bug-bounty458
google364
microsoft314
facebook272
xss250
apple179
malware176
rce165
exploit141
cve111
account-takeover104
bragging-post101
phishing84
privilege-escalation81
csrf81
supply-chain68
stored-xss65
authentication-bypass63
dos63
browser62
reflected-xss57
react54
cloudflare51
reverse-engineering49
cross-site-scripting48
input-validation48
aws48
docker47
node47
access-control47
smart-contract45
web343
ethereum43
sql-injection43
web-security42
ssrf42
defi42
web-application41
oauth37
writeup37
race-condition36
burp-suite35
vulnerability-disclosure34
info-disclosure34
idor34
html-injection33
cloud33
auth-bypass33
lfi32
smart-contract-vulnerability32
0
4/10
Threat actor Storm-2561 uses SEO poisoning and spoofed VPN vendor websites to distribute fake VPN clients that capture credentials and deploy the Hyrax infostealer malware. The attack targets users of Ivanti, Cisco, Fortinet, Sophos, Sonicwall, Check Point, and WatchGuard VPN products by mimicking legitimate download pages and displaying fake login prompts.
phishing
seo-poisoning
credential-theft
fake-installer
infostealer
malware
vpn
social-engineering
persistence
registry-hijacking
code-signing-abuse
windows
Storm-2561
Ivanti
Cisco
Fortinet
Sophos
Sonicwall
Check Point
WatchGuard
Hyrax
Microsoft
Taiyuan Lihua Near Information Technology Co., Ltd.
0
8/10
vulnerability
A logic flaw in 2FA implementation across multiple platforms (Google, Microsoft, Instagram, Cloudflare) allows an attacker to maintain persistence after password recovery by exploiting session renewal in the 2FA page and leveraging the fact that disabled 2FA codes still validate, enabling account takeover without knowing the current password.
2fa-bypass
authentication-bypass
session-management
logic-flaw
persistence
account-takeover
password-reset
multi-factor-authentication
Google
Microsoft
Instagram
Facebook
Cloudflare
Algolia
GitHub
LinkedIn
Luke Berner
HackerOne
Bugcrowd