Saturday 04 July 2026 20:58:10 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

#Session Hijacking


Umbrij and the New Credential Crime: Turning Gmail Sessions Into API Access

Published: 02 July 2026 18:10Category: Malware & BotnetsGeo: North America / USAAuthor: SIGNALMONK

The reported malware chain targets Google’s OAuth flow, showing how a live browser session can become the real prize in email compromise.

When Gmail Is Hit Through the Browser, Not the Password

Published: 01 July 2026 14:07Category: Cloud, SaaS & Identity SecurityGeo: North America / USAAuthor: AUDITWOLF

A reported ToddyCat operation points to a quieter kind of account abuse: Windows sideloading, browser remote debugging, and OAuth token flow instead of direct credential theft.

The Fake Rental Trap Behind a New Android RAT

Published: 01 July 2026 10:52Category: CybercrimeAuthor: CRYSTALPROXY

A decoy apartment site, a dropped APK, and a loader chain that turns a simple lure into a mobile account-abuse risk.

The Fake Boss, the Hidden DLL, and the Chat Session That Turns Trust Into Fraud

Published: 30 June 2026 12:16Category: Security Awareness & Social EngineeringGeo: North America / USAAuthor: NEURALSHIELD

A campaign dubbed Boss Scam blends impersonation, Windows DLL sideloading, and WhatsApp Web session theft, showing how criminals can chain everyday enterprise tools into a fraud path.

The Quiet Theft Model: How a Rust Infostealer Turns Browser Trust Into Account Risk

Published: 26 June 2026 10:09Category: Malware & BotnetsAuthor: IRONQUERY

KuinaExtractor, a reported Rust-based infostealer also linked to the name k0to, highlights a familiar but dangerous pattern: steal the browser state, and you may steal the session.

The Attack Hiding in Plain Traffic

Published: 20 June 2026 18:33Category: Research, Exploits & Offensive SecurityAuthor: PATCHVIPER

Man-in-the-middle attacks are less a single exploit than a class of interception tactics that abuse trust between devices, networks, and infrastructure.

When the Login Is the Loot: The Payroll Fraud Playbook Behind AiTM Session Theft

Published: 15 June 2026 17:10Category: Security Awareness & Social EngineeringGeo: North America / CanadaAuthor: NEURALSHIELD

A reported payroll scam uses phishing and adversary-in-the-middle tactics to slip past MFA, then quietly alter account details inside HR and finance portals.

When a Stealer Comes Wrapped Like a Legit App

Published: 08 June 2026 14:42Category: Malware & BotnetsAuthor: NEXUSGUARDIAN

A reported Lucid Stealer build uses a Node.js Single Executable Application wrapper, showing how familiar software packaging can blur the line between benign delivery and criminal tooling.

OpenAI Adds New Locks to ChatGPT as Account Security Becomes the Real Battleground

Published: 08 June 2026 12:48Category: Cloud, SaaS & Identity SecurityGeo: North America / USAAuthor: SHADOWFIREWALL

Active Sessions and Lockdown Mode are being expanded, turning ChatGPT into a tighter-controlled workspace where visibility and restriction matter as much as convenience.

One Plaintext File, One Session, One Very Bad Day for Endpoint Trust

Published: 02 June 2026 10:30Category: Vulnerabilities & Patch ManagementGeo: North America / USAAuthor: DEEPAUDIT

A Windows client-side state file in StrongDM may let a copied token be replayed under the right conditions, turning local file access into an authentication risk.

Chrome Turns a Stolen Cookie Into a Much Worse Bet for Thieves

Published: 30 May 2026 19:00Category: Cloud, SaaS & Identity SecurityGeo: North America / USAAuthor: SHADOWFIREWALL

Google has moved Device-Bound Session Credentials to general availability in Chrome for Windows, making off-device session replay harder where the browser, platform, and service all support it.

Inside a Building Gateway Bug: How a Session Flaw Can Turn Into Control-Plane Risk

Published: 28 May 2026 20:42Category: Vulnerabilities & Patch ManagementGeo: Europe / SwitzerlandAuthor: SECURESPECTER

ABB’s EIBPORT advisory is a reminder that in smart buildings, a web-session weakness can matter as much as a protocol flaw when management interfaces sit too close to untrusted networks.

The Real Break-In Is the Login: Why Stolen Credentials Keep Winning

Published: 27 May 2026 18:04Category: Security Awareness & Social EngineeringGeo: North America / USAAuthor: PATCHKNIGHT

AI can make phishing faster and cleaner, but the deeper problem is older: once attackers capture a password, session cookie, or token, they can often act like a real user.

NightSpire’s Quiet Trick: Turning RDP into a Ransomware Persistence Layer

Published: 26 May 2026 17:49Category: Ransomware & ExtortionAuthor: HEXSENTINEL

The dangerous part of modern extortion is often not the encryption routine, but the remote-access foothold that lets operators come back, move quietly, and pressure victims from inside the network.

When a Real Microsoft Login Becomes the Trap

Published: 25 May 2026 18:36Category: Security Awareness & Social EngineeringGeo: North America / USAAuthor: NEURALSHIELD

A phishing service built around OAuth device code flow shows how attackers can turn a legitimate sign-in path into token theft, session hijacking, and MFA bypass.

When the Login Code Becomes the Weapon: Kali365 and the New Cloud Phish

Published: 25 May 2026 18:31Category: Security Awareness & Social EngineeringGeo: North America / USAAuthor: PATCHKNIGHT

A phishing-as-a-service platform is turning Microsoft’s device-code sign-in into a turnkey path for token theft, session hijacking, and quieter cloud compromise.

Chrome’s Protected Memory Isn’t the Finish Line for Infostealers

Published: 19 May 2026 16:37Category: Malware & BotnetsGeo: North America / USAAuthor: SIGNALMONK

VoidStealer is a reminder that browser hardening can still be undercut when malware waits for secrets to appear in memory, where encryption no longer helps.

When a Session Token Becomes a Doorway: Siemens SIPROTEC 5 and the Cost of Weak Randomness

A low-severity vulnerability on paper can still matter in critical infrastructure when the flaw sits inside a web session used to manage industrial protection gear.

When WhatsApp and Outlook Turn Into a Malware Relay Network

Published: 11 May 2026 11:31Category: Malware & BotnetsGeo: South America / BrazilAuthor: SIGNALMONK

A Brazilian banking trojan tracked as REF3076 shows how attackers can turn authenticated chats and mail into a distribution channel, not just a lure.

When a Trusted Installer Turns Into a Message Relay

Published: 09 May 2026 19:23Category: Malware & BotnetsGeo: South America / BrazilAuthor: NEXUSGUARDIAN

Reported activity around TCLBANKER shows how a banking trojan can borrow the credibility of a signed installer and the reach of hijacked accounts to spread further.