot of us open every single day, that could let an attacker run code on your computer. A couple of others, in ColdFusion and Campaign Classic, are the kind attackers tend to go after.

Here's the simple move. Turn on automatic updates for your Adobe apps, or open them and install the latest version today. Patching is the least glamorous part of staying safe, and it's also one of the most effective.

Nearly half of the security holes, most allowing arbitrary code ex*****on, have been fixed in Adobe’s Experience Manager product.

06/09/2026

SoFi's Hong Kong arm confirmed a data breach this week, and the detail worth noticing is where it happened. Not at SoFi. At a third-party vendor that held customer data.

This is the quiet pattern behind a lot of breaches. Your information is only as safe as the weakest company you hand it to, and most organizations never think to ask how their vendors protect it.

If your business or office shares customer data with outside providers, it's a fair question to put to them: how do you guard this, and what's your plan if you're breached? In the meantime, the basics still hold. Turn on a second login step where you can, watch for phishing that follows a breach, and keep an eye on your accounts.

SoFi Hong Kong is warning that it suffered a data breach after hackers gained access to a database at a third-party vendor containing customer information.

06/09/2026

Google fixes the fifth actively exploited Chrome zero-day of 2026 https://ift.tt/uGy2MRc

Google fixed a new Chrome zero-day, tracked as CVE-2026-11645, in the V8 JavaScript engine, which is already being exploited in the wild.