#session-hijacking
6 articles
Over ten articles published between April 11 and June 21, 2026, ZCyberNews has covered session hijacking incidents affecting cryptocurrency, digital publishing, finance, financial services, and hr sectors in Canada. The coverage includes one critical, six high, and two medium severity reports. Threat actors Gremlin Stealer and Storm-2755 were observed in these campaigns. Key vulnerabilities linked to the tag include CVE-2019-25763 (CVSS 9.8), CVE-2022-23961 (CVSS 6.1), and CVE-2026-5084.
CRITICALCVE-2019-25763: WordPress Beaver Builder Plugin Authentication Bypass
CVE-2019-25763 (CVSS 9.8) allows unauthenticated attackers to hijack admin sessions in WordPress Ultimate Addons for Beaver Builder 1.2.4.1 via a crafted POST request to...
HIGHGremlin Stealer Evolves: Crypto Clipping, Session Hijacking, Packed
Unit 42 details a new Gremlin stealer variant using XOR-encrypted resource sections, crypto clipper, WebSocket session hijacking, and a commercial packer with instruction...
HIGHCVE-2026-5084: WebDyne Session IDs Generated with Weak MD5/rand()
CVE-2026-5084: WebDyne::Session through 2.075 for Perl generates session IDs from an MD5 hash seeded with rand(), enabling session prediction and hijacking.
MEDIUMThruk Monitoring XSS Flaw CVE-2022-23961 Lets Attackers Hijack
CVE-2022-23961 (CVSS 6.1) in Thruk Monitoring through 2.46.3 enables unauthenticated reflected XSS via the login field, risking session theft for admins.
HIGH108 Malicious Chrome Extensions Hijack Browsers, Steal Google and Telegram Data
Socket identified 108 malicious Chrome extensions that infected 20,000 users, stealing Google and Telegram session cookies and injecting ads via a shared command-and-control server.
HIGHStorm-2755 Hijacks Payroll via AiTM Attacks
Financially motivated group Storm-2755 targets Canadian employees using AiTM session hijacking to redirect salary payments.
Stay Updated
Get the latest cybersecurity news delivered to your inbox.