Tag: session hijacking
7 articles

Writer AI Flaw Exposes Session Tokens Across Tenants
A critical flaw in Writer AI, dubbed WriteOut, could let an outsider hijack any account and take over an entire organization with just a single link - no login credentials required. This shocking vulnerability highlights the urgent need for robust security measures in AI-powered platforms.

SilabRAT Trojan Targets Crypto Wallets with Session Hijacking
Meet SilabRAT, a sneaky Trojan that's been sold as a malware-as-a-service on dark web forums since late 2025, allowing cybercrooks to hijack crypto wallet sessions and swipe funds. For just $5,000 a month, attackers can get their hands on this powerful tool and start targeting unsuspecting crypto wallet users.

phpBB Flaw Enables Instant Account Takeover
A single HTTP request can give an attacker instant access to any user's account, including administrator accounts, without needing a password - a vulnerability rated 9.4 on the CVSS scale that's affecting phpBB versions up to 3.3.16 and 4.0.0 alpha.

Device Security Must Complement Identity to Thwart Modern Threats
Authentication is no longer enough to guarantee security - even with multi-factor authentication in place, phishing kits can capture session tokens, allowing attackers to bypass security checks undetected. As a result, device security must step up to complement identity and prevent modern threats.
Taboola Exploits Banking Sessions to Route Users to Temu Tracking Endpoint
Imagine a single line of code secretly redirecting people logged into their bank accounts to a commercial tracking site - that's what happened when a bank unknowingly approved a Taboola pixel that sent users to a Temu tracking endpoint. This sneaky exploit slipped past security controls, leaving both the bank and its users none the wiser.

Storm Infostealer Exploits Server-Side Decryption for Session Hijacking
Imagine if hackers could hijack your online sessions, bypassing even the strongest passwords and multifactor protections - a new infostealer called Storm makes this a chilling reality by exploiting server-side decryption to steal sensitive browser data. This sneaky malware allows attackers to take over your accounts, all without needing to crack your password.

Google Deploys DBSC in Chrome to Thwart Windows Session Hijacking
Google just flipped the switch on Device Bound Session Credentials (DBSC) for Chrome users on Windows, giving millions a major security boost against session hijacking - but what does it mean for you? This game-changing update ties your credentials to your device, making it much harder for hackers to get hold of your online sessions.