Account Takeover

Mattermost Critical Vulnerability Summary A default configuration in Mattermost, an open source collaboration platform used by enterprises and government agencies, exposes deployments to critical Account Takeover risk. The vulnerability, identified as CVE-2025-12421, allows an attacker, via a single request, to hijack any user account on the system. Technical Details of CVE-2025-12421 The flaw lies in Mattermost’s authentication flow, specifically its handling of switching between different authentication methods (such as email/password to OAuth). The problem is in the /users/login/sso/code-exchange endpoint. ...

CTM360 has identified a rapidly expanding WhatsApp account hacking campaign, internally called HackOnChat. This campaign uses a network of deceptive authentication portals and phishing pages to target users around the world. Attackers exploit WhatsApp’s familiar web interface and employ social engineering tactics to trick users into compromising their accounts. CTM360’s research revealed thousands of malicious URLs hosted on low-cost domains and generated quickly by modern website building platforms, allowing attackers to deploy new pages at scale. A notable increase in incidents has been observed in recent weeks, especially in the Middle East and Asia. ...