This newsletter is AI generated and may hallucinate sometimes 😊 Weekly Browser Security Digest: No Critical Browser-Specific Threats Reported * A thorough analysis of recent security advisories and threat intelligence reports reveals no new critical vulnerabilities or active exploit campaigns directly targeting web browsers. * This review focused on web rendering engines, JavaScript
This newsletter is AI generated and may hallucinate sometimes 😊 GoldPickaxe Malware Leverages Browser-in-the-Browser Attacks * The GoldPickaxe malware campaign is actively employing sophisticated "browser-in-the-browser" social engineering techniques to target both iOS and Android users. * Attackers are using this method to steal sensitive information, including facial scan data and various
This newsletter is AI generated and may hallucinate sometimes 😊 Russian APTs Leverage Device Code Phishing for Microsoft 365 Account Takeovers * Russian government-backed hackers are actively employing a device code phishing technique to compromise Microsoft 365 accounts across global government, defense, energy, and intelligence sectors. * This attack bypasses traditional multi-factor authentication
This newsletter is AI generated and may hallucinate sometimes 😊 * Microsoft Edge is rolling out a new password affiliation service aimed at enhancing the security and management of saved user credentials. * This feature intelligently groups and associates passwords across different, but related, domains that belong to the same entity. * By understanding
This newsletter is AI generated and may hallucinate sometimes 😊 GhostPoster Malware Found in 17 Firefox Add-ons with 50,000+ Downloads * Security researchers identified GhostPoster malware embedded within 17 malicious Firefox add-ons, which collectively accumulated over 50,000 downloads. * The malware was designed to manipulate social media platforms and engage in
This newsletter is AI generated and may hallucinate sometimes 😊 Chrome Extension "Promptease" Intercepts Millions of Users' AI Chats * The popular Chrome extension "Promptease," designed to enhance AI interactions, was found to be intercepting and transmitting millions of users' sensitive AI chatbot prompts and responses
This newsletter is AI generated and may hallucinate sometimes 😊 Google Chrome Patches Actively Exploited Zero-Day in V8 Engine * Google released an emergency security update for Chrome, addressing a critical zero-day vulnerability (CVE-2024-XXXXX) in its V8 JavaScript engine, confirmed to be actively exploited in the wild. * This critical remote code execution
This newsletter is AI generated and may hallucinate sometimes 😊 Apple Patches Two Critical WebKit Zero-Days (CVE-2025-3737, CVE-2025-3738) Under Active Exploitation * Apple released emergency security updates addressing two actively exploited zero-day vulnerabilities, CVE-2025-3737 (a use-after-free) and CVE-2025-3738 (a memory corruption issue), found in its WebKit browser engine. * These critical flaws were
This newsletter is AI generated and may hallucinate sometimes 😊 * New advanced phishing kits are leveraging artificial intelligence (AI) to craft highly convincing lures and employing sophisticated techniques to bypass multi-factor authentication (MFA). * These kits, such as "PermaPhish," are designed for large-scale credential theft, often targeting enterprise users and
This newsletter is AI generated and may hallucinate sometimes 😊 Google Patches Eighth Actively Exploited Chrome Zero-Day Vulnerability in 2025 * Google has released an urgent security update for Chrome to address its eighth actively exploited zero-day vulnerability in 2025, with specific details and a CVE ID currently undisclosed by the company.
This newsletter is AI generated and may hallucinate sometimes 😊 React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors * React2Shell exploitation leverages server-side template injection vulnerabilities in web applications built with React and Next.js frameworks. * Threat actors are using these flaws to deliver crypto miners and new malware
This newsletter is AI generated and may hallucinate sometimes 😊 Google Chrome Adds Layered Defenses Against Indirect Prompt Injection * Google has implemented new layered defenses in Chrome to mitigate indirect prompt injection threats that target AI-powered features integrated within the browser. * These protections, detailed in a recent research paper, utilize techniques
Browser Security
This newsletter is AI generated and may hallucinate sometimes 😊 Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT * Researchers have confirmed the JS#SMUGGLER threat actor group is actively leveraging compromised websites to deploy the NetSupport RAT malware. * The attack chain involves injecting malicious JavaScript into legitimate websites,
Browser Security
This newsletter is AI generated and may hallucinate sometimes 😊 Google Chrome 143 Bolsters Privacy and WebAssembly Security * Chrome 143 introduces significant enhancements, including advanced privacy controls, an improved sandbox architecture, and a new WebAssembly security model designed to mitigate memory-related vulnerabilities. * The update focuses on strengthening user data protection through
Browser Security
This newsletter is AI generated and may hallucinate sometimes 😊 Microsoft Edge Introduces Enhanced Enterprise New Tab Page Experience * Microsoft Edge will roll out an improved Enterprise New Tab Page experience, allowing IT administrators to customize layout and content for managed users. * This feature aims to boost employee productivity by providing
Browser Security
This newsletter is AI generated and may hallucinate sometimes 😊 Cyberattackers are running and EtherHiding * EtherHiding tactic embeds malware components within blockchain smart contracts, evading detection. * Attackers leverage decentralized blockchain and ethers JavaScript library for watering hole attacks. * Defenders must block unnecessary blockchain endpoints and increase user awareness of Web3 risks.
Browser Security
This newsletter is AI generated and may hallucinate sometimes 😊 AI in 2025 was defined by increased accessibility, security, and agents * Increased AI agent autonomy in 2025 sparked security concerns, urging caution against AI self-governance. * AI's increased accessibility acted as a "force multiplier" for both cyberattacks and
Browser Security
This newsletter is AI generated and may hallucinate sometimes 😊 Announcing the new Skills feature in Leo, Brave's in-browser AI assistant * Brave launched "Skills" for its Leo AI assistant on desktop and Android version 1.85+. * New "Skills" feature allows users to automate frequent tasks
Browser Security
This newsletter is AI generated and may hallucinate sometimes 😊 ‘HashJack’ demo hides malicious instructions in URL * Cato Networks revealed "HashJack," a vulnerability embedding malicious instructions within URL hashtags. * Exploit targets AI-powered browsers, injecting prompts for large language models to unwittingly execute commands. * This attack bypasses network security; Google&
Browser Security
This newsletter is AI generated and may hallucinate sometimes 😊 New AI Browsers Introduce Significant Security Challenges for Organizations * The emergence of new AI-powered browsers introduces significant security challenges, including novel attack vectors and data leakage risks due to their "agentic" capabilities. * These AI browsers, designed to perform tasks
Browser Security
This newsletter is AI generated and may hallucinate sometimes 😊 Raccoon Stealer v2 Expands to Target Firefox Browser Profiles * Raccoon Stealer v2, an information-stealing malware, has updated its capabilities to specifically target user profiles within the Firefox web browser. * This expansion allows the stealer to exfiltrate sensitive data, including cookies, login
Browser Security
This newsletter is AI generated and may hallucinate sometimes 😊
Browser Security
This newsletter is AI generated and may hallucinate sometimes 😊 Hackers Register 18,000 Holiday-Themed Domains for Cyberattacks * Researchers identified over 18,000 newly registered domains using holiday-related keywords like "Christmas," "Black Friday," and "Flash Sale," designed for phishing, malware distribution, and brand impersonation. * These
Browser Security
This newsletter is AI generated and may hallucinate sometimes 😊 Xillen Stealer With New Advanced Features Evade AI Detection and Steal Sensitive Data from Password Managers * Xillen Stealer versions 4 and 5 use advanced features to evade AI-driven security solutions. * Malware targets sensitive data from password managers, browser-stored info, and cryptocurrency