The silent “Storm”: New infostealer hijacks sessions, decrypts server-side

New "Storm" infostealer skips local decryption, sending browser data to attacker servers. Varonis shows how server-side decryption enables session hijacking, bypassing passwords and MFA.

Microsoft: Third-Party Android Vulnerability Leaves Over 50M Users Exposed

A flaw in the EngageLab SDK exposed 50 million Android users, allowing malicious apps to exploit trusted permissions and ...
CSO Online

Claude uncovers a 13‑year‑old ActiveMQ RCE bug within minutes

The decade-old ActiveMQ flaw was uncovered and weaponized in minutes, showing AI’s exploit-building potential amid the Mythos ...

Google Chrome adds infostealer protection against session cookie theft

Google has rolled out Device Bound Session Credentials (DBSC) protection in Chrome 146 for Windows, designed to block ...
Redmondmag.com

Microsoft Flags Fast-Moving Ransomware, Router-Based Espionage Threats

Microsoft is warning organizations about two active cybersecurity threats: a fast-moving ransomware campaign and a Russian espionage operation that abuses small office and home office routers to ...

Broadcom’s Automic Automation V26 Unveiled: Bringing Trust and Governance to AI in Enterprise Business Operations

Broadcom today is releasing a major new version of its enterprise automation and orchestration product, Automic Automation ...
CSO Online

Fortinet releases emergency hotfix for FortiClient EMS zero-day flaw

Exploited in the wild prior to Fortinet’s advisory, the vulnerability allows unauthenticated attackers to remotely execute ...