The Hacker News

Session Cookie Theft: You Showed Your ID at the Door. But Someone Else Has Your Room Key

Stolen session cookies bypass MFA because tokens remain valid for hours or days, enabling silent account takeovers without triggering security alerts.

Over 100 Chrome Web Store extensions steal user accounts, data

More than 100 malicious extensions in the official Chrome Web Store are attempting to steal Google OAuth2 Bearer tokens, ...
The Hacker News

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Three Defender zero-days exploited since April 10, 2026, enabling privilege escalation and DoS, forcing isolation of affected ...
Spectrum News NY1

Hijacking the Brain: Scientists Are Using VR to Treat Chronic Pain

Harmon Clarke’s intestines are lined with ulcers; he has Crohn’s disease. He says he’s in pain, almost daily. “It's a sharp cramping, but it comes in waves. For a few minutes I'll just be hunched over ...
Microsoft

Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise

The Microsoft Defender Security Research Team uncovered a sophisticated macOS intrusion campaign attributed to the North ...