SANS Internet Storm Center Highlights Critical Security Issues

The May 6, 2026, SANS Internet Storm Center Stormcast highlighted three security issues. Microsoft Edge decrypts all stored passwords in memory upon launch, allowing attackers with user-level access to extract them in bulk, even if individual passwords require authentication; Microsoft classified this as intended behavior. DigiCert (.com) rotated its root certificates on the same day, which may impact systems using mutual TLS, certificate pinning, or custom root certificate management, particularly in Unix environments or mobile applications. Additionally, Kaspersky identified a supply chain compromise affecting Demon Tools, where malicious versions signed with legitimate certificates were distributed from the official website (demon-tools.cc) for about a month, installing backdoors and information stealers via a lookalike domain (demontools.cc). The attack targeted Windows versions, though Mac versions may also be affected, and no official notice was posted by Demon Tools at the time of reporting.