This week’s episode is about attackers working through what’s already trusted. Not broken. Not bypassed. Trusted.

Across the stories, that shows up in a few different ways. Live sessions get hijacked without a login. Legitimate tools are used to interact with industrial systems. Browser extensions run with broad access inside environments that security teams do not fully control. And in one case, a $10 domain could have put 25,000 endpoints in play.

That is the shift. In many cases, there is no clear “initial access” moment. The access already exists. Attackers step into it and move as the user would. The same pattern shows up in AI. Capability is getting stronger, but the real question is who gets to use it and how long that control holds.

The common thread is trust. Attackers are not always getting in anymore. They are inheriting access and using it before it looks suspicious.

Key Takeaways:

The silent “Storm”: New infostealer hijacks sessions, decrypts server-side, BleepingComputer

https://www.bleepingcomputer.com/news/security/the-silent-storm-new-infostealer-hijacks-sessions-decrypts-server-side/

• What Matters: Silent Storm was discussed as an infostealer that hijacks active sessions instead of stealing credentials. That allows attackers to operate as authenticated users without triggering login-based detection. It shifts the problem from authentication to what happens after access is already established.
• What’s Overhyped: It is easy to treat this as a major shift. Session theft has been around. What has changed is how reliably it bypasses controls built around credentials.

Iran-linked hackers disrupt operations at US critical infrastructure sites, Ars Technica

https://arstechnica.com/security/2026/04/iran-linked-hackers-disrupt-operations-at-us-critical-infrastructure-sites/

• What Matters: Iran-linked actors were reported disrupting operations at U.S. critical infrastructure sites, not just accessing networks. In ICS and OT environments, presence alone can translate into real-world impact. Once attackers reach those systems, even routine actions can have operational consequences.
• What’s Overhyped: The geopolitical framing pulls focus. The more useful takeaway is how fragile many of these environments still are once access is established.

108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users, The Hacker News

https://thehackernews.com/2026/04/108-malicious-chrome-extensions-steal.html

• What Matters: Researchers identified 108 Chrome extensions tied to shared infrastructure that could steal data and inject code into web sessions. These extensions run inside trusted browser environments with broad permissions across user activity. That makes them a quiet but effective access layer for data theft and session abuse.
• What’s Overhyped: The volume makes headlines, but the count is not the issue. The real concern is how much access extensions are given and how little visibility exists once they are installed.

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks, SecurityWeek

https://www.securityweek.com/10-domain-could-have-handed-hackers-25k-endpoints-including-in-ot-and-gov-networks/

• What Matters: An unregistered domain could have been purchased cheaply and used to reach roughly 25,000 systems still attempting to connect to it. No exploit chain was required, just inherited trust from outdated configurations. This highlights how gaps in asset tracking and domain lifecycle management can create large-scale exposure.
• What’s Overhyped: The price point stands out, but it is not the story. What matters is how often stale infrastructure continues to function without ownership or oversight.

Is the AI Cybersecurity Apocalypse Already Here?, New York Magazine

https://nymag.com/intelligencer/article/anthropic-claude-mythos-preview-cybersecurity.html

Trusted access for the next era of cyber defense, OpenAI

https://openai.com/index/scaling-trusted-access-for-cyber-defense/

• What Matters: AI systems are increasingly capable of identifying vulnerabilities and assisting with exploitation workflows. That lowers the barrier to perform work that previously required deeper expertise or more time. As access to these capabilities expands, both attackers and defenders operate with a higher baseline.
• What’s Overhyped: Apocalypse framing misses the mark. This is not a sudden break from the past, but a steady acceleration of existing security work, with pressure shifting to how organizations keep up.