Latest Hijack news

Hijacked subdomains of major brands used in massive spam campaign

A massive ad fraud campaign named "SubdoMailing" is using over 8,000 legitimate internet domains and 13,000 subdomains to send up to five million emails per day to generate revenue through scams and malvertising.
- Bill Toulas
- February 26, 2024
- 09:00 AM
- 0
Mandiant's X account hacked by crypto Drainer-as-a-Service gang

Cybersecurity firm and Google subsidiary Mandiant says its Twitter/X account was hijacked last week by a Drainer-as-a-Service (DaaS) gang in what it described as "likely a brute force password attack."
- Sergiu Gatlan
- January 10, 2024
- 05:21 PM
- 1
SIM swapper gets 8 years in prison for account hacks, crypto theft

Amir Hossein Golshan, 25, was sentenced to eight years in prison by a Los Angeles District Court and ordered to pay $1.2 million in restitution for crimes involving SIM swapping, merchant fraud, support fraud, account hacking, and cryptocurrency theft.
- Bill Toulas
- November 29, 2023
- 02:26 PM
- 0
LinkedIn accounts hacked in widespread hijacking campaign

LinkedIn is being targeted in a wave of account hacks resulting in many accounts being locked out for security reasons or ultimately hijacked by attackers.
- Bill Toulas
- August 15, 2023
- 05:21 PM
- 9
Millions of GitHub repos likely vulnerable to RepoJacking, researchers say

Millions of GitHub repositories may be vulnerable to dependency repository hijacking, also known as "RepoJacking," which could help attackers deploy supply chain attacks impacting a large number of users.
- Bill Toulas
- June 22, 2023
- 11:45 AM
- 0
Hackers steal $3 million by impersonating crypto news journalists

A hacking group tracked as 'Pink Drainer' is impersonating journalists in phishing attacks to compromise Discord and Twitter accounts for cryptocurrency-stealing attacks.
- Bill Toulas
- June 10, 2023
- 10:09 AM
- 0
Google will delete accounts inactive for more than 2 years

Google has updated its policy for personal accounts across its services to allow a maximum period of inactivity of two years.
- Bill Toulas
- May 21, 2023
- 11:07 AM
- 2
Researcher hijacks popular Packagist PHP packages to get a job

A researcher hijacked over a dozen Packagist packages—with some having been installed hundreds of millions of times over the course of their lifetime. The researcher reached out to BleepingComputer stating that by hijacking these packages he hopes to get a job. And, he seems pretty confident that this would work.
- Ax Sharma
- May 03, 2023
- 11:30 AM
- 1
Kubernetes RBAC abused to create persistent cluster backdoors

Hackers use a novel method involving RBAC (Role-Based Access Control) to create persistent backdoor accounts on Kubernetes clusters and hijack their resources for Monero crypto-mining.
- Bill Toulas
- April 21, 2023
- 11:35 AM
- 0
All Dutch govt networks to use RPKI to prevent BGP hijacking

The Dutch government will adopt the RPKI (Resource Public Key Infrastructure) standard on all its systems before the end of 2024 to upgrade the security of its internet routing.
- Bill Toulas
- April 09, 2023
- 11:21 AM
- 0
Microsoft Azure SFX bug let hackers hijack Service Fabric clusters

Attackers could exploit a now-patched spoofing vulnerability in Service Fabric Explorer to gain admin privileges and hijack Azure Service Fabric clusters.
- Sergiu Gatlan
- October 19, 2022
- 11:45 AM
- 0
Microsoft found TikTok Android flaw that let hackers hijack accounts

Microsoft found and reported a high severity flaw in the TikTok Android app in February that allowed attackers to "quickly and quietly" take over accounts with one click by tricking targets into clicking a specially crafted malicious link.
- Sergiu Gatlan
- August 31, 2022
- 12:00 PM
- 1
PyPI packages hijacked after developers fall for phishing emails

A phishing campaign caught yesterday was seen targeting maintainers of Python packages published to the PyPI registry. Python packages 'exotel' and 'spam' are among hundreds seen laced with malware after attackers successfully compromised accounts of maintainers who fell for the phishing email.
- Ax Sharma
- August 25, 2022
- 07:18 AM
- 0
Google now blocks Workspace account hijacking attempts automatically

Google Workspace (formerly G Suite) now comes with stronger protections for risky account actions, automatically blocking hijacking attempts with identity verification prompts and logging them for further investigation.
- Sergiu Gatlan
- August 10, 2022
- 12:18 PM
- 0
GitLab security update fixes critical account take over flaw

GitLab has released a critical security update for multiple versions of its Community and Enterprise Edition products to address eight vulnerabilities, one of which allows account takeover.
- Bill Toulas
- June 03, 2022
- 09:55 AM
- 0
Hackers steal WhatsApp accounts using call forwarding trick

There's a trick that allows attackers to hijack a victim's WhatsApp account and gain access to personal messages and contact list.
- Ionut Ilascu
- May 31, 2022
- 07:10 PM
- 0
Hacker says hijacking libraries, stealing AWS keys was ethical research

The hacker of 'ctx' and 'PHPass' libraries has now broken silence and explained the reasons behind this hijack to BleepingComputer. According to the hacker, this was a bug bounty exercise and no malicious activity was intended.
- Ax Sharma
- May 25, 2022
- 09:42 AM
- 2
Hackers can hack your online accounts before you even register them

Security researchers have revealed that hackers can hijack your online accounts before you even register them by exploiting flaws that have been already been fixed on popular websites, including Instagram, LinkedIn, Zoom, WordPress, and Dropbox.
- Bill Toulas
- May 23, 2022
- 01:02 PM
- 0
Ferrari subdomain hijacked to push fake Ferrari NFT collection

One of Ferrari's subdomains was hijacked yesterday to host a scam promoting fake Ferrari NFT collection, according to researchers. The Ethereum wallet associated with the cryptocurrency scam appears to have collected a few hundred dollars before the hacked subdomain was shut down.
- Ax Sharma
- May 06, 2022
- 03:56 PM
- 0
Microsoft fixes critical Azure bug that exposed customer data

Microsoft has addressed a critical vulnerability in the Azure Automation service that could have allowed attackers to take full control over other Azure customers' data.
- Sergiu Gatlan
- March 07, 2022
- 11:09 AM
- 0