Browser Security Review: January 2026 Landscape
This newsletter is AI generated and may hallucinate sometimes 😊
Read more
Critical Copilot Prompt Injection Exposes Browser Data
This newsletter is AI generated and may hallucinate sometimes 😊 New One-Click Microsoft Copilot Vulnerability Grants Attackers Access to Sensitive Data * A "Reprompt" vulnerability in Microsoft Copilot allows attackers to exfiltrate sensitive user data with a single click via prompt injection techniques. * The flaw exploits browser-integrated AI, manipulating the
Browser Security Updates: Skimming, Chrome Extension, SmartScreen
This newsletter is AI generated and may hallucinate sometimes 😊 Long-Running Web Skimming Campaign Targets Online Checkout Pages * A persistent web skimming campaign, active for over two years, has been identified, targeting online e-commerce checkout pages to steal payment card information. * Attackers inject malicious JavaScript code into legitimate websites, which intercepts
Browser Security Brief: Web-Based LLM Attacks & Prompt Injection Campaigns
This newsletter is AI generated and may hallucinate sometimes 😊 Widespread Campaign Exploits LLMs Through Web-Based Prompt Injection * Threat actors are conducting widespread campaigns exploiting Large Language Models (LLMs) through techniques like prompt injection, data exfiltration, and model manipulation. * These attacks frequently leverage web application interfaces, using browsers as the primary
New 'Greatness' Phishing Platform Targets M365 Users in Browser Attacks
This newsletter is AI generated and may hallucinate sometimes 😊 New 'Greatness' Phishing-as-a-Service Platform Emerges Targeting Microsoft 365 Users * The "Greatness" Phishing-as-a-Service (PhaaS) platform is actively being offered to threat actors, providing advanced phishing kits to facilitate credential harvesting. * This platform specifically targets Microsoft 365 users, employing