Account Takeover Archives • Page 2 of 3 • Daily CyberSecurity

Hackers Abuse “Device Codes” to Bypass Security and Seize Microsoft 365 Accounts Device Code Phishing, Microsoft 365 OAuth

Hackers Abuse “Device Codes” to Bypass Security and Seize Microsoft 365 Accounts

Do Son December 22, 2025

Cybercriminals have found a new way to turn corporate security protocols against themselves, weaponizing a legitimate Microsoft...

Global Spies Use ZipperDown and Android Zero-Days for 1-Click Email Client RCE and Account Takeover Android Zero-Day Espionage, ZipperDown Exploitation

Android Zero-Day Espionage, ZipperDown Exploitation

Global Spies Use ZipperDown and Android Zero-Days for 1-Click Email Client RCE and Account Takeover

Do Son November 5, 2025

The RedDrip team at QiAnXin Threat Intelligence Center has released a new report detailing a multi-year series...

CVE-2025-11833 (CVSS 9.8): Critical Flaw Exposes 400,000 WordPress Sites to Unauthenticated Account Takeover WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

CVE-2025-11833 (CVSS 9.8): Critical Flaw Exposes 400,000 WordPress Sites to Unauthenticated Account Takeover

Do Son November 1, 2025

The Post SMTP plugin, used by over 400,000 WordPress sites to ensure reliable email delivery, has been...

Actively Exploited: Critical Flaw CVE-2025-6388 (CVSS 9.8) Allows Authentication Bypass in WordPress Plugin WordPress Auth Bypass, CVE-2025-6388 Exploited

WordPress Auth Bypass, CVE-2025-6388 Exploited

Actively Exploited: Critical Flaw CVE-2025-6388 (CVSS 9.8) Allows Authentication Bypass in WordPress Plugin

Do Son October 3, 2025

A newly disclosed vulnerability in the Spirit Framework plugin for WordPress has put thousands of websites at...

CVE-2025-59934: Critical Flaw in Formbricks Allows Unauthorized Password Resets via Forged JWT Tokens Formbricks Auth Bypass, CVE-2025-59934

CVE-2025-59934: Critical Flaw in Formbricks Allows Unauthorized Password Resets via Forged JWT Tokens

Do Son September 27, 2025

The Formbricks project, an open-source platform for building in-app and website surveys, has released an urgent patch...

PoC Available: FlowiseAI Flaw (CVE-2025-58434) Allows Full Account Takeover (CVSS 9.8) Flowise Sandbox Escape CVE-2026-46442 Flowise RCE Flowise Auth Bypass, Unauthenticated Registration Flowise RCE, WriteFileTool FlowiseAI, account takeover CVE-2025-58434

Flowise Sandbox Escape CVE-2026-46442 Flowise RCE Flowise Auth Bypass, Unauthenticated Registration Flowise RCE, WriteFileTool FlowiseAI, account takeover CVE-2025-58434

PoC Available: FlowiseAI Flaw (CVE-2025-58434) Allows Full Account Takeover (CVSS 9.8)

Do Son September 15, 2025

The open-source generative AI development platform FlowiseAI, widely used for building AI agents and LLM workflows, has...

PgAdmin Flaw Exposes Accounts to OAuth Hijacking Attacks CVE-2024-2044 pgAdmin, OAuth vulnerability

PgAdmin Flaw Exposes Accounts to OAuth Hijacking Attacks

Do Son September 8, 2025

The developers of pgAdmin, the most widely used open-source administration and development platform for PostgreSQL, have patched...

Security Flaws in Frappe Framework Expose Self-Hosted ERPNext Users to Takeovers, XSS, and SQL Injection Frappe Framework, Critical Vulnerabilities

Frappe Framework, Critical Vulnerabilities

Security Flaws in Frappe Framework Expose Self-Hosted ERPNext Users to Takeovers, XSS, and SQL Injection

Do Son July 2, 2025

The Frappe Framework, a widely used full-stack application platform that powers ERPNext, has been found vulnerable to...

Urgent WordPress Alert: Motors Theme Flaw (CVE-2025-4322) Actively Exploited for Site Takeover PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

Urgent WordPress Alert: Motors Theme Flaw (CVE-2025-4322) Actively Exploited for Site Takeover

Do Son June 20, 2025

Last month, a critical vulnerability was reported to Wordfence that now threatens more than 22,000 WordPress websites...

WordPress AI Engine Flaw (CVE-2025-5071): Critical Bug Allows Subscriber-Level Account Takeover WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

WordPress AI Engine Flaw (CVE-2025-5071): Critical Bug Allows Subscriber-Level Account Takeover

Do Son June 19, 2025

Security researchers at Wordfence have uncovered a vulnerability in the popular AI Engine plugin for WordPress, which...

TeamFiltration Weaponized: UNK_SneakyStrike Campaign Targets 80,000+ Microsoft Entra ID Accounts

Do Son June 13, 2025

According to a new report by Proofpoint, attackers are now actively exploiting the TeamFiltration penetration testing framework...

Urgent GitLab Security Alert: High-Severity Flaws Allow Account Takeover & Code Injection! GitLab Security, High-Severity Flaws

Urgent GitLab Security Alert: High-Severity Flaws Allow Account Takeover & Code Injection!

Do Son June 12, 2025

GitLab has issued urgent security updates for its Community Edition (CE) and Enterprise Edition (EE), addressing a...

CVSS 9.8: Backend.AI Critical Flaw Allows Account Takeover via PoC, No Patch Available Backend.AI Vulnerability

CVSS 9.8: Backend.AI Critical Flaw Allows Account Takeover via PoC, No Patch Available

Do Son June 11, 2025

Security researchers at HiddenLayer have disclosed a critical privilege escalation vulnerability in Backend.AI, a widely used container-based...

Critical 9.8 CVSS Flaw: Unpatched PayU CommercePro Plugin Allows Admin Account Takeover! PayU CommercePro, Account Takeover

Critical 9.8 CVSS Flaw: Unpatched PayU CommercePro Plugin Allows Admin Account Takeover!

Do Son June 9, 2025

A severe vulnerability in the PayU CommercePro plugin for WordPress, which has over 5,000 active installations, allows...

ZITADEL Flaw: Host Header Injection Risks Account Takeover (Password Reset) ZITADEL vulnerability Account takeover

ZITADEL Flaw: Host Header Injection Risks Account Takeover (Password Reset)

Do Son May 30, 2025

ZITADEL, a modern identity and access management platform, has patched a critical vulnerability in its password reset...

Critical WSO2 Flaw: Unauthenticated Account Takeover Risk (CVSS 9.8) WSO2 vulnerability, account takeover

Critical WSO2 Flaw: Unauthenticated Account Takeover Risk (CVSS 9.8)

Do Son May 26, 2025

A recently disclosed vulnerability in WSO2 products, identified as CVE-2024-6914, poses a severe security threat to organizations...

High-Risk RAGFlow Flaw: Account Takeover Possible (No Patch, PoC Available)

Do Son May 20, 2025

RAGFlow, the open-source Retrieval-Augmented Generation (RAG) platform developed by Infiniflow, has been found vulnerable to a serious...

AiTM Attacks Bypass MFA Despite Widespread Adoption cyber

AiTM Attacks Bypass MFA Despite Widespread Adoption

Do Son May 4, 2025

Despite widespread adoption of multi-factor authentication (MFA) as a critical safeguard against unauthorized access, cybercriminals are once...

GitLab Releases Security Update to Patch XSS and Account Takeover Flaws GitLab security, GitLab vulnerability

GitLab Releases Security Update to Patch XSS and Account Takeover Flaws

Do Son April 24, 2025

GitLab has issued a security advisory urging users to upgrade their self-managed GitLab installations immediately. The advisory...

Russian Hackers Abuse Microsoft 365 OAuth in Sophisticated Phishing Attacks OAuth Phishing Microsoft 365 OAuth

Russian Hackers Abuse Microsoft 365 OAuth in Sophisticated Phishing Attacks

Do Son April 24, 2025

Volexity has identified a series of advanced social engineering operations by suspected Russian threat actors targeting Microsoft...

Critical Alert 1 Active Exploit Detected Today