Topic: browser security
-
Browser Attacks That EDR, Email, and SASE Can't Stop
The web browser is now the primary workspace for critical business tasks, yet it remains a major security blind spot, creating a dangerous gap between where work happens and where security is focused. Sophisticated attacks exploit this visibility gap by operating entirely within the browser, usin...
Read More » -
3 Browser Sandbox Threats That Evade Security Tools
Browsers are the primary target for cyberattacks but are often neglected in security frameworks, as they handle critical tasks yet prioritize performance over advanced threat protection. Key browser threats include credential theft, malicious extensions, and lateral movement, which exploit standa...
Read More » -
10 Browser Safety Tips to Stop 50% of Cyberattacks
Web browsers are involved in nearly half of all cybersecurity incidents, making them a primary target for varied threats like phishing and credential theft. Key protective measures include promptly installing browser updates, carefully inspecting website addresses for security indicators, and usi...
Read More » -
Your Browser Is Devouring Your Security
Modern web browsers centralize business operations but create significant security blind spots, exposing organizations to data leakage and identity compromise through concentrated sensitive activities. AI tools and browser extensions operate largely unmonitored, with employees frequently using th...
Read More » -
Beware: This 'Privacy Browser' Has Hidden Dangers
The Universe Browser, marketed as a privacy tool, secretly routes user data through Chinese servers and installs malware-like programs, including keyloggers and hidden network connections. It is linked to the Vault Viper criminal syndicate, which engages in money laundering, human trafficking, an...
Read More » -
Secure Your Web Edge: Stop Browser-Based Breaches Now
Modern web browsers are central to enterprise operations but also a major security vulnerability, increasingly targeted by cybercriminals for identity intrusions and data theft. A webinar on September 29th will explore how browsers are weaponized, covering attack methods like session hijacking an...
Read More » -
6 Browser Threats Your Security Team Must Prepare for in 2025
The browser is now a primary attack surface for cyber threats, targeting cloud applications and corporate data through sophisticated campaigns. Key browser-based threats include phishing for credentials and sessions, malicious code delivery, and malicious OAuth integrations, which bypass traditio...
Read More » -
GhostPoster Malware Infects 840,000 Browser Extensions
The GhostPoster malware campaign has compromised over 840,000 browser extensions across Chrome, Firefox, and Edge, using them to steal data and commit fraud. The malicious extensions conceal code within image files to create a backdoor, which hijacks affiliate links and performs ad fraud, with so...
Read More » -
Push Security Stops Malicious Copy-Paste Attacks
Push Security has launched a malicious copy-and-paste detection feature to disrupt ClickFix-style attacks by blocking the execution of harmful scripts copied from deceptive webpages. ClickFix attacks, which trick users into copying and running malicious code, have surged over 500% in six months a...
Read More » -
Unmasking BiDi Swaps: The Fake URL Threat
The BiDi Swap technique exploits browser bidirectional text handling to create deceptive URLs that appear legitimate but redirect to malicious sites, building on earlier spoofing methods like Punycode and RTL Override exploits. This vulnerability arises from inconsistencies in how browsers manage...
Read More » -
AI Browser Agents: The Hidden Security Threat
A new generation of AI-powered browsers is emerging to challenge Google Chrome, offering automated online task assistance but raising significant privacy and security concerns. These browsers face critical vulnerabilities, particularly from prompt injection attacks that can manipulate AI agents i...
Read More » -
Neon Cyber Launches Workforce Cybersecurity Platform
Neon Cyber has launched the industry's first Workforce Cybersecurity Platform (WCP), focusing on human-centric threats like phishing and credential misuse to protect users across browsers, SaaS, and enterprise systems. The platform offers AI-driven phishing protection, visibility into shadow IT, ...
Read More » -
Malware Service Plants Phishing Extensions on Chrome Web Store
A new malware-as-a-service platform called 'Stanley' sells malicious Chrome extensions designed to bypass official store reviews and deploy deceptive phishing pages that leave the legitimate URL visible in the address bar. The service provides attackers with a control panel to manage hijacking ru...
Read More » -
Guardio Raises $80M in Funding From ION Crossover Partners
AI-powered coding tools are creating new security vulnerabilities by enabling rapid development of fraudulent websites, with Guardio developing specialized technology to detect malicious AI-generated code. Guardio has secured $80 million in new funding to accelerate expansion and now serves 500,0...
Read More » -
Google Issues Emergency Chrome Update for 2 Billion Users
Google has issued an emergency security patch for Chrome to address a high-severity vulnerability (CVE-2025-13223) that is already being actively exploited, allowing attackers to execute arbitrary code. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this flaw to its Kn...
Read More » -
Chrome to Block Annoying Web Notifications Automatically
Google is updating Chrome to automatically disable notifications from websites users frequently ignore, targeting high-volume alerts that contribute to digital clutter and distraction. The feature builds on existing Android functionality and focuses on sites with low user interaction, as data sho...
Read More » -
Varonis Interceptor: AI-Powered Email Security
AI-powered email threats are becoming more sophisticated, using deceptive phishing tactics that mimic legitimate communications to bypass traditional security measures. Varonis Interceptor employs a multimodal AI approach, combining vision, language, and behavior models to detect and block advanc...
Read More » -
Trusted Chrome VPN Caught Spying on Users
A trusted Chrome VPN extension, FreeVPN.One, was revealed to be spyware that secretly harvested user data, including screenshots of browsing activity, after deceptive updates. The malicious behavior involved a two-stage process using injected scripts and delays to capture screenshots via Chrome's...
Read More » -
MonsterRAT: Stealthy Malware Threatens Windows Systems
A sophisticated phishing campaign distributes the previously undocumented MonsterRAT malware, which targets Windows systems and grants attackers full administrative control through a multi-stage infection process. The attack uses phishing emails disguised as business correspondence to deliver the...
Read More » -
Chrome Extensions Stole ChatGPT & DeepSeek Data from 900K Users
Malicious Chrome extensions, posing as legitimate AI tools, stole private conversations and browsing data from over 900,000 users by secretly sending information to attacker-controlled servers. The stolen data, which can include proprietary business information and personal queries, poses a sever...
Read More » -
Apple, Google Rush Emergency 0-Day Security Patches
Apple and Google have released emergency security updates to patch actively exploited zero-day vulnerabilities, urging immediate installation to protect devices from sophisticated, targeted attacks. The coordinated response involved Apple fixing flaws in its WebKit browser engine and Google addre...
Read More » -
Top 10 Data Security Companies to Watch in 2026
Atakama provides a browser security platform for managed service providers, enabling data policy enforcement and threat monitoring through browser extensions and dashboards. AvePoint offers a Data Security Posture Management solution that identifies, classifies, and protects sensitive cloud data ...
Read More » -
Microsoft Fortifies Entra ID Against Script Injection Attacks
Microsoft is enhancing Entra ID security in October 2026 by restricting script downloads to trusted Microsoft domains and allowing inline scripts only from verified sources during sign-ins. This update protects users from threats like cross-site scripting by blocking unauthorized scripts, with th...
Read More » -
Why Attackers Are Phishing on LinkedIn
Phishing attacks have expanded beyond email, with 34% now occurring on platforms like LinkedIn, targeting executives in finance and tech sectors, but are severely underreported due to reliance on email-focused security metrics. LinkedIn phishing evades conventional defenses by bypassing email sec...
Read More » -
Chrome Extensions Caught Hijacking Affiliate Links and ChatGPT Logins
Malicious extensions on the Chrome Web Store are hijacking e-commerce affiliate commissions and stealing sensitive data, including ChatGPT authentication tokens, by exploiting browser permissions. These extensions, such as "Amazon Ads Blocker," often combine deceptive features, violate store poli...
Read More » Perplexity Comet Browser Prompt Injection Vulnerability Exposed
A security flaw in Perplexity's Comet AI browser allows attackers to inject malicious prompts via webpages, potentially accessing sensitive information from other open tabs. The vulnerability occurs because the AI processes webpage content without distinguishing between legitimate user instructio...
Read More »