New Password Stealer Bypasses 2FA—Chrome, Edge And Firefox Targeted

This new Storm attack platform can exfiltrate passwords and session data, enabling 2FA bypass. Google Chrome, Microsoft Edge ...
Biometric Update

Venom Stealer pushes credential theft into more dangerous phase

Venom Stealer is a new malware-as-a-service infostealer that security researchers say is more dangerous than many older ...
Infosecurity Magazine

New 'Storm' Infostealer Remotely Decrypts Stolen Credentials

Security researchers at Varonis have uncovered a new information stealer malware (infostealer) strain that harvests browser ...
Arabian Post

Storm malware turns browser theft into access

Security researchers at Varonis have identified a new infostealer dubbed Storm that appears to mark a more polished phase in ...
Microsoft

Inside an AI‑enabled device code phishing campaign

A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation.
The Hacker News

⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More

Phishing surge, LinkedIn tracking claims, spyware use, and rising stealers expose growing abuse of trusted systems.
The Hacker News

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.
Cyber Defense Magazine

Inside the Infostealer Economy

Passwords are a perennial security vulnerability, but threat actors’ means of accessing this information has historically been relatively stagnant.

Storm malware automates session hijacking for entry-level hackers

Rookie cybercriminals now use subscription malware to hijack enterprise and cryptocurrency accounts ...