News and Events 
If you received an unexpected password reset email from Instagram at the beginning of January 2026, you’re not alone. In early January, many Instagram users reported
A security researcher, Kamil Hismatullin, discovered a major flaw in the YouTube API that allowed people to delete any videos on YouTube.
He was searching for YouTube vulnerabilities to report to Google for a cash reward when he found this code:
POST https://www.youtube.com/live_events_edit_status_ajax?action_delete_live_event=1
event_id: ANY_VIDEO_ID
session_token: YOUR_TOKEN
In order for someone to delete the video, all they had to do was fill in the YouTube video ID. Before fixing the flaw, Google did not check to see whether the person had permissions to delete the video. The vulnerability has since been fixed, and the researcher received a $5,000 reward.
