[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"focus:the-silent-storm-new-infostealer-hijacks-sessions-decrypts-server-side-mnyrbi1z":3},{"item":4},{"id":5,"title":6,"slug":7,"summary":8,"severity":9,"category":10,"cve_ids":11,"affected_products":12,"action_required":15,"article_ids":16,"ioc_summary":18,"source_urls":19,"status":21,"expires_at":22,"created_at":23,"updated_at":24,"articles":25},"a9951155-9fed-471d-8e2d-1cc5bbc7d4a4","The silent “Storm”: New infostealer hijacks sessions, decrypts server-side","the-silent-storm-new-infostealer-hijacks-sessions-decrypts-server-side-mnyrbi1z","Storm infostealer is actively harvesting browser credentials, session cookies, and crypto wallet data across multiple countries, then decrypting everything server-side to bypass endpoint detection. Attackers are hijacking authenticated sessions without triggering MFA, giving them direct access to Google, Facebook, X, and crypto exchanges. Stolen credentials are already being sold on dark web marketplaces.","critical","advisory",[],[13,14],"Varonis","Google","Hunt for Storm IOCs across endpoint telemetry and proxy logs. Priority: detect suspicious encrypted outbound traffic to unknown C2 infrastructure, unusual browser process behavior, and lateral movement from compromised user accounts. Cross-reference breach notification databases for credential overlap with your user base.",[17],"abf01874-1fcd-455d-88c1-99bbbf5550f1",null,[20],"https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fthe-silent-storm-new-infostealer-hijacks-sessions-decrypts-server-side\u002F","archived","2026-04-16T15:08:54.611+00:00","2026-04-14T15:09:00.390716+00:00","2026-04-16T15:09:14.312876+00:00",[26],{"id":17,"title":6,"url":20}]