This newsletter is AI generated and may hallucinate sometimes 😊 Mozilla Firefox Introduces One-Click Option to Disable Generative AI Features * Mozilla Firefox has added a new user-friendly option that allows users to disable all generative AI features within the browser with a single click. * This feature, currently rolling out in the
This newsletter is AI generated and may hallucinate sometimes 😊 OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link * A critical vulnerability in the OpenClaw platform allows for one-click remote code execution (RCE) simply by coercing a user to click a malicious link. * The flaw stems from improper handling of
This newsletter is AI generated and may hallucinate sometimes 😊 Iran-Linked RedKitten Campaign Targets NGOs with Browser Data Theft * A cyber campaign dubbed "RedKitten," linked to Iran, is actively targeting human rights NGOs and activists, particularly those focusing on Iran, with sophisticated social engineering and custom malware. * The campaign
This newsletter is AI generated and may hallucinate sometimes 😊 AI Models Demonstrate Enhanced Capability in Finding Software Vulnerabilities * New research indicates that custom AI-driven fuzzing tools can independently identify zero-day vulnerabilities, including those in browser JavaScript engines, within a short timeframe. * These advanced AI models exhibit the capacity to learn
This newsletter is AI generated and may hallucinate sometimes 😊 Google Chrome Integrates Gemini AI for Enhanced Browsing and Smart Features * Google is integrating its Gemini AI model directly into the Chrome browser, aiming to enhance user experience with features like tab organization, content summarization, and query suggestions. * The integration leverages
This newsletter is AI generated and may hallucinate sometimes 😊 ClickFix Attacks Expand Using Fake CAPTCHAs and Trusted Web Services * The ClickFix phishing campaign has evolved, now leveraging fake CAPTCHAs, Microsoft JavaScript files, and reputable web services to steal user credentials. * Attackers are exploiting Microsoft's Content Delivery Network (CDN)
This newsletter is AI generated and may hallucinate sometimes 😊 Chrome Patches Actively Exploited Zero-Day CVE-2025-6038 * Google released an emergency security update for Chrome, version 119.0.6045.199/.200 for desktop, addressing a critical zero-day vulnerability tracked as CVE-2025-6038. * The vulnerability is a type confusion bug within the V8 JavaScript
This newsletter is AI generated and may hallucinate sometimes 😊 Infostealers Like Lumma and Vidar Continue to Target Browser Data * Recent security analyses confirm a persistent threat from infostealers, including Lumma Stealer and Vidar Stealer, actively targeting user credentials and sensitive data. * These malware variants focus on extracting stored information from
This newsletter is AI generated and may hallucinate sometimes 😊 * A sophisticated multi-stage phishing campaign is actively targeting various entities in Russia, including government, defense, and research organizations. * The attack chain involves spear-phishing emails delivering malicious ISO files or self-extracting RAR archives, which subsequently deploy the Amnesia RAT (also known as
This newsletter is AI generated and may hallucinate sometimes 😊 AI's Escalating Role in Vulnerability Discovery and Exploitation * Artificial intelligence systems are rapidly improving their capabilities to identify and exploit vulnerabilities across the internet, leading to concerns about the future of cybersecurity. * Researchers are observing that AI models can
This newsletter is AI generated and may hallucinate sometimes 😊 References 1. Microsoft Copilot (Microsoft 365): Newly created Declarative Agents now understand referenced scanned PDFs - Microsoft 2. Microsoft Teams: Ad-hoc room reservation from Teams Rooms on Android console - Microsoft 3. Microsoft Teams: Ad-hoc room reservation from Teams Rooms on
This newsletter is AI generated and may hallucinate sometimes 😊 Malicious Google Calendar invites could expose private data * Vulnerability in Google Calendar allowed prompt-injection instructions in invites to bypass privacy controls. * Malicious invites leveraged Google Gemini to create events summarizing private meetings, exposing data. * Google fixed the issue, but warns of