The silent “Storm”: New infostealer hijacks sessions, decrypts server-side

New "Storm" infostealer skips local decryption, sending browser data to attacker servers. Varonis shows how server-side decryption enables session hijacking, bypassing passwords and MFA.
The Hacker News

April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More

Critical SAP, Adobe, Fortinet, and Microsoft flaws disclosed in April Patch Tuesday, enabling RCE and data theft risks.
ConsumerAffairs

Credit cards

“Ghost tapping” scams are up ~150%: Scammers use fake NFC readers to charge your credit card or phone in crowded places without you noticing. Protect yourself: Turn on instant alerts, lock your phone, ...