Session Hijacking Archives • Daily CyberSecurity

Bypassing MFA: Gremlin Stealer Evolves into Advanced Memory-Resident Session Hijacker Gremlin Stealer Unit 42 Session Hijacking Malware

Bypassing MFA: Gremlin Stealer Evolves into Advanced Memory-Resident Session Hijacker

Do Son May 21, 2026

Information stealers are no longer just basic, entry-level scripts designed to lift saved passwords from standard browser...

The AI-Powered Cybercrime Factory: Unmasking the Bluekit “All-in-One” Phishing Revolution Bluekit Phishing AI-Powered Phishing

The AI-Powered Cybercrime Factory: Unmasking the Bluekit “All-in-One” Phishing Revolution

Do Son May 5, 2026

Security researchers at Varonis Threat Labs have dissected a new, all-in-one phishing platform dubbed Bluekit that is...

Mailcow Critical Alert: Unauthenticated XSS Threatens Admin Takeover mailcow XSS CVE-2026-40872

Mailcow Critical Alert: Unauthenticated XSS Threatens Admin Takeover

Do Son April 23, 2026

The popular open-source groupware suite mailcow: dockerized is facing a high-stakes security challenge. A critical Stored Cross-Site...

ClickFix 2026: New AppleScript Malware Held macOS Users Hostage for Passwords ClickFix macOS Terminal Infostealer

ClickFix 2026: New AppleScript Malware Held macOS Users Hostage for Passwords

Do Son April 23, 2026

A sophisticated cross-platform social engineering campaign, dubbed ClickFix, has evolved to target macOS users with a relentless...

GitLab Security Update: High-Severity Vulnerabilities Patched in April Release GitLab security updates, GitLab patch release, CVE-2026-6552, CVE-2026-10087, CVE-2026-7250 GitLab Security Update May 2026 GitLab XSS and DoS Vulnerabilities GitLab Security Session Hijacking GitLab Security Update, CI/CD Vulnerability GitLab DoS, Security Update bypassing SAML - CVE-2024-8312 and CVE-2024-6826

GitLab security updates, GitLab patch release, CVE-2026-6552, CVE-2026-10087, CVE-2026-7250 GitLab Security Update May 2026 GitLab XSS and DoS Vulnerabilities GitLab Security Session Hijacking GitLab Security Update, CI/CD Vulnerability GitLab DoS, Security Update bypassing SAML - CVE-2024-8312 and CVE-2024-6826

GitLab Security Update: High-Severity Vulnerabilities Patched in April Release

Do Son April 22, 2026

GitLab has released a vital set of security updates for both Community Edition (CE) and Enterprise Edition...

JanelaRAT Uses Fake Windows Updates to Empty LATAM Bank Accounts JanelaRAT LATAM Banking Malware

JanelaRAT Uses Fake Windows Updates to Empty LATAM Bank Accounts

Do Son April 15, 2026

In the diverse ecosystem of Latin American cybercrime, one threat continues to refine its ability to peer...

FBI and Indonesian Authorities Dismantle Prolific “W3LL” Phishing Empire W3LL Phishing Kit MFA Bypass Takedown

FBI and Indonesian Authorities Dismantle Prolific “W3LL” Phishing Empire

Do Son April 15, 2026

The FBI Atlanta Field Office, in a first-of-its-kind joint investigation with Indonesian law enforcement, has successfully dismantled...

108 Coordinated Chrome Extensions Hijack Your Private Telegram Sessions Chrome Extension Malware Telegram Session Hijacking

108 Coordinated Chrome Extensions Hijack Your Private Telegram Sessions

Do Son April 15, 2026

Socket’s Threat Research Team identified 108 malicious Chrome extensions operating as a coordinated campaign under a shared...

Hardware-Locked: How Chrome’s New DBSC Makes Stolen Cookies Worthless Device Bound Session Credentials (DBSC) Session Hijacking Prevention

Hardware-Locked: How Chrome’s New DBSC Makes Stolen Cookies Worthless

Do Son April 14, 2026

In a major escalation of the war against credential-harvesting malware, the Google Account Security team has officially...

The Billion-Dollar Invite: How UNC1069’s Fake Meetings Hijack Crypto Fortunes UNC1069 Phishing BlueNoroff Crypto Theft

The Billion-Dollar Invite: How UNC1069’s Fake Meetings Hijack Crypto Fortunes

Do Son April 14, 2026

The line between a routine business meeting and a financial breach has never been thinner. Between February...

LinkedIn Job Seekers Targeted by Sophisticated “PXA Stealer” Campaign PXA Stealer LinkedIn Job Phishing

LinkedIn Job Seekers Targeted by Sophisticated “PXA Stealer” Campaign

Do Son April 10, 2026

A sophisticated, financially motivated threat campaign is currently sweeping across professional networks, specifically targeting job seekers on...

TikTok for Business Under Siege: New Phishing Campaign Exploits “Login with Google” TikTok for Business Phishing AiTM Phishing Kit

TikTok for Business Under Siege: New Phishing Campaign Exploits “Login with Google”

Do Son April 3, 2026

Researchers at Push Security have identified and blocked a novel campaign targeting TikTok for Business accounts—the very...

CISA Issues Emergency Mandate as Critical 9.3 NetScaler Flaw “Bleeds” Admin Sessions Citrix NetScaler Vulnerability CVE-2026-3055

CISA Issues Emergency Mandate as Critical 9.3 NetScaler Flaw “Bleeds” Admin Sessions

Do Son March 31, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability impacting Citrix NetScaler ADC...

Critical 9.6 CVSS OIDC Flaws in OpenBao Turn “Direct Login” Into a Phishing Trap OpenBao Vulnerability OIDC Session Hijacking

Critical 9.6 CVSS OIDC Flaws in OpenBao Turn “Direct Login” Into a Phishing Trap

Do Son March 30, 2026

The OpenBao community, the open-source initiative dedicated to managing and distributing sensitive data like secrets and certificates,...

Zabbix API Vulnerability: High-Severity SQL Injection Threatens Network Monitoring Security Zabbix XSS Vulnerabilities CVE-2026-23926 zabbix - CVE-2024-22116 Zabbix SQL Injection CVE-2026-23921

Zabbix XSS Vulnerabilities CVE-2026-23926 zabbix - CVE-2024-22116 Zabbix SQL Injection CVE-2026-23921

Zabbix API Vulnerability: High-Severity SQL Injection Threatens Network Monitoring Security

Do Son March 26, 2026

A high-severity security vulnerability has been identified in the Zabbix API, a popular open-source monitoring solution used...

The Sandbox Slip: How a Security Audit Unearthed Perplexity’s Exposed Claude Code Tokens Perplexity Computer token leak Perplexity Computer Max

Perplexity Computer token leak Perplexity Computer Max

The Sandbox Slip: How a Security Audit Unearthed Perplexity’s Exposed Claude Code Tokens

Do Son March 14, 2026

Perplexity Computer is a cloud-based computing environment unveiled by the AI search vanguard Perplexity. This system integrates...

Everon OCPP Vulnerability CVE-2026-26288 ASUSTOR ADM Vulnerability CVE-2026-24936 PrismX MX100 Vulnerability Hard-Coded Credentials Advantech Vulnerability CVE-2025-52694 Eaton UPS Companion, CVE-2025-59887 ASUS Router, Authentication Bypass ASUSTOR DLL Hijacking, Privilege Escalation OpenShift AI, Privilege Escalation GoAnywhere vulnerability CVE-2025-10035 LangChainGo, template injection DeepDiff, class pollution ToolShell Sunshine, CSRF Vulnerability KACE SMA, Critical Vulnerabilities Oracle Zero-Days - PDQ Deploy vulnerability

EV Charging Grid Alert: Critical Flaws Exposed in Everon OCPP Backends

Do Son March 5, 2026

Cybersecurity researchers have sounded the alarm on a series of critical vulnerabilities affecting Everon OCPP Backends, the...

Critical Flaws in Vikunja Expose Users to Persistent Account Takeovers Vikunja Persistent Takeover CVE-2026-28268

Critical Flaws in Vikunja Expose Users to Persistent Account Takeovers

Do Son March 2, 2026

Vikunja is a popular open-source, self-hostable to-do application designed to help users organize their tasks using list,...

Critical Undertow Flaw (CVSS 9.6) Strikes HPE Telco Service Activator CVE-2024-42509 & CVE-2024-47460 HPE Aruba Fabric Composer CVE-2026-23592 Aruba AOS-CX CVE-2026-23813