Morning Overview on MSN

Microsoft just confirmed attackers are exploiting an Exchange Server zero-day to silently hijack inboxes — CVE-2026-42897 lets them rewrite emails and steal sessio…

Organizations running Microsoft Exchange Server face an active threat after a zero-day vulnerability was confirmed to allow ...

Google Chrome’s New Feature Takes Aim at Cookie Theft, Account Hijacking

Chrome’s DBSC update binds login sessions to user devices, making stolen session cookies harder to reuse in account hijacking ...
Threat Post

Session Hijacking Bug Exposed GitLab Users Private Tokens

GitLab, the popular web-based Git repository manager, fixed a vulnerability recently that could have opened its users up to session hijacking attacks. GitLab, the popular web-based Git repository ...
Infosecurity-magazine.com

GitLab Vulns Could Lead to Session Hijacking

During a recent pen test of GitLab, Imperva researchers were surprised to come across a vulnerability that leaves users exposed to session hijacking attacks. The vulnerability stems from the type of ...
VentureBeat

MFA verifies who logged in. It has no idea what they do next.

Every MFA check passed. Every login was legitimate. The compliance dashboard was green across every identity control. And the attacker was already inside, moving laterally through Active Directory ...
TechCrunch

CircleCI says hackers stole encryption keys and customers’ secrets

CircleCi, a software company whose products are popular with developers and software engineers, confirmed that some customers’ data was stolen in a data breach last month. The company said in a ...
Dark Reading

Why Tokens Are Like Gold for Opportunistic Threat Actors

Authentication tokens aren't actual physical tokens, of course. But when these digital identifiers aren't expired regularly or pinned for use by a specific device only, they may as well be made of ...