From the hacker recovery cases I’ve handled here on X lately, this is getting worse every day. It’s not just Meta AI exploits. Every major social media platform people use to connect with friends & family plus gaming platforms too are prime targets. Hackers steal session cookies and gain full instant access, bypassing strong passwords 2FA. No login prompts needed. Anything connected to the internet that holds your personal information can be hacked. Has this happened to you again recently? Comment HI if you’ve been a victim. Clear cookies often, use session isolation, and stay alert. #CyberSecurity #SessionHijacking #OnlineSafety #Hacked

#CyberWhisper #CyberSecurity #SessionHijacking

A critical MCP Toolbox vulnerability exposes enterprise databases. Learn how this security flaw allows session hijacking and how to fix it. #MCPToolbox #Cybersecurity #SessionHijacking #Infosec #DatabaseSecurity securityonline.info/mcp-tool…

🚨 STRATEGIC CYBER INTELLIGENCE ALERT: EXPOSURE OF ACADEMIC DATA AND SESSIONS DUE TO A VULNERABILITY IN THE GRAPHQL API — CNFDI (FRANCE) 🇫🇷 ⚠️ THE "#LUNARISSEC" COLLECTIVE EXPOSES A CONFIGURATION FLAW WITH THE RISK OF ACCOUNT KIDNAPPING [STATUS: / UNCONFIRMED, VISUAL EVIDENCE] Through proactive monitoring of vulnerability disclosure channels and offensive cybersecurity platforms, a critical vulnerability affecting the Centre National Privé de Formation à Distance (CNFDI) in France was detected on May 27, 2026, specifically on its virtual campus platform (campus.cnfdi.com). The LunarisSec collective, identified as m0rphyn and pwn2d, under the LunarisSec banner, has disclosed the successful exploitation of a vulnerability in the campus GraphQL API interface. The published proof-of-concept (PoC) evidence demonstrates that the attackers were able to bypass authorization controls to directly query the database of users, sessions, and email logs. 🛡️ MITIGATIONS AND PREVENTIVE RECOMMENDATIONS 🛑 Disable Introspection in Production: CNFDI should immediately disable GraphQL introspection (graphql-introspection) in its production environment, limiting API schema visibility to authorized developers. 🔒 Implement Authorization in Resolvers: Configure strict field-level authorization policies in GraphQL schemas, ensuring that queries to session, registration, and mail nodes strictly require valid authentication tokens with system administrator privileges. #CyberSecurity #DataBreach #France #CNFDI #GraphQL #LunarisSec #APIvulnerability #SessionHijacking #FinancialFraud #ThreatIntelligence #CyberAlert #VECERT #Infosec #ConfirmedPoC

🚨 STRATEGIC CYBERINTEL ALERT: POTENTIAL DATABASE DISTRIBUTION FOR FINANCIAL FRAUD PURPOSES — "UNIVERSITY OF BRAZIL" 🇧🇷 ⚠️ THREAT ACTOR "Rufasx" IS SELLING CPFs, PAYMENT IDs, AND ACTIVE SESSION TOKENS [STATUS: UNDER INVESTIGATION / UNCONFIRMED] Through the monitoring of Telegram channels, an advertisement has been detected offering for sale a database belonging to an unspecified academic institution operating under the generic name "University of Brazil." The threat actor has published data samples in spreadsheet format that expose critical information regarding applicants or students. The most alarming aspect of the advertisement is the explicit intent to facilitate financial fraud, as the seller specifically promotes the utility of the personal documents (CPFs) "for loans" and offers session tokens that allow for direct access to institutional portals. 🎯 Affected Entity: Higher education institution in Brazil (Education Sector / "University of Brazil"). 👤 Threat Actor: Rufasx 📂 Incident Type: Database Sale, Financial Identity Theft, Session Hijacking. ⚠️ Verification Status: UNVERIFIED. The attached screenshots display rows of data that appear genuine and consistent with Brazilian demographics, including Names, CPFs (valid in their numerical format), and UUID strings corresponding to session tokens. 📊 TECHNICAL BREAKDOWN AND IMPACT VECTORS Forensic analysis of the sample images reveals structured columns indicating a deep-seated breach, possibly originating from the university's admissions system or payment portal: 🪪 Exposure of Financial Identity (CPF): The CPF (Cadastro de Pessoas Físicas) column contains the unique tax identification document that is fundamental in Brazil. Financial Attack Vector: The actor highlights that this data is useful "for loans." With a full name and CPF number, cybercriminals can apply for student loans (such as FIES), open "mule" bank accounts at digital banks (FinTechs), or make fraudulent purchases by impersonating students. 💸 Exposure of Transaction Data: The column `ID_INTERNO` is described by the seller as the "PAYMENT ID." This suggests that the database is directly linked to the university's billing or enrollment system, which could facilitate the interception of transfers or billing fraud (Boleto Fraud). 🔓 Active Session Hijacking: The leak includes the `TOKEN_SESION` column, containing valid UUID identifiers ). The threat actor asserts: "You will be able to log in." Critical Impact: This means attackers do not need passwords; they can inject these tokens into their browsers (via Cookie/Bearer Token Hijacking) to hijack active student accounts, modify banking details, steal further information, or send internal phishing emails. 🛡️ MITIGATION AND PREVENTIVE RECOMMENDATIONS 🛑 Mass Session Invalidation (For the Institution): The affected university must immediately force the expiration (timeout/revocation) of all active session tokens (Cookies/JWT) on its web servers to neutralize the "You will be able to log in" attack vector. 🔒 Legal and Regulatory Notification: In accordance with Brazil's General Data Protection Law (LGPD), the institution is obligated to immediately notify the National Data Protection Authority (ANPD)—as well as the data subjects (the applicants/students)—regarding the exposure of their CPF numbers. ⚡ MONITORING AND EVALUATION 🌐 Intelligence System: analyzer.vecert.io 🛡️ Quickly assess your website's security with: monitor.vecert.io/ #CyberSecurity #DataBreach #Brazil #FinancialFraud #CPFLeak #Rufasx #SessionHijacking #ThreatIntelligence #CyberAlert #VECERT #Infosec #LGPD

Option 1: Professional & Detailed Just reported a critical auth flaw! Found that improperly secured authentication tokens & session cookies can be manipulated or deleted by attackers. Impact: Session hijacking, CSRF, unauthorized data access & potential full account takeover. Always validate tokens & enforce secure cookie flags! 💡 Want to learn how to find bugs like this? I’m happy to mentor anyone interested in web security & bug bounty hunting. DMs open! #BugBounty #InfoSec #WebSecurity #AppSec #CyberSecurity #Authentication #SessionHijacking #BugBountyHunter #SecurityResearch #LearnToHack

حتى لو كاتب أعقد كلمة مرور وتستخدم الـ MFA.. هجوم الـ Session Hijacking كفيل بتجاوز دفاعاتك بالكامل في ثوانٍ قراصنة الإنترنت اليوم صاروا يتبعوا أساليب أذكى؛ بدل ما يحاولوا يخمنوا الباسورد، بيقوموا بسرقة ملفات تعريف الارتباط (Cookies) الخاصة بالجلسة النشطة للمنتقلين داخل الشبكة. النتيجة؟ بيقدروا يتجاوزوا عملية تسجيل الدخول بالكامل ويدخلوا للنظام كأنهم أنت، دون الحاجة للمرور على صفحة التحقق أو طلب الـ MFA. عشان نحمي أصول الشركة وحساباتها من هاد الخطر، بنعتمد على استراتيجيتين هندسيتين حاسمتين: 🛡️ الوصول المشروط (Conditional Access): تقنية ذكية جداً بتحلل سياق تسجيل الدخول بالكامل (الموقع الجغرافي، نوع الجهاز المستخدم، وتوقيت المحاولة) قبل ما تعطي الإذن بالوصول. 🛡️ سياسة الحد الأدنى من الصلاحيات (Least Privilege): الموظف بيمتلك فقط الحد الأدنى من الصلاحيات اللازمة لأداء وظيفته. هاد التوجه بيقلل مساحة الهجوم ويمنع المهاجم من التحرك الجانبي (Lateral Movement) داخل الشبكة لو نجح باختراق حساب واحد. برأيك، لماذا يسهل تجاوز العامل الثاني القائم على رسائل SMS مقارنة باستخدام تطبيقات المصادقة البرمجية (مثل Authenticator Apps)؟ #SessionHijacking #ConditionalAccess #LeastPrivilege #CyberSec #NetworkSecurity #أكاديمية_اتصالاتي

Browser Cookies 🍪 Cookies help websites remember you. Attackers see cookies and think: A) Snacks 😅 B) Session hijacking opportunity C) Free access pass 😭 #SessionHijacking #Cookies #CyberSecurity #WebSecurity #InfoSec

🤖 A threat actor on an underground forum is advertising what they describe as a “ChatGPT Cookie Database,” allegedly containing browser session and authentication-related data associated with user accounts. According to the listing, the alleged dataset may include: • login session data • authentication tokens • browser cache information • session storage data • user preference information • device-related metadata • access history references The actor markets the data as useful for “research,” “monitoring,” and authentication-related activities — terminology commonly observed in infostealer and session hijacking ecosystems. At this time: • the authenticity of the claims remains unverified • there is no evidence suggesting a direct compromise of OpenAI systems • such listings are often associated with infostealer malware infections targeting end-user devices rather than breaches of the service provider itself In many cases, so-called “cookie databases” originate from: • infostealer malware • malicious browser extensions • compromised devices • credential theft operations • session hijacking campaigns Potential risks associated with stolen session tokens and cookies include: • account takeover attempts • bypass of stored login sessions • unauthorized access to user accounts • data exposure through active browser sessions • abuse of authenticated web sessions Users are strongly encouraged to: • enable MFA on accounts • review active sessions and revoke unknown devices • avoid downloading untrusted software • keep browsers and endpoints updated • use reputable endpoint protection solutions • clear active sessions after suspected compromise There is currently no indication that this listing represents a direct breach of ChatGPT or OpenAI infrastructure. #CyberSecurity #ThreatIntelligence #Infostealer #SessionHijacking #AccountSecurity #DarkWeb #Infosec #OSINT #DDW #Intelligence

🍪 The underground economy around stolen browser cookies is exploding. Dark web forums are now flooded with listings targeting platforms like: Netflix, Steam, TikTok, PayPal, Binance, Booking.com, Epic Games, Apple, eBay, and more. Unlike traditional credential leaks, stolen session cookies can sometimes allow attackers to hijack already-authenticated accounts — even when MFA is enabled. Most of these logs are harvested through infostealer malware silently running on infected devices. This is why “change your password” is no longer enough. Threat actors are shifting from password theft to session theft. Recommendations: • Log out of unused sessions • Clear browser cookies regularly • Avoid storing credentials in browsers • Monitor active sessions/accounts • Treat infostealers as a top-tier threat The cybercrime market around session hijacking is growing rapidly in 2026. #CyberSecurity #DarkWeb #Infostealer #SessionHijacking #ThreatIntel #AccountTakeover

GitLab fixes high-severity GraphQL CSRF and Web IDE vulnerabilities in versions 18.11.1, 18.10.4, and 18.9.6. Protect your sessions and projects—patch now! #GitLab #CyberSecurity #InfoSec #PatchAlert #DevSecOps #SessionHijacking #GraphQL securityonline.info/gitlab-s…

⚠️ Extensions hijack sessions instead of just stealing data At least 12 fake #TikTok downloader extensions inject scripts to capture Facebook session cookies, enabling full account takeover without credentials across Chrome and Edge installs. #ransomNews #BrowserSecurity #SessionHijacking

Google launches DBSC in Chrome 146, binding session cookies to hardware like TPM. Neutralize infostealers and stop session hijacking with this new standard. #DBSC #ChromeSecurity #GoogleSecurity #InfoSec #CyberSecurity #SessionHijacking #LummaC2 securityonline.info/google-c…

Storm malware bypasses Chrome security by shipping encrypted files for server-side decryption. Learn how it steals session cookies to defeat MFA in 2026. #StormInfostealer #SessionHijacking #CyberSecurity #InfoSec #MFA #BrowserSecurity #ThreatIntel securityonline.info/storm-in…

Master NTLM relay with ghostsurf. Use a SOCKS5 proxy to hijack browser sessions, bypass kernel-mode auth, and impersonate users on IIS and HTTPS targets. #ghostsurf #NTLMRelay #SessionHijacking #RedTeam #Pentesting #ActiveDirectory #CyberSecurity meterpreter.org/ghostsurf-nt…

OpenBao patches critical 9.6 and 9.4 CVSS flaws in OIDC flows. Learn how "direct mode" enables session hijacking and XSS token theft. Update to 2.5.2 now. #OpenBao #CyberSecurity #OIDC #SessionHijacking #InfoSec #PatchAlert #XSS #SecretsManagement securityonline.info/openbao-…

🛠️🚨 Bypassing Browser Security! DumpBrowserSecrets extracts session cookies & MFA tokens 🍪 Features: 💥 Bypasses App-Bound crypto 🥷 Evades EDR via process spoofing 📦 Encrypted offline exfilration > DumpBrowserSecrets.exe /b:all /spoof 🔗 Git: github.com/Maldev-Academy/Du… #CloudBreach #RedTeam #InfoSec #SOC #EDR #AppSec #DFIR #CyberSecurity #CloudBreach #ThreatIntel #MalwareDevelopment #CredentialHarvesting #SessionHijacking #PenetrationTesting #BlueTeam #OffensiveSecurity #CyberAttack #CyberSec #CloudSec

Şifreye ihtiyacınız yok, eğer kapı zaten açıksa! Session Hijacking (Oturum Çalma), siber saldırganların "anahtar" yerine doğrudan "açık kapıyı" kullanma sanatıdır. Kullanıcı sisteme giriş yaptığında sunucu ona eşsiz bir Session ID (Oturum Kimliği) verir. Saldırgan bu kimliği ele geçirdiği an, kullanıcı adı veya şifre girmeden doğrudan "sizmişsiniz gibi" içeri dalar. ✅ Packet Sniffing: Şifrelenmemiş ağlarda ($HTTP$) oturum çerezlerini havadan yakalamak. ✅ XSS Saldırıları: Zararlı bir script ile tarayıcıdaki çerezleri saldırganın sunucusuna sızdırmak. ✅ Tahmin Etme: Zayıf algoritmalarla üretilmiş oturum numaralarını brute-force ile bulmak. Savunma Hattı: Mutlaka HTTPS kullanın, çerezleri HttpOnly ve Secure olarak işaretleyin ve şüpheli linklere tıklamayın! Siz kapıyı kilitlediğinizi sanırken, birisi çoktan içeride kahvesini içiyor olabilir. #SessionHijacking #CyberSecurity #SiberGüvenlik #Hacking #WebSecurity #Infosec #BugBounty