The silent “Storm”: New infostealer hijacks sessions, decrypts server-side

New "Storm" infostealer skips local decryption, sending browser data to attacker servers. Varonis shows how server-side decryption enables session hijacking, bypassing passwords and MFA.
Security Boulevard

This fake Windows support website delivers password-stealing malware

A convincing Microsoft lookalike tricks users into downloading malware that steals passwords, payments, and account access.
GitHub

CTR-DRBG IP Core

The Lumees Lab CTR-DRBG IP Core is a hardware implementation of the NIST SP 800-90A Rev 1 Deterministic Random Bit Generator using AES-256 as the block cipher. It provides cryptographically secure ...
winbuzzer.com

GhostClaw Fake OpenClaw Installer Steals macOS Dev Credentials

A fake OpenClaw installer silently stole sensitive data from 178 macOS developers, harvesting their Keychain passwords, cloud credentials, and crypto wallets before npm removed the package on March 10 ...
decrypt

OpenClaw Developers Lured in GitHub Phishing Campaign Targeting Crypto Wallets

Add Decrypt as your preferred source to see more of our stories on Google. Attackers used fake GitHub accounts to tag developers, claiming they had won $5,000 in ...
technext24

Explainer: Why Meta is discontinuing end-to-end encryption on Instagram

In an unexpected update, Meta Inc. announced plans to discontinue its end-to-end encryption (E2EE) for direct chats on Instagram, its video-sharing platform. As the decision will take effect after May ...
Android Police

Meta sabotaged Instagram's end-to-end encryption rollout to justify killing it

Karandeep Singh Oberoi is a Durham College Journalism and Mass Media graduate who joined the Android Police team in April 2024, after serving as a full-time News Writer at Canadian publication ...