Skip to main content

Tag: session hijacking

7 articles

Person working at desk with laptop and papers in modern office setting.

Writer AI Flaw Exposes Session Tokens Across Tenants

A critical flaw in Writer AI, dubbed WriteOut, could let an outsider hijack any account and take over an entire organization with just a single link - no login credentials required. This shocking vulnerability highlights the urgent need for robust security measures in AI-powered platforms.

Analyst 207
Cluttered home office with laptop and scattered papers in dim light.

SilabRAT Trojan Targets Crypto Wallets with Session Hijacking

Meet SilabRAT, a sneaky Trojan that's been sold as a malware-as-a-service on dark web forums since late 2025, allowing cybercrooks to hijack crypto wallet sessions and swipe funds. For just $5,000 a month, attackers can get their hands on this powerful tool and start targeting unsuspecting crypto wallet users.

Analyst 207
Rows of rack-mounted servers with a network administrator in the background.

phpBB Flaw Enables Instant Account Takeover

A single HTTP request can give an attacker instant access to any user's account, including administrator accounts, without needing a password - a vulnerability rated 9.4 on the CVSS scale that's affecting phpBB versions up to 3.3.16 and 4.0.0 alpha.

Analyst 207
Person interacting with laptop and smartphone at a cluttered desk.

Device Security Must Complement Identity to Thwart Modern Threats

Authentication is no longer enough to guarantee security - even with multi-factor authentication in place, phishing kits can capture session tokens, allowing attackers to bypass security checks undetected. As a result, device security must step up to complement identity and prevent modern threats.

Analyst 207
Person sits in dimly lit room with laptop displaying maze and tracking symbol, surrounded by cityscapes and financial…

Taboola Exploits Banking Sessions to Route Users to Temu Tracking Endpoint

Imagine a single line of code secretly redirecting people logged into their bank accounts to a commercial tracking site - that's what happened when a bank unknowingly approved a Taboola pixel that sent users to a Temu tracking endpoint. This sneaky exploit slipped past security controls, leaving both the bank and its users none the wiser.

Analyst 207
Person in shadows hovers over laptop keyboard with eerie screen glow in dimly lit cityscape.

Storm Infostealer Exploits Server-Side Decryption for Session Hijacking

Imagine if hackers could hijack your online sessions, bypassing even the strongest passwords and multifactor protections - a new infostealer called Storm makes this a chilling reality by exploiting server-side decryption to steal sensitive browser data. This sneaky malware allows attackers to take over your accounts, all without needing to crack your password.

Analyst 207
Person sits in dimly lit room with multiple screens displaying ghostly windows, one laptop screen showing secure login…

Google Deploys DBSC in Chrome to Thwart Windows Session Hijacking

Google just flipped the switch on Device Bound Session Credentials (DBSC) for Chrome users on Windows, giving millions a major security boost against session hijacking - but what does it mean for you? This game-changing update ties your credentials to your device, making it much harder for hackers to get hold of your online sessions.

Analyst 207