Browser Security

Browser Security Bulletin: Mozilla, Comet, & Copilot Extension Updates

Nishant Sharma

21 Nov 2025 — 1 min read

Verifiable Privacy and Transparency: A new frontier for Brave AI privacy

Brave's Leo AI assistant integrates cryptographically verifiable privacy using NEAR AI Nvidia-backed TEEs.
Confidential computing runs user data and model execution within secure, hardware-isolated GPU enclaves.
Users can verify model integrity and prevent data tampering via open-source code and cryptographic proofs.

Source: Brave(https://brave.com/blog/browser-ai-tee/) | Date: November 20, 2025

Mac users warned about new DigitStealer information stealer

New DigitStealer malware targets Mac users, employing advanced detection-evasion and fileless operation.
Distributed via fake "DynamicLake" app, it infects newer Macs with ARM M2 chips or later, avoiding older devices.
Malware steals sensitive files, browser data, passwords, crypto wallets, VPN configurations, and Telegram sessions.

Source: Malwarebytes(https://www.malwarebytes.com/blog/news/2025/11/mac-users-warned-about-new-digitstealer-information-stealer) | Date: November 19, 2025

Mozilla Commits to "Human-Centered AI" for Trustworthy and Open Web

Mozilla announced its strategic commitment to a "Human-Centered AI" approach, aiming to develop artificial intelligence that prioritizes privacy, user agency, and transparency.
The initiative seeks to apply Mozilla's foundational values, previously used to build an open web, to the evolving landscape of AI technologies.
Mozilla plans to foster independent, open-source AI solutions as alternatives to proprietary models, ensuring broader access and ethical development.

Source: Mozilla Blog | Date: November 5, 2025

Critical Flaw in Comet Browser Allows Hidden API to Execute Remote Commands

A significant vulnerability in Comet Browser has been identified, allowing malicious actors to exploit a hidden API to run arbitrary commands on a user's device without their knowledge.
This flaw bypasses standard browser security protocols, posing a direct threat for remote code execution and subsequent system compromise.
Users of Comet Browser are strongly urged to apply the latest security updates immediately to protect against potential exploitation of this critical vulnerability.

Source: Hackread | Date: November 4, 2025

References

Rewiring Mozilla: Doing for AI what we did for the web - Mozilla Blog
Comet Browser Flaw Lets Hidden API Run Commands on Users’ Devices - Hackread

       - This newsletter is AI generated and may hallucination sometimes 😊

Browser Security Watch: No New Critical Flaws Identified

This newsletter is AI generated and may hallucinate sometimes 😊

Cybercriminals Launch Massive Holiday-Themed Phishing Domain Campaign

This newsletter is AI generated and may hallucinate sometimes 😊 Hackers Register 18,000 Holiday-Themed Domains for Cyberattacks * Researchers identified over 18,000 newly registered domains using holiday-related keywords like "Christmas," "Black Friday," and "Flash Sale," designed for phishing, malware distribution, and brand impersonation. * These

Browser Security Alert: Microsoft CSP, NTLM, & Angular XSRF Flaws

This newsletter is AI generated and may hallucinate sometimes 😊 Xillen Stealer With New Advanced Features Evade AI Detection and Steal Sensitive Data from Password Managers * Xillen Stealer versions 4 and 5 use advanced features to evade AI-driven security solutions. * Malware targets sensitive data from password managers, browser-stored info, and cryptocurrency

Chrome Patches, Firefox Flaw, & RomCom APT's SocGholish Shift

This newsletter is AI generated and may hallucinate sometimes 😊 AI shoppers open the door to a world of uncertainty * AI shopping agents introduce significant security risks by handling sensitive payment and email data. * Attackers exploit AI agents to steal credit card and bank account information, enabling large-scale fraud. * Immature AI