From the hacker recovery cases I’ve handled here on X lately, this is getting worse every day. It’s not just Meta AI exploits. Every major social media platform people use to connect with friends & family plus gaming platforms too are prime targets. Hackers steal session cookies and gain full instant access, bypassing strong passwords 2FA. No login prompts needed. Anything connected to the internet that holds your personal information can be hacked. Has this happened to you again recently? Comment HI if you’ve been a victim. Clear cookies often, use session isolation, and stay alert. #CyberSecurity #SessionHijacking #OnlineSafety #Hacked

#CyberWhisper #CyberSecurity #SessionHijacking

#CyberWhisper #CyberSecurity #SessionHijacking

🔐 You may have logged in securely, but attackers can still steal your active session. Session Hijacking lets cybercriminals access accounts without knowing your password. Learn how it works and how to stay protected: snsin.com/what-is-session-hi… #CyberSecurity #SessionHijacking

A critical MCP Toolbox vulnerability exposes enterprise databases. Learn how this security flaw allows session hijacking and how to fix it. #MCPToolbox #Cybersecurity #SessionHijacking #Infosec #DatabaseSecurity securityonline.info/mcp-tool…

🪝 Session Hijacking يعني المهاجم يسرق جلسة المستخدم بعد ما يسجّل دخول 👀 يعني بدل ما يتعب بسرقة كلمة المرور يأخذ الجلسة الجاهزة ويدخل مباشرة 🔓 عشان كذا حماية #الجلسات و #الكوكيز و #التشفير مرة مهمة 🔐 #سيبرانيات_ماهر #أمن_سيبراني #Cybersecurity #SessionHijacking

🚨 STRATEGIC CYBER INTELLIGENCE ALERT: EXPOSURE OF ACADEMIC DATA AND SESSIONS DUE TO A VULNERABILITY IN THE GRAPHQL API — CNFDI (FRANCE) 🇫🇷 ⚠️ THE "#LUNARISSEC" COLLECTIVE EXPOSES A CONFIGURATION FLAW WITH THE RISK OF ACCOUNT KIDNAPPING [STATUS: / UNCONFIRMED, VISUAL EVIDENCE] Through proactive monitoring of vulnerability disclosure channels and offensive cybersecurity platforms, a critical vulnerability affecting the Centre National Privé de Formation à Distance (CNFDI) in France was detected on May 27, 2026, specifically on its virtual campus platform (campus.cnfdi.com). The LunarisSec collective, identified as m0rphyn and pwn2d, under the LunarisSec banner, has disclosed the successful exploitation of a vulnerability in the campus GraphQL API interface. The published proof-of-concept (PoC) evidence demonstrates that the attackers were able to bypass authorization controls to directly query the database of users, sessions, and email logs. 🛡️ MITIGATIONS AND PREVENTIVE RECOMMENDATIONS 🛑 Disable Introspection in Production: CNFDI should immediately disable GraphQL introspection (graphql-introspection) in its production environment, limiting API schema visibility to authorized developers. 🔒 Implement Authorization in Resolvers: Configure strict field-level authorization policies in GraphQL schemas, ensuring that queries to session, registration, and mail nodes strictly require valid authentication tokens with system administrator privileges. #CyberSecurity #DataBreach #France #CNFDI #GraphQL #LunarisSec #APIvulnerability #SessionHijacking #FinancialFraud #ThreatIntelligence #CyberAlert #VECERT #Infosec #ConfirmedPoC

🚨 STRATEGIC CYBERINTEL ALERT: POTENTIAL DATABASE DISTRIBUTION FOR FINANCIAL FRAUD PURPOSES — "UNIVERSITY OF BRAZIL" 🇧🇷 ⚠️ THREAT ACTOR "Rufasx" IS SELLING CPFs, PAYMENT IDs, AND ACTIVE SESSION TOKENS [STATUS: UNDER INVESTIGATION / UNCONFIRMED] Through the monitoring of Telegram channels, an advertisement has been detected offering for sale a database belonging to an unspecified academic institution operating under the generic name "University of Brazil." The threat actor has published data samples in spreadsheet format that expose critical information regarding applicants or students. The most alarming aspect of the advertisement is the explicit intent to facilitate financial fraud, as the seller specifically promotes the utility of the personal documents (CPFs) "for loans" and offers session tokens that allow for direct access to institutional portals. 🎯 Affected Entity: Higher education institution in Brazil (Education Sector / "University of Brazil"). 👤 Threat Actor: Rufasx 📂 Incident Type: Database Sale, Financial Identity Theft, Session Hijacking. ⚠️ Verification Status: UNVERIFIED. The attached screenshots display rows of data that appear genuine and consistent with Brazilian demographics, including Names, CPFs (valid in their numerical format), and UUID strings corresponding to session tokens. 📊 TECHNICAL BREAKDOWN AND IMPACT VECTORS Forensic analysis of the sample images reveals structured columns indicating a deep-seated breach, possibly originating from the university's admissions system or payment portal: 🪪 Exposure of Financial Identity (CPF): The CPF (Cadastro de Pessoas Físicas) column contains the unique tax identification document that is fundamental in Brazil. Financial Attack Vector: The actor highlights that this data is useful "for loans." With a full name and CPF number, cybercriminals can apply for student loans (such as FIES), open "mule" bank accounts at digital banks (FinTechs), or make fraudulent purchases by impersonating students. 💸 Exposure of Transaction Data: The column `ID_INTERNO` is described by the seller as the "PAYMENT ID." This suggests that the database is directly linked to the university's billing or enrollment system, which could facilitate the interception of transfers or billing fraud (Boleto Fraud). 🔓 Active Session Hijacking: The leak includes the `TOKEN_SESION` column, containing valid UUID identifiers ). The threat actor asserts: "You will be able to log in." Critical Impact: This means attackers do not need passwords; they can inject these tokens into their browsers (via Cookie/Bearer Token Hijacking) to hijack active student accounts, modify banking details, steal further information, or send internal phishing emails. 🛡️ MITIGATION AND PREVENTIVE RECOMMENDATIONS 🛑 Mass Session Invalidation (For the Institution): The affected university must immediately force the expiration (timeout/revocation) of all active session tokens (Cookies/JWT) on its web servers to neutralize the "You will be able to log in" attack vector. 🔒 Legal and Regulatory Notification: In accordance with Brazil's General Data Protection Law (LGPD), the institution is obligated to immediately notify the National Data Protection Authority (ANPD)—as well as the data subjects (the applicants/students)—regarding the exposure of their CPF numbers. ⚡ MONITORING AND EVALUATION 🌐 Intelligence System: analyzer.vecert.io 🛡️ Quickly assess your website's security with: monitor.vecert.io/ #CyberSecurity #DataBreach #Brazil #FinancialFraud #CPFLeak #Rufasx #SessionHijacking #ThreatIntelligence #CyberAlert #VECERT #Infosec #LGPD

Option 1: Professional & Detailed Just reported a critical auth flaw! Found that improperly secured authentication tokens & session cookies can be manipulated or deleted by attackers. Impact: Session hijacking, CSRF, unauthorized data access & potential full account takeover. Always validate tokens & enforce secure cookie flags! 💡 Want to learn how to find bugs like this? I’m happy to mentor anyone interested in web security & bug bounty hunting. DMs open! #BugBounty #InfoSec #WebSecurity #AppSec #CyberSecurity #Authentication #SessionHijacking #BugBountyHunter #SecurityResearch #LearnToHack

A SolarEdge CSRF OOB injection vulnerability allows attackers to hijack sessions and force internal infrastructure to exfiltrate data. redsecuretech.co.uk/blog/pos… #SolarEdge #CSRF #OOBInjection #PhotovoltaicSecurity #SolarMonitoring #nu11secur1ty #SessionHijacking #InfoSec

حتى لو كاتب أعقد كلمة مرور وتستخدم الـ MFA.. هجوم الـ Session Hijacking كفيل بتجاوز دفاعاتك بالكامل في ثوانٍ قراصنة الإنترنت اليوم صاروا يتبعوا أساليب أذكى؛ بدل ما يحاولوا يخمنوا الباسورد، بيقوموا بسرقة ملفات تعريف الارتباط (Cookies) الخاصة بالجلسة النشطة للمنتقلين داخل الشبكة. النتيجة؟ بيقدروا يتجاوزوا عملية تسجيل الدخول بالكامل ويدخلوا للنظام كأنهم أنت، دون الحاجة للمرور على صفحة التحقق أو طلب الـ MFA. عشان نحمي أصول الشركة وحساباتها من هاد الخطر، بنعتمد على استراتيجيتين هندسيتين حاسمتين: 🛡️ الوصول المشروط (Conditional Access): تقنية ذكية جداً بتحلل سياق تسجيل الدخول بالكامل (الموقع الجغرافي، نوع الجهاز المستخدم، وتوقيت المحاولة) قبل ما تعطي الإذن بالوصول. 🛡️ سياسة الحد الأدنى من الصلاحيات (Least Privilege): الموظف بيمتلك فقط الحد الأدنى من الصلاحيات اللازمة لأداء وظيفته. هاد التوجه بيقلل مساحة الهجوم ويمنع المهاجم من التحرك الجانبي (Lateral Movement) داخل الشبكة لو نجح باختراق حساب واحد. برأيك، لماذا يسهل تجاوز العامل الثاني القائم على رسائل SMS مقارنة باستخدام تطبيقات المصادقة البرمجية (مثل Authenticator Apps)؟ #SessionHijacking #ConditionalAccess #LeastPrivilege #CyberSec #NetworkSecurity #أكاديمية_اتصالاتي

🔒 What is Session Hijacking and How Attackers Steal Your Sessions ⚠️ Session tokens are a prime target - attackers can take over accounts silently. ➡️ sslinsights.com/what-is-sess… #SessionHijacking #CyberSecurity #WebSecurity #Hacking #SSLInsights

Unit 42 exposes the new Gremlin stealer. It uses memory-resident techniques to hijack active browser session tokens and completely bypass MFA. #GremlinStealer #Infostealer #SessionHijacking #MFAbypass #CyberSecurity #InfoSec #ThreatIntel #MalwareAnalysis securityonline.info/gremlin-…

7 Signs Your Organization Is Vulnerable to Business Email Compromise #Hackers #BusinessEmailCompromise #PlatformFilters #BehavioralAnomalies #VendorPaymentRequest #IncidentResponse #PasswordSpraying #SessionHijacking thehackernews.com/expert-ins…

🔥 OT doesn’t need a “grid-killer” movie villain—just predictable session IDs. CVE-2024-54017 means attackers can hijack quietly. Patch, rotate creds, and tighten access NOW. #Windows #Security windowsforum.com/threads/cve… #SessionHijacking #OtSecurity #SiemensSiprotec5 #CisaAdvisor…

Yesterday I wrote how Windows infostealers have become one of the most important threats in today’s cybercrime economy, however macOS infostealers have become a serious part of the modern credential theft economy. For years, infostealer activity was mostly associated with Windows, but that has changed as attackers increasingly target Macs used by executives, developers, designers, contractors, and startup teams. This blog explains how macOS infostealers work, why Apple devices have become valuable targets, and how stolen data from a single Mac can expose personal accounts, business systems, cloud environments, crypto wallets, and developer secrets. Modern macOS stealers are designed to collect browser passwords, session cookies, Keychain data, crypto-wallet files, SSH keys, cloud credentials, GitHub tokens, Kubernetes configs, and other sensitive material. The post highlights how macOS attacks often rely on trust and social engineering. Instead of only using traditional malware files, attackers use fake apps, malicious DMG installers, fake GitHub repositories, poisoned search results, AI-themed lures, and Terminal commands that victims are tricked into running themselves. This makes macOS infostealers especially dangerous because the user is often guided into approving the attack. The blog also reviews the main macOS stealer families shaping the threat landscape, including Atomic macOS Stealer, also known as AMOS, Banshee Stealer, Cthulhu Stealer, Poseidon Stealer, MetaStealer, KeySteal, CherryPie, RealStealer, DigitStealer, and MacSync. It compares them by targets, delivery methods, business models, and risk levels. Most importantly, the blog makes a clear point for security teams: a macOS stealer infection is not just a malware problem. It is an identity incident, a potential cloud incident, and, when developers are involved, a possible supply-chain incident. Removing the malware is only the first step. Teams also need to revoke sessions, reset passwords, rotate tokens and keys, inspect cloud and GitHub access, review suspicious logins, and protect developer secrets. In short, this blog introduces macOS infostealers as a fast-growing threat that turns trusted Apple devices into sources of stolen identities, business access, cloud credentials, and developer secrets. lunarcyber.com/blog/macos-in… #CyberSecurity #MacOSSecurity #Infostealers #CredentialTheft #IdentitySecurity #Malware #ThreatIntelligence #AppleSecurity #CloudSecurity #DeveloperSecurity #SessionHijacking #CryptoWalletSecurity #IncidentResponse #SOC #SupplyChainSecurity

Fake Claude Code installers are hijacking developer cookies to steal secrets. Threat actors weaponized a new COM interface to bypass security. #cybersecurity #CyDhaal #cookieTheft #malware #developerSecurity #sessionHijacking ⚠️

Someone can steal your session… without stealing your password. Session hijacking lets attackers access accounts by stealing session cookies. No password needed. No login required. #CyberSecurity #SessionHijacking #InfoSec #CyberAwareness

Browser Cookies 🍪 Cookies help websites remember you. Attackers see cookies and think: A) Snacks 😅 B) Session hijacking opportunity C) Free access pass 😭 #SessionHijacking #Cookies #CyberSecurity #WebSecurity #InfoSec