Browser Security

Critical SandboxJS Flaws (CVSS 10.0) Enable Host Takeover

Nishant Sharma

10 Feb 2026 — 1 min read

This newsletter is AI generated and may hallucinate sometimes 😊

The Brave Search API's integration into Snowflake enables agentic web search for enterprise customers

Brave Search API integrates with Snowflake, offering privacy-focused web search for enterprises.
API provides real-time web data from an independent index, with SOC 2 Type II attestation.
Enterprise solution supports secure AI development with over 100 million daily page updates.

Source: Brave | Date: February 03, 2026

ALOHA Tool Uses GenAI to Emulate Adversaries

ALOHA uses generative AI to simulate sophisticated cyberattacks for cybersecurity teams.
Tool connects to test machines and LLMs like Claude Sonnet 4 for adversary emulation.
ALOHA democratizes threat intelligence, enabling small IT teams to conduct advanced cyber defense.

Source: IT Brew | Date: February 06, 2026

Four critical vulnerabilities, all rated with a CVSS score of 10.0, have been identified in SandboxJS, a JavaScript sandboxing library.
These severe flaws allow unauthenticated attackers to achieve host takeover by executing arbitrary code outside the confined sandbox environment.
Organizations integrating SandboxJS to process untrusted JavaScript are strongly advised to apply updates immediately to mitigate the risk of full system compromise.

Source: SecurityOnline.info | Date: February 09, 2026

References

Code Red: 4 Critical SandboxJS Flaws (CVSS 10.0) Allow Host Takeover - SecurityOnline.info

German Agencies Warn of Signal Phishing Campaigns Exploiting Browsers

This newsletter is AI generated and may hallucinate sometimes 😊 * German intelligence agencies BSI and BfV issued a joint warning regarding an active phishing campaign targeting high-profile individuals, including politicians, military personnel, and journalists, via the Signal messaging app. * This campaign leverages sophisticated social engineering to deceive victims into clicking malicious

PDF.js Critical JavaScript Library Flaws Addressed: Update Urgently

This newsletter is AI generated and may hallucinate sometimes 😊 * Mozilla's PDF.js, a popular open-source JavaScript library widely used for in-browser PDF rendering, has addressed critical code injection and crash vulnerabilities. * The code injection flaw could enable attackers to execute arbitrary JavaScript code within a user's

Blesta XSS Flaw Poses Client-Side Risk to Management Portals

This newsletter is AI generated and may hallucinate sometimes 😊 Blesta Reflected XSS Flaw Endangers Client Management Portals * A reflected Cross-Site Scripting (XSS) vulnerability, tracked as KIS-2026-01, has been identified in Blesta versions up to 5.13.1, specifically affecting the confirm_url parameter. * This flaw enables attackers to inject arbitrary

Chrome, Foxit & Open VSX Address Critical Browser & Extension Security

This newsletter is AI generated and may hallucinate sometimes 😊 Foxit Releases Security Updates for PDF Editor Cloud XSS Vulnerabilities * Foxit released security updates for its PDF Editor Cloud, addressing multiple Cross-Site Scripting (XSS) vulnerabilities. * These XSS flaws could allow attackers to inject malicious scripts into web pages viewed by users,

The Brave Search API's integration into Snowflake enables agentic web search for enterprise customers

ALOHA Tool Uses GenAI to Emulate Adversaries

References

Read more

German Agencies Warn of Signal Phishing Campaigns Exploiting Browsers

PDF.js Critical JavaScript Library Flaws Addressed: Update Urgently

Blesta XSS Flaw Poses Client-Side Risk to Management Portals

Chrome, Foxit & Open VSX Address Critical Browser & Extension Security