The silent “Storm”: New infostealer hijacks sessions, decrypts server-side

New "Storm" infostealer skips local decryption, sending browser data to attacker servers. Varonis shows how server-side decryption enables session hijacking, bypassing passwords and MFA.
The Hacker News

108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users

According to Socket, the extensions (complete list here) are published under five distinct publisher identities – Yana ...

Hackers exploit critical flaw in Ninja Forms WordPress plugin

A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files ...
CSO Online

Hackers exploit a critical Flowise flaw affecting thousands of AI workflows

The design flaw in Flowise’s Custom MCP node has allowed attackers to execute arbitrary JavaScript through unvalidated ...