Threat Roundup: LeakyInjector Campaign, Critical Claude Exploits

Nishant Sharma

10 Nov 2025 — 1 min read

LeakyInjector and LeakyStealer Malwares Attacks Users to Steal Crypto’s and Browser History

LeakyInjector malware evades detection, injecting LeakyStealer into legitimate explorer.exe processes on Windows systems.
LeakyStealer exfiltrates crypto wallet credentials, browser history, stored passwords, and autofill data.
Victims face severe financial losses, identity theft, and account hijacking due to stolen sensitive information.

Source: Teamwin | Date: November 08, 2025

Critical RCE Vulnerabilities in Claude Desktop Let Attackers Execute Malicious Code

Critical RCE vulnerabilities discovered in three official Anthropic Claude Desktop extensions.
Chrome, iMessage, and Apple Notes connectors harbor command injection flaws with CVSS 8.9 severity.
Attackers can steal sensitive data, install malware, or gain full system control due to these flaws.

Source: Teamwin | Date: November 07, 2025

Chrome 142 Released With Fix for 20 Vulnerabilities that Let Attackers to Execute Malicious Code

Google released Chrome 142, patching 20 critical vulnerabilities affecting Windows, Mac, and Linux.
Many flaws, including use-after-free and type confusion, enabled remote attackers to execute malicious code.
Users must update Chrome immediately to mitigate risks of data theft and system takeover.

Source: Teamwin | Date: November 06, 2025

Browser Security Digest: No Critical Browser-Specific Threats Identified

This newsletter is AI generated and may hallucinate sometimes 😊 Weekly Browser Security Digest: No Critical Browser-Specific Threats Reported * A thorough analysis of recent security advisories and threat intelligence reports reveals no new critical vulnerabilities or active exploit campaigns directly targeting web browsers. * This review focused on web rendering engines, JavaScript

Browser Threats: GoldPickaxe, Opera Neon AI Prompt Injection

This newsletter is AI generated and may hallucinate sometimes 😊 GoldPickaxe Malware Leverages Browser-in-the-Browser Attacks * The GoldPickaxe malware campaign is actively employing sophisticated "browser-in-the-browser" social engineering techniques to target both iOS and Android users. * Attackers are using this method to steal sensitive information, including facial scan data and various

Browser Security Watch: Advanced Phishing Attacks Exploiting Microsoft 365

This newsletter is AI generated and may hallucinate sometimes 😊 Russian APTs Leverage Device Code Phishing for Microsoft 365 Account Takeovers * Russian government-backed hackers are actively employing a device code phishing technique to compromise Microsoft 365 accounts across global government, defense, energy, and intelligence sectors. * This attack bypasses traditional multi-factor authentication

Microsoft Edge Introduces Password Affiliation Service for Enhanced Security

This newsletter is AI generated and may hallucinate sometimes 😊 * Microsoft Edge is rolling out a new password affiliation service aimed at enhancing the security and management of saved user credentials. * This feature intelligently groups and associates passwords across different, but related, domains that belong to the same entity. * By understanding