Your Employees Logged In Without Issue; Attackers Logged In Too.
ID: 309d1115-3f65-5be1-ae8b-c67cc8686fc7
STIX ID: report--309d1115-3f65-5be1-ae8b-c67cc8686fc7
Feed Name: Security Boulevard
Constella reports discovery of malicious Chrome extensions and widespread infostealer activity that continuously harvest and exfiltrate session cookies for enterprise HR/ERP and SaaS platforms; stolen cookies allow attackers to hijack authenticated sessions without triggering MFA or login events, enabling large-scale silent access (illustrated by the Snowflake incidents), and the report recommends cookie monitoring, session invalidation, and extension auditing to mitigate the threat.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
