The silent “Storm”: New infostealer hijacks sessions, decrypts server-side

New "Storm" infostealer skips local decryption, sending browser data to attacker servers. Varonis shows how server-side decryption enables session hijacking, bypassing passwords and MFA.
Decrypt

Crypto Hacker Mints $1.1 Billion in Polkadot via Ethereum Bridge, But Can Only Cash Out $237K

A hacker exploited a Polkadot bridge, minting $1.1 billion worth of DOT tokens before making a tiny fraction of that tally by ...
Decrypt

Foundry Launches Zcash Mining Pool Alongside Industry-Leading Bitcoin Pool

The world's largest Bitcoin mining pool operator expands into the privacy-focused Zcash token with rapid network adoption.
PCMag

I Put 4 Windows Debloating Tools to the Test. The Results Were Embarrassing

Debloat tools claim to make Windows 11 more efficient by removing unnecessary processes and freeing up RAM. In practice, that ...
The Hacker News

⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More

Stay ahead of the logs with our Monday Recap. We break down active Adobe 0-days, North Korean crypto stings, and critical CVEs you need to patch today ...
CoinDesk

Attacker mints $1 billion Polkadot tokens on Ethereum, ends up stealing just $250,000

A forged cross-chain message bypassed state proof validation on the bridge contract, granting admin control over the bridged ...

Critical flaw in wolfSSL library enables forged certificate use

A critical vulnerability in the wolfSSL SSL/TLS library can weaken security via improper verification of the hash algorithm ...