Dossier
session tokens
Coverage of session tokens in the Nexus archive.
- The Top 10 Attack Surface Exposures in 2026
The article highlights that breaches often originate from non-zero-day vulnerabilities, such as brute-forced admin panels and reused credentials. It specifically mentions the MongoBleed vulnerability, which allows attackers to extract credentials and session tokens from server memory without authentication, emphasizing the risks to internet-facing systems.
- FBI warns of Kali365 phishing service targeting Microsoft 365 accounts
The FBI has issued a warning about the Kali365 phishing-as-a-service platform, which exploits OAuth device code authentication to hijack Microsoft 365 accounts. The service steals session tokens and bypasses multi-factor authentication (MFA), posing a significant cybersecurity threat.