Browser Security Alert: Microsoft CSP, NTLM, & Angular XSRF Flaws

Xillen Stealer With New Advanced Features Evade AI Detection and Steal Sensitive Data from Password Managers

• Xillen Stealer versions 4 and 5 use advanced features to evade AI-driven security solutions.
• Malware targets sensitive data from password managers, browser-stored info, and cryptocurrency wallets.
• Evasion techniques include polymorphic code, obfuscation, and behavioral mimicry, bypassing detection systems.

Source: Teamwin | Date: November 22, 2025

What to know about a recent Mixpanel security incident

• Mixpanel suffered unauthorized system access, exporting limited customer identifiable information from OpenAI API users.
• Compromised data included names, emails, location, OS/browser details, but no passwords or API keys were exposed.
• OpenAI removed Mixpanel, is notifying users, and advises vigilance against phishing; enable multi-factor authentication.

Source: OpenAI | Date: November 26, 2025

Microsoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP Update

• Microsoft plans to enforce a Content Security Policy (CSP) by early 2026 to block unauthorized third-party scripts from running on Entra ID login pages, including those for Microsoft account (MSA) and Azure Active Directory (AAD) accounts.
• This change aims to mitigate risks from cross-site scripting (XSS) and client-side attacks that could leverage vulnerable third-party JavaScript for credential theft or session hijacking during authentication flows.
• While CSP enforcement is set for early 2026, Microsoft strongly advises customers to review their Entra ID login customizations and ensure compliance with the new policy by December 2, 2025, to avoid service disruptions.

Source: The Hacker News | Date: November 11, 2025

Zombie Protocol: NTLM Flaws Like CVE-2024-43451 Haunt 2025 with RCE Risks

• The NTLM "Zombie Protocol" vulnerability (CVE-2024-43451), identified by a CVSS score of 9.8, enables remote code execution through NTLM relay attacks and affects various Microsoft platforms including Windows Server, Exchange Server, and Active Directory.
• This critical flaw permits attackers to gain SYSTEM privileges by chaining NTLM relay with other vulnerabilities, bypassing security measures like NTLM signing and channel binding.
• Organizations are urged to apply Microsoft's patches for CVE-2024-43451, disable NTLM where possible, enable Extended Protection for Authentication (EPA), and implement NTLM blocking on sensitive services to mitigate the risk of browser-based attacks via poisoned links.

Source: SecurityOnline.info | Date: November 11, 2025

Angular HTTP Client Vulnerability Exposes XSRF Token to Attacker-Controlled Domain

• A vulnerability (CVE-2025-3000) in Angular's HTTP Client can expose XSRF (Cross-Site Request Forgery) tokens to attacker-controlled domains, potentially leading to authentication bypass and session hijacking.
• The flaw occurs when an Angular application makes a request to a malicious subdomain, causing the XSRF token to be sent to the attacker instead of the legitimate server, fundamentally undermining the security mechanism.
• Developers are advised to update their Angular applications to versions patched for CVE-2025-3000 and ensure their application configurations correctly handle XSRF token transmission only to trusted origins to prevent data leakage.

Source: Cybersecurity News | Date: November 11, 2025

References

1. Microsoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP Update - The Hacker News
2. Zombie Protocol: How NTLM Flaws Like CVE-2024-43451 Are Haunting 2025 - SecurityOnline.info
3. Angular HTTP Client Vulnerability Exposes XSRF Token to an Attacker-Controlled Domain - Cybersecurity News