Account Takeover Archives • Daily CyberSecurity

Keys to the Kingdom: Critical 9.9 CVSS Budibase Flaw Allows Total Tenant Takeover bui

Keys to the Kingdom: Critical 9.9 CVSS Budibase Flaw Allows Total Tenant Takeover

Do Son May 20, 2026

Budibase, the popular open-source operations platform known for saving engineers hundreds of hours building secure Agents, Apps,...

Sentry’s 9.1 CVSS SSO Flaw Lets Attackers “Link” Their Way Into Your Account Sentry SAML SSO Bypass CVE-2026-42354

Sentry’s 9.1 CVSS SSO Flaw Lets Attackers “Link” Their Way Into Your Account

Do Son May 4, 2026

Sentry, the widely used application monitoring and error-tracking platform, has disclosed a critical vulnerability in its SAML...

CVE-2026-29200: A 9.9 CVSS Comet Backup Flaw Granting Total Cross-Tenant Takeover Comet Backup RCE vulnerability CVE-2026-32999 patch Comet Backup IDOR Cross-Tenant Takeover

Comet Backup RCE vulnerability CVE-2026-32999 patch Comet Backup IDOR Cross-Tenant Takeover

CVE-2026-29200: A 9.9 CVSS Comet Backup Flaw Granting Total Cross-Tenant Takeover

Do Son May 4, 2026

Comet Backup, a prominent provider of secure backup software for IT professionals and global businesses, has issued...

40,000+ Sites Exposed: Critical 9.8 CVSS Flaw Grants Total WordPress Account Takeover WordPress Account Takeover CVE-2026-7567

40,000+ Sites Exposed: Critical 9.8 CVSS Flaw Grants Total WordPress Account Takeover

Do Son May 2, 2026

A security vulnerability has been identified in Temporary Login, a popular WordPress plugin designed to provide secure,...

No Patch Available: The CVSS 10 Flaw Turning AVideo into an Attacker’s Playground AVideo RCE YPTSocket Vulnerability AVideo Vulnerabilities Streaming Platform Security AVideo Vulnerabilities CVE-2026-28501

AVideo RCE YPTSocket Vulnerability AVideo Vulnerabilities Streaming Platform Security AVideo Vulnerabilities CVE-2026-28501

No Patch Available: The CVSS 10 Flaw Turning AVideo into an Attacker’s Playground

Do Son April 15, 2026

AVideo, a versatile video streaming platform popular among content creators and businesses for hosting and monetizing content,...

Attackers Weaponize Mailbox Rules to Control Your Inbox M365 Persistence Malicious Mailbox Rules

Attackers Weaponize Mailbox Rules to Control Your Inbox

Do Son April 15, 2026

In the modern landscape of Microsoft 365 security, the most dangerous threat might not be a sophisticated...

Cisco Issues Urgent Patch for Critical IMC Auth Bypass: A CVSS 9.8 Wake-Up Call Cisco IMC Vulnerability CVE-2026-20093 CVE-2024-20401 Cisco IOS XE Privilege Escalation

Cisco IMC Vulnerability CVE-2026-20093 CVE-2024-20401 Cisco IOS XE Privilege Escalation

Cisco Issues Urgent Patch for Critical IMC Auth Bypass: A CVSS 9.8 Wake-Up Call

Do Son April 2, 2026

A newly discovered vulnerability has turned the Cisco Integrated Management Controller (IMC) into a potential backdoor. Tracked...

Dutch Intelligence Warning: Russian State Actors Targeting Signal and WhatsApp WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware

WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware

Dutch Intelligence Warning: Russian State Actors Targeting Signal and WhatsApp

Do Son March 10, 2026

In a significant Cybersecurity Advisory released in March 2026, the Netherlands Defence Intelligence and Security Service (MIVD)...

1-Click to Compromise: Critical 9.3 CVSS Flaw in ZITADEL Exposes Accounts to Full Takeover ZITADEL Vulnerability CVE-2026-29191 CVE-2025-27507 ZITADEL SSRF, Login UI Hijack

ZITADEL Vulnerability CVE-2026-29191 CVE-2025-27507 ZITADEL SSRF, Login UI Hijack

1-Click to Compromise: Critical 9.3 CVSS Flaw in ZITADEL Exposes Accounts to Full Takeover

Do Son March 9, 2026

Security researchers have disclosed a high-severity vulnerability in ZITADEL, the popular open-source identity and access management (IAM)...

Critical Flaws in Vikunja Expose Users to Persistent Account Takeovers Vikunja Persistent Takeover CVE-2026-28268

Critical Flaws in Vikunja Expose Users to Persistent Account Takeovers

Do Son March 2, 2026

Vikunja is a popular open-source, self-hostable to-do application designed to help users organize their tasks using list,...

Critical XSS Flaw in RustFS Exposes S3 Storage to Total Admin Account Takeovers RustFS XSS Vulnerability CVE-2026-27822

Critical XSS Flaw in RustFS Exposes S3 Storage to Total Admin Account Takeovers

Do Son February 27, 2026

RustFS is an open-source, high-performance distributed object storage system that is built in the Rust programming language....

Algorithm Confusion: Critical 9.1 Flaw in Parse Server Allows Instant Google Account Takeover CVE-2023-36475 Parse Server JWT Bypass CVE-2026-27804

CVE-2023-36475 Parse Server JWT Bypass CVE-2026-27804

Algorithm Confusion: Critical 9.1 Flaw in Parse Server Allows Instant Google Account Takeover

Do Son February 26, 2026

Parse Server, a widely used open-source backend designed to be deployed on any infrastructure running Node.js and...

“CL Suite” Deception: Malicious Chrome Extension Steals 2FA Secrets and Meta Business Data CL Suite Malicious Extension Meta Business Suite Security

CL Suite Malicious Extension Meta Business Suite Security

“CL Suite” Deception: Malicious Chrome Extension Steals 2FA Secrets and Meta Business Data

Do Son February 17, 2026

A malicious Google Chrome extension posing as a productivity tool for Meta Business Suite has been caught...

Telegram Phishing Campaign Hijacks Accounts by Abusing Trust Telegram Phishing Account Takeover

Telegram Phishing Campaign Hijacks Accounts by Abusing Trust

Do Son February 13, 2026

A new phishing campaign is targeting Telegram users by turning the platform’s own security features into a...

High-Severity IDOR Flaw Lets Admins Hijack TP-Link Omada Owner Accounts

Do Son January 29, 2026

TP-Link has issued a security advisory regarding multiple vulnerabilities discovered in its Omada Controller software, a popular...

CVE-2025-15521 (CVSS 9.8): Critical Academy LMS Flaw Exploited for Admin Takeover Academy LMS Vulnerability CVE-2025-15521

CVE-2025-15521 (CVSS 9.8): Critical Academy LMS Flaw Exploited for Admin Takeover

Do Son January 22, 2026

A critical security vulnerability has been unearthed in the Academy LMS plugin for WordPress, a popular tool...

One API Call to Hijack: Critical Cal.com Flaw (CVE-2026-23478, CVSS 10) Bypasses 2FA Cal.com Vulnerability CVE-2026-23478 Cal.com Auth Bypass, TOTP Logic Flaw

Cal.com Vulnerability CVE-2026-23478 Cal.com Auth Bypass, TOTP Logic Flaw

One API Call to Hijack: Critical Cal.com Flaw (CVE-2026-23478, CVSS 10) Bypasses 2FA

Do Son January 15, 2026

A critical security vulnerability has been found in Cal.com, the popular open-source scheduling platform used by individuals...

Critical Appsmith Flaw CVE-2026-22794 Allows Account Takeover CVE-2026-24042 Appsmith Vulnerability CVE-2026-22794

Critical Appsmith Flaw CVE-2026-22794 Allows Account Takeover

Do Son January 14, 2026

A critical vulnerability has been discovered in Appsmith, the popular open-source platform used by organizations to build...

Zero-Click Hijack: The PrestaShop Checkout Flaw That Turns Emails Into Full Account Access, PoC Publishes CVE-2023-39526 PrestaShop

Zero-Click Hijack: The PrestaShop Checkout Flaw That Turns Emails Into Full Account Access, PoC Publishes

Do Son January 5, 2026

A critical vulnerability in the widely used PrestaShop e-commerce platform has been analyzed by vulnerability researcher Ananda...

Search Engine “Malvertising” Ring Disrupted: DOJ Seizes Backend of $14.6 Million Bank Fraud Scheme

Do Son December 24, 2025

A sprawling cybercrime operation that weaponized trusted search engines to drain millions from American bank accounts has...

Critical Alert 1 Active Exploit Detected Today