session-hijacking

3 posts

NetScaler trusts snprintf, leaks adjacent heap memory

Why 'silent' vulnerabilities like Citrix Bleed (CVE-2023-4966) are already exploited at the network edge, what they produce in telemetry, and where defenders are blind.

Jun 14, 2026

Article

Your second factor is a phone call

SMS 2FA on PayPal is a routing decision, not a credential. The session cookie is the boundary, and attackers have already routed around the factor.

Apr 28, 2026

Article

Why MFA Alone Will Not Save You

MFA stops credential stuffing but not AiTM phishing, token theft, or session hijacking. Here's what attackers actually do and how to close the gaps.

Apr 2, 2026