Phishing - Browser Security Daily

Browser Security

RedKitten Campaign Steals Browser Data from NGOs & Activists

This newsletter is AI generated and may hallucinate sometimes 😊 Iran-Linked RedKitten Campaign Targets NGOs with Browser Data Theft * A cyber campaign dubbed "RedKitten," linked to Iran, is actively targeting human rights NGOs and activists, particularly those focusing on Iran, with sophisticated social engineering and custom malware. * The campaign

Browser Security

Browser Security Roundup: ClickFix Phishing, PeckBirdy C2, React Flaws

This newsletter is AI generated and may hallucinate sometimes 😊 ClickFix Attacks Expand Using Fake CAPTCHAs and Trusted Web Services * The ClickFix phishing campaign has evolved, now leveraging fake CAPTCHAs, Microsoft JavaScript files, and reputable web services to steal user credentials. * Attackers are exploiting Microsoft's Content Delivery Network (CDN)

Browser Security

Phishing Campaign Targets Russia with Amnesia RAT and Ransomware

This newsletter is AI generated and may hallucinate sometimes 😊 * A sophisticated multi-stage phishing campaign is actively targeting various entities in Russia, including government, defense, and research organizations. * The attack chain involves spear-phishing emails delivering malicious ISO files or self-extracting RAR archives, which subsequently deploy the Amnesia RAT (also known as

Browser Security

Chrome Patches Critical V8 Vulnerability; LastPass Phishing Active

This newsletter is AI generated and may hallucinate sometimes 😊 Malicious Google Calendar invites could expose private data * Vulnerability in Google Calendar allowed prompt-injection instructions in invites to bypass privacy controls. * Malicious invites leveraged Google Gemini to create events summarizing private meetings, exposing data. * Google fixed the issue, but warns of

Phishing

New 'Greatness' Phishing Platform Targets M365 Users in Browser Attacks

This newsletter is AI generated and may hallucinate sometimes 😊 New 'Greatness' Phishing-as-a-Service Platform Emerges Targeting Microsoft 365 Users * The "Greatness" Phishing-as-a-Service (PhaaS) platform is actively being offered to threat actors, providing advanced phishing kits to facilitate credential harvesting. * This platform specifically targets Microsoft 365 users, employing

Browser Security

Browser Threats: GoldPickaxe, Opera Neon AI Prompt Injection

This newsletter is AI generated and may hallucinate sometimes 😊 GoldPickaxe Malware Leverages Browser-in-the-Browser Attacks * The GoldPickaxe malware campaign is actively employing sophisticated "browser-in-the-browser" social engineering techniques to target both iOS and Android users. * Attackers are using this method to steal sensitive information, including facial scan data and various

Phishing

Browser Security Watch: Advanced Phishing Attacks Exploiting Microsoft 365

This newsletter is AI generated and may hallucinate sometimes 😊 Russian APTs Leverage Device Code Phishing for Microsoft 365 Account Takeovers * Russian government-backed hackers are actively employing a device code phishing technique to compromise Microsoft 365 accounts across global government, defense, energy, and intelligence sectors. * This attack bypasses traditional multi-factor authentication

Browser Security

Critical React Exploits Surge; AI Phishing & New AI Browser

This newsletter is AI generated and may hallucinate sometimes 😊 * New advanced phishing kits are leveraging artificial intelligence (AI) to craft highly convincing lures and employing sophisticated techniques to bypass multi-factor authentication (MFA). * These kits, such as "PermaPhish," are designed for large-scale credential theft, often targeting enterprise users and

Browser Security

Cybercriminals Launch Massive Holiday-Themed Phishing Domain Campaign

This newsletter is AI generated and may hallucinate sometimes 😊 Hackers Register 18,000 Holiday-Themed Domains for Cyberattacks * Researchers identified over 18,000 newly registered domains using holiday-related keywords like "Christmas," "Black Friday," and "Flash Sale," designed for phishing, malware distribution, and brand impersonation. * These

Browser Security

Matrix Push C2: Browser Notifications Used for Fileless Phishing

This newsletter is AI generated and may hallucinate sometimes 😊 * A new threat campaign, dubbed "Matrix Push C2," is actively exploiting legitimate browser push notification services to launch fileless, cross-platform phishing attacks. * The attack chain involves tricking users into subscribing to malicious push notifications, which then deliver deceptive alerts

Browser Security

Critical Chrome Zero-Day (CVE-2025-13223) Patched Amidst Evolving Browser Threats

Coral: Bridging Parsing and Zero-Knowledge Proofs * Coral system enables zero-knowledge proofs that a byte stream matches a Context Free Grammar. * It prevents attacks using malformed inputs to generate misleading zero-knowledge proofs. * Coral supports practical grammars for verifying JSON API responses and source code parsing. Source: Brave | Date: November 17, 2025

Browser Security

Browser Security Roundup: Malicious Extensions, Phishing Campaigns, and Key Updates

Vivaldi 7.7: less friction, more control * Vivaldi 7.7 updates Chromium engine to 142.0.7444.167, incorporating upstream security patches. * Redesigned Privacy Dashboard offers clearer visibility of blocked trackers and per-site management. * New Performance settings introduce Memory Saver options for managing inactive tabs. Source: Vivaldi | Date: November 13,