The silent “Storm”: New infostealer hijacks sessions, decrypts server-side

Monday, April 13, 2026 at 02:05 PM UTC·Source: BleepingComputer

Updated: Monday, April 13, 2026 at 02:10 PM UTC

Executive Summary

New "Storm" infostealer skips local decryption, sending browser data to attacker servers. Varonis shows how server-side decryption enables session hijacking, bypassing passwords and MFA. [...]

Analysis

New "Storm" infostealer skips local decryption, sending browser data to attacker servers. Varonis shows how server-side decryption enables session hijacking, bypassing passwords and MFA. [...]

Source Attribution

Originally published by BleepingComputer on Apr 13, 2026.

Related Threats

MEDIUMVulnerabilityNEW

PwC: Cybersecurity Risk Outpaces Corporate Ability to Manage

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/pwc-cybersecurity-risk-outpaces-corporate-ability-to-manage-image_small-8-a-31405.jpg" align=right hspace=4><b>American Corporations Upping Spend on AI and Technology</b><br>Cybersecurity now ranks among the most significant business risks shaping corporate strategy, even as many companies acknowledge they lack the capability to r

24m agoBank Info Security

LOWVulnerabilityNEW

SRM appoints Ian Povey to advisory board

SRM, a trusted advisory firm serving financial institutions globally, announced the appointment of Ian Povey to its International Advisory Board.

36m agoFinextra

MEDIUMVulnerabilityNEW

Anatomy of an Autonomous AI Agent Risk: How Qualys ETM Connects the Dots on OpenClaw

Executive Summary An unauthorized OpenClaw AI agent was detected disguised as a routine package on a Windows Server host. The situation escalated into a priority incident when Qualys ETM analyzed and correlated four distinct signals. While none of these signals alone warranted urgent action, the combination of endpoint, exposure, and identity telemetry indicated an active […]

52m agoQualys Blog