The silent “Storm”: New infostealer hijacks sessions, decrypts server-side

New "Storm" infostealer skips local decryption, sending browser data to attacker servers. Varonis shows how server-side decryption enables session hijacking, bypassing passwords and MFA.
The Hacker News

CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads

CPUID breach served STX RAT via trojanized CPU-Z downloads on April 9–10, impacting 150+ victims and multiple industries.
CSO Online

Claude uncovers a 13‑year‑old ActiveMQ RCE bug within minutes

The decade-old ActiveMQ flaw was uncovered and weaponized in minutes, showing AI’s exploit-building potential amid the Mythos ...
GitHub

ESP8266/ESP32 UMTX2 Jailbreak Host for PlayStation 5 (FW 1.00–5.50)

Lightweight web server for ESP8266/ESP32 boards that hosts the PlayStation 5 UMTX2 Jailbreak for firmware versions 1.00–5.50, with minor modifications to enable caching, data compression and access to ...