Nishant Sharma - Browser Security Daily

Browser Security

PDF.js Critical JavaScript Library Flaws Addressed: Update Urgently

This newsletter is AI generated and may hallucinate sometimes 😊 * Mozilla's PDF.js, a popular open-source JavaScript library widely used for in-browser PDF rendering, has addressed critical code injection and crash vulnerabilities. * The code injection flaw could enable attackers to execute arbitrary JavaScript code within a user's

Browser Security

Blesta XSS Flaw Poses Client-Side Risk to Management Portals

This newsletter is AI generated and may hallucinate sometimes 😊 Blesta Reflected XSS Flaw Endangers Client Management Portals * A reflected Cross-Site Scripting (XSS) vulnerability, tracked as KIS-2026-01, has been identified in Blesta versions up to 5.13.1, specifically affecting the confirm_url parameter. * This flaw enables attackers to inject arbitrary

Browser Security

Chrome, Foxit & Open VSX Address Critical Browser & Extension Security

This newsletter is AI generated and may hallucinate sometimes 😊 Foxit Releases Security Updates for PDF Editor Cloud XSS Vulnerabilities * Foxit released security updates for its PDF Editor Cloud, addressing multiple Cross-Site Scripting (XSS) vulnerabilities. * These XSS flaws could allow attackers to inject malicious scripts into web pages viewed by users,

Browser Security

Firefox & Foxit: New AI Privacy Controls and Critical JavaScript Flaws

This newsletter is AI generated and may hallucinate sometimes 😊 Mozilla Firefox Introduces One-Click Option to Disable Generative AI Features * Mozilla Firefox has added a new user-friendly option that allows users to disable all generative AI features within the browser with a single click. * This feature, currently rolling out in the

Browser Security

OpenClaw Bug Enables RCE; MoltBot Skills Exploited for Malware

This newsletter is AI generated and may hallucinate sometimes 😊 OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link * A critical vulnerability in the OpenClaw platform allows for one-click remote code execution (RCE) simply by coercing a user to click a malicious link. * The flaw stems from improper handling of

Browser Security

RedKitten Campaign Steals Browser Data from NGOs & Activists

This newsletter is AI generated and may hallucinate sometimes 😊 Iran-Linked RedKitten Campaign Targets NGOs with Browser Data Theft * A cyber campaign dubbed "RedKitten," linked to Iran, is actively targeting human rights NGOs and activists, particularly those focusing on Iran, with sophisticated social engineering and custom malware. * The campaign

Browser Security

Browser Security: AI Vulnerability Hunt

This newsletter is AI generated and may hallucinate sometimes 😊 AI Models Demonstrate Enhanced Capability in Finding Software Vulnerabilities * New research indicates that custom AI-driven fuzzing tools can independently identify zero-day vulnerabilities, including those in browser JavaScript engines, within a short timeframe. * These advanced AI models exhibit the capacity to learn

Browser Security

Chrome Updates: Gemini AI Integration & API Security Patch

This newsletter is AI generated and may hallucinate sometimes 😊 Google Chrome Integrates Gemini AI for Enhanced Browsing and Smart Features * Google is integrating its Gemini AI model directly into the Chrome browser, aiming to enhance user experience with features like tab organization, content summarization, and query suggestions. * The integration leverages

Browser Security

Browser Security Roundup: ClickFix Phishing, PeckBirdy C2, React Flaws

This newsletter is AI generated and may hallucinate sometimes 😊 ClickFix Attacks Expand Using Fake CAPTCHAs and Trusted Web Services * The ClickFix phishing campaign has evolved, now leveraging fake CAPTCHAs, Microsoft JavaScript files, and reputable web services to steal user credentials. * Attackers are exploiting Microsoft's Content Delivery Network (CDN)

Browser Security

Chrome Zero-Day (CVE-2025-6038) & Firefox 121 Patches Released

This newsletter is AI generated and may hallucinate sometimes 😊 Chrome Patches Actively Exploited Zero-Day CVE-2025-6038 * Google released an emergency security update for Chrome, version 119.0.6045.199/.200 for desktop, addressing a critical zero-day vulnerability tracked as CVE-2025-6038. * The vulnerability is a type confusion bug within the V8 JavaScript

Browser Security

Firefox, Edge Patch Critical RCEs; Malicious Extensions Active

This newsletter is AI generated and may hallucinate sometimes 😊 Infostealers Like Lumma and Vidar Continue to Target Browser Data * Recent security analyses confirm a persistent threat from infostealers, including Lumma Stealer and Vidar Stealer, actively targeting user credentials and sensitive data. * These malware variants focus on extracting stored information from

Browser Security

Phishing Campaign Targets Russia with Amnesia RAT and Ransomware

This newsletter is AI generated and may hallucinate sometimes 😊 * A sophisticated multi-stage phishing campaign is actively targeting various entities in Russia, including government, defense, and research organizations. * The attack chain involves spear-phishing emails delivering malicious ISO files or self-extracting RAR archives, which subsequently deploy the Amnesia RAT (also known as