The silent “Storm”: New infostealer hijacks sessions, decrypts server-side

New "Storm" infostealer skips local decryption, sending browser data to attacker servers. Varonis shows how server-side decryption enables session hijacking, bypassing passwords and MFA.
Morning Overview on MSN

Chrome adds device-bound sessions to curb infostealer cookie theft

Stolen browser cookies have become one of the most traded commodities on criminal marketplaces, letting attackers slip into ...
The Hacker News

Session Cookie Theft: You Showed Your ID at the Door. But Someone Else Has Your Room Key

Stolen session cookies bypass MFA because tokens remain valid for hours or days, enabling silent account takeovers without triggering security alerts.

New Password Stealer Bypasses 2FA—Chrome, Edge And Firefox Targeted

This new Storm attack platform can exfiltrate passwords and session data, enabling 2FA bypass. Google Chrome, Microsoft Edge ...

Anchor Browser Launches OmniConnect, Eliminating the #1 Cause of Enterprise Computer Use Failure

New infrastructure integration with 1Password gives computer use agents self-healing authentication - solving the ...
Nasdaq

CRWD to Acquire Seraphic: Is Browser Security the Next Growth Engine?

CrowdStrike CRWD recently signed a definitive agreement to acquire Seraphic Security to expand its protection to secure web browsers. Nowadays, AI agents are starting to operate inside browser ...