The silent “Storm”: New infostealer hijacks sessions, decrypts server-side

New "Storm" infostealer skips local decryption, sending browser data to attacker servers. Varonis shows how server-side decryption enables session hijacking, bypassing passwords and MFA.
CSO Online

April Patch Tuesday roundup: Zero day vulnerabilities and critical bugs

This month’s threat landscape is ‘defined by immediate, real-world exploitation rather than just theoretical vulnerabilities, ...

Recently leaked Windows zero-days now exploited in attacks

Threat actors are exploiting three recently disclosed Windows security vulnerabilities in attacks aimed at gaining SYSTEM or ...

Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days

Microsoft’s April 2026 Patch Tuesday fixes 165 vulnerabilities, including two zero-days, in one of the company’s largest ...