MEDIUMVulnerability
Global

The silent “Storm”: New infostealer hijacks sessions, decrypts server-side

·Source: BleepingComputer

Updated:

Executive Summary

New "Storm" infostealer skips local decryption, sending browser data to attacker servers. Varonis shows how server-side decryption enables session hijacking, bypassing passwords and MFA. [...]

Analysis

New "Storm" infostealer skips local decryption, sending browser data to attacker servers. Varonis shows how server-side decryption enables session hijacking, bypassing passwords and MFA. [...]
Source Attribution

Originally published by BleepingComputer on Apr 13, 2026.

Related Threats

MEDIUMVulnerability

Romanian National Sentenced for Selling Access to Networks of Oregon State Government Office

A Department of Justice press release on May 27 reports that a Romanian national who faced seven years in prison for selling access to an Oregon state government office in 2021 and other U.S. entities has been sentenced to 56 months in prison: According to court documents, Catalin Dragomir, 46, formerly of Constanta, Romania, sold... Source

DataBreaches.net
MEDIUMVulnerability

Monzo launches mobile phone plan with discounts for loyal users

UK digital bank Monzo has opened a waitlist for a SIM-only mobile plan over the Virgin Media 02 network.

Finextra
MEDIUMVulnerability

Push by Aave Labs receives FCA crypto approval

Push Labs Limited and Push Virtual Assets Limited (together “Push”), both UK subsidiaries of Aave Labs, today announced that they have received approval from the UK’s Financial Conduct Authority (FCA) for their applications to register as a cryptoasset exchange provider in the UK.

Finextra