#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
DevSecOps

Christy Philip Mathew | Breaking Cybersecurity News | The Hacker News

Category — Christy Philip Mathew
Hacking Google users with Google's GooPass phishing attack

Hacking Google users with Google's GooPass phishing attack

Mar 09, 2013
Google Drive is the new home for Google Docs , that users can access everywhere for Storing files safely. In a recent demonstration hacker successfully performed an attack on Google Docs to trick users to grab their Facebook, Gmail, Yahoo credentials with Credit Card Information. Security researcher Christy Philip Mathew came up with combination of  Clickjacking and CSRF vulnerabilities in Google's Docs that can allow a hacker to create a document in victim's Drive for further phishing attack. For those who are not aware about Clickjacking, It is a technique where an attacker tricks a user into performing certain actions on a website by hiding clickable elements inside an invisible iframe. He explain how this technique can be executed to pwn a Google user to steal victim's all type of credentials with a phishing attack. Here attacker need to send a Malicious URL to the victim, where victim needs to interact with some buttons only. Vulnera...
cPanel and WHM Multiple Cross Site Scripting Vulnerabilities

cPanel and WHM Multiple Cross Site Scripting Vulnerabilities

Dec 27, 2012
cPanel is a Unix based  fully featured popular web based hosting account control panel that helps webmasters to manage their domains through a web browser. The latest version of  cPanel & WHM is 11.34, which is  v ulnerable  to multiple cross site scripting. During my bug hunting process, today I ( Christy Philip Mathew )  discovered some serious XSS v ulnerabilities in  official cPanel, WHM. It also impact on the  latest version of software. This week, Rafay Baloch (Pakistani white hat hacker) also discovered another reflective cross site scripting vulnerability in  cPanel at manage.html . The interesting part would be the whole demonstration I done with the Official cPanel Demo located at https://cpanel.net/demo/ location, can be accessed via demo user & password provided by cPanel website itself i.e.  https://demo.cpanel.net:2086/login/?user=demo&pass=demo These  vulnerabilit...
Don't Overlook These 6 Critical Okta Security Configurations

Don't Overlook These 6 Critical Okta Security Configurations

Feb 10, 2025Identity Security / Data Protection
Given Okta's role as a critical part of identity infrastructure, strengthening Okta security is essential. This article covers six key Okta security settings that provide a strong starting point, along with recommendations for implementing continuous monitoring of your Okta security posture. With over 18,000 customers, Okta serves as the cornerstone of identity governance and security for organizations worldwide. However, this prominence has made it a prime target for cybercriminals who seek access to valuable corporate identities, applications, and sensitive data. Recently, Okta warned its customers of an increase in phishing social engineering attempts to impersonate Okta support personnel. Given Okta's role as a critical part of identity infrastructure, strengthening Okta security is essential. This article covers six key Okta security settings that provide a strong starting point, along with how continuous monitoring of your Okta security posture helps you avoid miscon...
PayPal Bug Bounty Program - playing fair ?

PayPal Bug Bounty Program - playing fair ?

Nov 13, 2012
Bug Bounty program, where white hat hackers and researchers hunt for serious security vulnerabilities and disclosing them only to the vendor for a patch , In return vendors rewards them with money. Various famous websites like Facebook , Google , Paypal , Mozilla, Barracuda Networks and more other giving away bug bounties in thousands of Dollars to hackers for finding vulnerabilities. Most common vulnerabilities reported maximum time on various sites is Cross site scripting and each month hackers submit lots of such vulnerabilities to companies. In case  your report is duplicate, i.e. Someone else before you submit the same vulnerability - company will reject you from the bug bounty program. But there is no proof or an open Panel where hacker can verify that is someone already reported for same bug before or not. If company reply you - " The bug was already discovered by another researcher" , can you do anything  even af...
cyber security

Webinar: 5 Ways New AI Agents Can Automate Identity Attacks | Register Now

websitePush SecurityAI Agents / Identity Security
Learn how CUAs like OpenAI Operator can be used by attackers to automate account takeover and exploitation.
Expert Insights / Articles Videos
Cybersecurity Resources