Browser Security

Browser Threats: GoldPickaxe, Opera Neon AI Prompt Injection

Nishant Sharma

22 Dec 2025 — 1 min read

This newsletter is AI generated and may hallucinate sometimes 😊

GoldPickaxe Malware Leverages Browser-in-the-Browser Attacks

The GoldPickaxe malware campaign is actively employing sophisticated "browser-in-the-browser" social engineering techniques to target both iOS and Android users.
Attackers are using this method to steal sensitive information, including facial scan data and various credentials, by impersonating legitimate banking and government applications.
This advanced phishing technique creates fake browser windows within trusted sites, highlighting an evolving and persistent threat vector that bypasses traditional web security awareness.

Source: Security Affairs | Date: December 16, 2025

Opera Neon AI Chatbot Vulnerable to Prompt Injection

A critical prompt injection vulnerability has been identified in the integrated AI chatbot within the Opera Neon browser, allowing for manipulation of its Large Language Model (LLM).
This flaw enables attackers to inject malicious commands into the AI's prompts, potentially leading to cross-origin data leaks and the exposure of sensitive user information.
The vulnerability highlights the emerging security challenges in AI-powered browser features, where novel attack vectors can bypass established browser security boundaries and expose users.

Source: Security Affairs | Date: December 16, 2025

References

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 76 - Security Affairs

Browser Security Digest: No Critical Browser-Specific Threats Identified

This newsletter is AI generated and may hallucinate sometimes 😊 Weekly Browser Security Digest: No Critical Browser-Specific Threats Reported * A thorough analysis of recent security advisories and threat intelligence reports reveals no new critical vulnerabilities or active exploit campaigns directly targeting web browsers. * This review focused on web rendering engines, JavaScript

Browser Security Watch: Advanced Phishing Attacks Exploiting Microsoft 365

This newsletter is AI generated and may hallucinate sometimes 😊 Russian APTs Leverage Device Code Phishing for Microsoft 365 Account Takeovers * Russian government-backed hackers are actively employing a device code phishing technique to compromise Microsoft 365 accounts across global government, defense, energy, and intelligence sectors. * This attack bypasses traditional multi-factor authentication

Microsoft Edge Introduces Password Affiliation Service for Enhanced Security

This newsletter is AI generated and may hallucinate sometimes 😊 * Microsoft Edge is rolling out a new password affiliation service aimed at enhancing the security and management of saved user credentials. * This feature intelligently groups and associates passwords across different, but related, domains that belong to the same entity. * By understanding

Chrome Zero-Days & Firefox Malware: Emergency Browser Updates Critical

This newsletter is AI generated and may hallucinate sometimes 😊 GhostPoster Malware Found in 17 Firefox Add-ons with 50,000+ Downloads * Security researchers identified GhostPoster malware embedded within 17 malicious Firefox add-ons, which collectively accumulated over 50,000 downloads. * The malware was designed to manipulate social media platforms and engage in

GoldPickaxe Malware Leverages Browser-in-the-Browser Attacks

Opera Neon AI Chatbot Vulnerable to Prompt Injection

References

Read more

Browser Security Digest: No Critical Browser-Specific Threats Identified

Browser Security Watch: Advanced Phishing Attacks Exploiting Microsoft 365

Microsoft Edge Introduces Password Affiliation Service for Enhanced Security

Chrome Zero-Days & Firefox Malware: Emergency Browser Updates Critical