ZCyberNews
中文

#session-hijacking

6 articles

Over ten articles published between April 11 and June 21, 2026, ZCyberNews has covered session hijacking incidents affecting cryptocurrency, digital publishing, finance, financial services, and hr sectors in Canada. The coverage includes one critical, six high, and two medium severity reports. Threat actors Gremlin Stealer and Storm-2755 were observed in these campaigns. Key vulnerabilities linked to the tag include CVE-2019-25763 (CVSS 9.8), CVE-2022-23961 (CVSS 6.1), and CVE-2026-5084.

WordPress admin dashboard login screen illustrating session hijacking riskCRITICAL
Vulnerabilities

CVE-2019-25763: WordPress Beaver Builder Plugin Authentication Bypass

CVE-2019-25763 (CVSS 9.8) allows unauthenticated attackers to hijack admin sessions in WordPress Ultimate Addons for Beaver Builder 1.2.4.1 via a crafted POST request to...

CVE-2019-25763
3 min read
Gremlin Stealer Evolves: Crypto Clipping, Session Hijacking, PackedHIGH
Malware

Gremlin Stealer Evolves: Crypto Clipping, Session Hijacking, Packed

Unit 42 details a new Gremlin stealer variant using XOR-encrypted resource sections, crypto clipper, WebSocket session hijacking, and a commercial packer with instruction...

5 min readGremlin Stealer
CVE-2026-5084: WebDyne Session IDs Generated with Weak MD5/rand()HIGH
Vulnerabilities

CVE-2026-5084: WebDyne Session IDs Generated with Weak MD5/rand()

CVE-2026-5084: WebDyne::Session through 2.075 for Perl generates session IDs from an MD5 hash seeded with rand(), enabling session prediction and hijacking.

CVE-2026-5084
3 min read
Thruk Monitoring XSS Flaw CVE-2022-23961 Lets Attackers HijackMEDIUM
Vulnerabilities

Thruk Monitoring XSS Flaw CVE-2022-23961 Lets Attackers Hijack

CVE-2022-23961 (CVSS 6.1) in Thruk Monitoring through 2.46.3 enables unauthenticated reflected XSS via the login field, risking session theft for admins.

CVE-2022-23961
3 min read
108 Malicious Chrome Extensions Hijack Browsers, Steal Google and Telegram DataHIGH
Malware

108 Malicious Chrome Extensions Hijack Browsers, Steal Google and Telegram Data

Socket identified 108 malicious Chrome extensions that infected 20,000 users, stealing Google and Telegram session cookies and injecting ads via a shared command-and-control server.

3 min read
Storm-2755 Hijacks Payroll via AiTM AttacksHIGH
Threat Intel

Storm-2755 Hijacks Payroll via AiTM Attacks

Financially motivated group Storm-2755 targets Canadian employees using AiTM session hijacking to redirect salary payments.

2 min readStorm-2755

Stay Updated

Get the latest cybersecurity news delivered to your inbox.