Session token theft is rising — attackers bypass passwords entirely by stealing what proves you’re already logged in. Auth doesn’t end at login. 🎟️⚠️ #IdentitySecurity #SessionHijacking
https://www.helpnetsecurity.com/2025/12/22/session-token-theft-video/
More than 4.3 million users were affected before anyone realized ShadyPanda’s extensions had turned into full surveillance tools.
In the latest Cyberside Chats episode, Sherri Davidoff and Matt Durrin break down how attackers built trust for years, then used auto-updates to harvest browsing data, authentication tokens, and even live session cookies. The discussion also covers why session hijacking is so dangerous—and the safeguards security leaders should be implementing now.
Watch the full conversation: https://youtu.be/x9AaE94KanM
Or listen to the podcast: https://www.chatcyberside.com/e/shady-panda-s-browser-backdoor-%E2%80%94-43m-chrome-edge-users-compromised/
#CybersideChats #BrowserSecurity #SupplyChainRisk #SessionHijacking #CyberThreats #IdentitySecurity #EnterpriseSecurity #SecurityOperations
📬 Pi-hole XSS CVE-2025-53533: kritische Sicherheitslücke entdeckt
#Cyberangriffe #ITSicherheit #AdministrationsZugriff #CookieDiebstahl #CVE202553533 #PiHole #SessionHijacking #TemplateFehler #XSSFehler https://sc.tarnkappe.info/182aaf
Google Debuts Device-Bound Session Credentials Against Session Hijacking
#HackerNews #Google #Device-Bound #Credentials #SessionHijacking #CyberSecurity #TechNews
📡 IMS and SIP: The Brains Behind Telecom Services — and Prime Targets for Attackers
Modern telecom systems rely heavily on IMS and SIP to deliver multimedia services across prepaid and postpaid platforms. But with great flexibility comes major exposure:
⚠️ SIP spoofing, session hijacking
⚠️ IMS DoS and third-party app vulnerabilities
⚠️ Weak authentication and interception risks
In our blog post, we break down:
🔍 How IMS and SIP actually work
🔍 Where the most critical vulnerabilities lie
🔍 How telcos can reinforce their infrastructure — both technically and operationally
🔗 Read the full article here:
💡 Want to go deeper? Our TS-250 training helps security teams and operators master IMS vulnerabilities: https://online-training.p1sec.com/course/ims
#TelecomSecurity #IMS #SIP #VoLTE #MobileNetworkSecurity #P1Security #VulnerabilityManagement #TS250 #Training #5G #Diameter #Smishing #SessionHijacking
Hello everyone.
In today's article. We learn session hijacking in detail.
I wish everyone good work
https://denizhalil.com/2024/09/09/session-hijacking-ethical-hacking-detect-prevent/
#cybersecurity #ethicalhacking #pentesting #websecurity #webapplicationscurity #sessionhijacking #bugbounty
As always the information in this thread as well as more can be found in my notes at: https://notes.zanidd.xyz/
Thank you for reading my thread and see you in the next one :)
Remediating Open Redirect
#cybersecurity #session #csrf #xss #sessionhijacking #sessionfixation
Remediating CSRF
#cybersecurity #session #csrf #xss #sessionhijacking #sessionfixation
Remediating XSS
#cybersecurity #session #csrf #xss #sessionhijacking #sessionfixation
Remediation Session Fixation
Example Function for PHP:
session_regenerate_id(bool $delete_old_session = false): bool
#cybersecurity #session #csrf #xss #sessionhijacking #sessionfixation
Remediating Session Hijacking
#hacking #cybersecurity #session #csrf #xss #sessionhijacking #sessionfixation
Here is some Advice on how to remediate common Session Security Attacks/Vulns (based on HTB Academy).
1/? 🧵
#hacking #cybersecurity #session #csrf #xss #sessionhijacking #sessionfixation
I came across Headlines trying to introduce fear of #FIDO2.
"Using MITM to bypass FIDO2 phishing-resistant protection" and "Passwordless Authentication Standard FIDO2 Flaw Let Attackers Launch MITM Attacks" seem very frightening. So I took a closer look into those articles.
https://www.silverfort.com/blog/using-mitm-to-bypass-fido2/
https://gbhackers.com/fid02-mitm-vulnerability/
They seem very much identical down to the fact they use the same illustrations. My understanding is that the demonstrated "#MITM #Attack" is actually an attack on the session coockie. So The idea is to let the #FIDO2 #Authentication take place uninterrupted and when successful, intercept the Session cockie when sent from the Relaying Party/Webserver to the client.
Maybe someone with a better understanding of the Standards can correct me but this attack looks to me as if it only attackls the session information which would be possible no mather what authentication would be used. In my understanding, secure session handling is a real thread but outside of the actual FIDO2 scope.
What do you think? Is it FIDO2 related? Or just a generic Session hijacking that happens to work besides others also with FIDO2 authentications?
Should security features be planned in web applications at an early stage? We believe so.
In this third article on best practices for app developers, we conclude the discussion on how to prevent session hijacking with a series of recommendations for application design.
#bestpractices #appdesign #secureapps #appsecurity #sessionhijacking #negativepid
XSS Vulnerability in Google Subdomain Let Hackers Hijack User Sessions
Date: March 15, 2024
CVE: Not specified
Sources: Cyber Security News
Issue Summary
A significant XSS vulnerability was found in the aihub.cloud.google.com subdomain by Henry N. Caga, enabling potential session hijacking, phishing, malware distribution, and data theft. Initially hard to replicate, persistence and a double-encoded payload exposed the flaw affecting URLs with a q parameter.
Technical Key findings
The flaw was discovered after testing various payloads on the q parameter, with double encoding revealing the vulnerability across all URLs under the affected domain.
Vulnerable products
Impact assessment
Risks included session hijacking, phishing attacks, malware distribution, and sensitive data theft, potentially damaging Google's reputation.
Patches or workaround
Google addressed the vulnerability, rewarding Caga $4,133.70, including a $1,000 bonus for his detailed report and proof of concept.
Tags
#XSS #Google #CyberSecurity #SessionHijacking #Phishing #Malware
FlowFixation: AWS Apache Airflow Service Takeover Vulnerability
Date: March 21, 2024
CVE: Not specified
Sources: Tenable Blog
Issue Summary
Tenable Research discovered a vulnerability, named FlowFixation, in AWS Managed Workflows for Apache Airflow (MWAA) that could allow session hijacking leading to a full takeover of the victim's web management panel.
Technical Key findings
FlowFixation combines session fixation and XSS via Amazon AWS domain misconfiguration, enabling attackers to authenticate known sessions and gain control over victim's Apache Airflow management panels.
Vulnerable products
Impact assessment
Potential for remote code execution on underlying instances and lateral movement to other services.
Patches or workaround
AWS has addressed the vulnerability. Users should ensure they are using updated services.
Tags
#AWS #ApacheAirflow #CloudSecurity #SessionHijacking #Vulnerability
@11110110101 @heiseonline
Wenn ich das Original (https://www.cloudsek.com/blog/compromising-google-accounts-malwares-exploiting-undocumented-oauth2-functionality-for-session-hijacking) richtig lese, besteht das Problem nur für schon geknackt Accounts. Vermutlich hilft MFA, damit es gar nicht so weit kommt?
Sonst:
"If you suspect your account may have been compromised, or as a general precaution, sign out of all browser profiles to invalidate the current session tokens. Following this, reset your password and sign back in to generate new tokens."
Really good story telling about real-life phishing attack and how session session hijack can make things like password strenght and 2FA irrelevant!
We need browser profile primary password logins to help prevent session hijacking
Seeing what happened this week to the Linus Tech Tips YouTube channel made me realise how well we have secured in transit data, password managers, etc (LastPass was also hacked via an end user session) but we appear to have the session data left wide open on ...continues
