Skip to main content

Tag: browser security

40 articles

Laptop screen shows generic browser homepage with subtle hint of malicious mod installation in background.

Opera GX Flaw Enables Sites to Auto-Install Malicious Mods

A critical flaw in Opera GX allowed websites to secretly install malicious customization mods, which could then siphon sensitive data from other sites you visited - and it took a $5,000 bounty and a May 8 patch to fix the issue. This sneaky exploit let attackers install mods without your consent, putting your online security at risk.

Analyst 207
Person sitting at desk with laptop, hands paused over keyboard, conveying caution.

Opera Introduces Paste Protect to Thwart ClickFix Attacks

Opera's new Paste Protect feature helps keep you safe from sneaky ClickFix attacks by automatically blocking suspicious copy actions that could land malware on your device. This clever tool outsmarts scammers who try to trick you into pasting malicious commands, protecting you from unwanted surprises.

Analyst 207
Laptop on cluttered desk shows ransomware warning on browser window.

AI Model DeepSeek Enables Browser-Only Ransomware With Simple Prompts

Researchers have uncovered a concerning trend: nearly half of the files generated by the DeepSeek AI model - over 1,300 out of 3,000 - have been flagged as malicious or dangerous, including some that can launch browser-only ransomware with just a few simple prompts.

Analyst 207
Person interacting with laptop in modern workspace with blurred background.

BioShocking Attack Exploits AI Browsers for Data Theft

Researchers have uncovered a chilling new attack, dubbed BioShocking, that exploits AI browsers to steal sensitive data by cleverly tricking them into treating real actions as fictional. This ingenious technique uses a simple game to condition AI agents into accepting fake actions as valid, putting even the most secure systems at risk.

Analyst 207
Laptop screen displays colorful webpage in brightly-lit coffee shop setting.

AI Browsers Exposed to Credential-Leaking BioShocking Attack

A shocking new attack has been discovered that can trick AI browsers and assistants into leaking sensitive user credentials, with six popular agents already proven vulnerable. This sneaky tactic, called BioShocking, uses a clever game-like approach to bypass safety protocols and get agents to cough up personal info.

Analyst 207
Person sitting at desk with laptop and puzzle piece, testing vulnerability in office setting.

Researchers Expose AI Browser Vulnerability to Credential Theft

Imagine a simple game trick that could convince AI-powered browsers to hand over your login credentials - a vulnerability researchers have now exposed, leaving users at risk. By creating a malicious web page that changes an AI agent's sense of reality, hackers can bypass safety guardrails and gain access to sensitive information.

Analyst 207
Person working on laptop with blurred screen in a bright, minimalist space.

Cloudflare Unveils Protocol to Distinguish Legitimate Web Traffic

Cloudflare is shaking up the way we verify online traffic with a new protocol that helps websites distinguish between legitimate users and AI-powered bots. Meet PACTs, a game-changing solution that lets sites share anonymous tokens, essentially a private, shareable CAPTCHA test result.

Analyst 207
Person working on laptop in modern room with cityscape background.

Cloudflare Unveils Token Protocol to Help Websites Distinguish Humans from Bots

Cloudflare is teaming up with top browsers to launch Private Access Tokens, a game-changing protocol that helps websites tell humans from bots, filtering out abusive traffic while keeping user data safe. This innovative solution is a major step forward in tackling AI-powered traffic and ensuring a smoother online experience.

Analyst 207
Modern workspace with laptop, notepad, and pen near a window.

Google Patches Actively Exploited Chrome Zero-Day Flaw

Google just issued an emergency patch for a major Chrome vulnerability, CVE-2026-11645, that's already being exploited by hackers - and it's urging users to update their browsers ASAP to stay safe. This latest fix is part of a massive update that tackles 74 Chrome vulnerabilities, including a high-severity zero-day flaw.

Analyst 207
Office worker sits at desk with laptop, surrounded by papers, with a concerned expression.

Browser-Based Phishing Attacks Evade Detection by Cybersecurity Software

Most cybersecurity tools are doing their job - but that's exactly the problem, as they're not designed to catch attacks that occur at the browser session layer, where attackers are now hiding. One in five phishing attacks on enterprise browsers slip through undetected, according to Menlo Security's latest report.

Analyst 207
Laptop screen on a desk with blurred background, conveying urgency and vulnerability.

Google Chrome Zero-Day Exploited in Wild, Prompting Urgent Patch

Google just dropped an urgent update for Chrome, and you need to know why: a zero-day exploit, tracked as CVE-2026-11645, has been found in the wild, allowing hackers to execute malicious code inside your browser. This critical vulnerability lets attackers access memory outside of Chrome's intended limits, putting your online safety at risk.

Analyst 207
Laptop screen on a minimalist desk with a blurred display and a subtle bug icon in the background.

Google Patches Chrome Zero-Day Flaw Exploited in the Wild

Google just dropped an emergency update for Chrome, fixing a whopping 74 vulnerabilities, including a zero-day flaw that's been exploited by hackers in the wild. A security researcher scored a $55,000 reward for reporting the bug, now patched in the latest Chrome update.

Analyst 207
Windows computer workstation with browser open, surrounded by technical books and office supplies.

Hola Browser Compromised to Deliver Cryptominer in Supply Chain Attack

Hola's CEO, Avi Raz Cohen, assured users that the company has taken swift action to prevent future breaches, rebuilding its distribution pipeline and implementing robust security measures. The move comes after a supply chain attack compromised the Hola Browser, secretly delivering a cryptominer to unsuspecting users.

Analyst 207
Laptop screen shows a browser window with a webpage, set against a blurred office or city background.

Browser Becomes Front Line in AI Security Battle

The battle for AI security is heating up, and the browser has become the front line - with security teams facing a double threat of AI-powered attacks converging in this critical space. Attackers are leveraging AI to supercharge phishing techniques, including device code phishing kits that have surged 18x in just one year.

Analyst 207
Laptop on a home office desk with a blank screen, smartphone, and notebook nearby.

Google Chrome Bolsters Defenses with Cookie Theft Protection Rollout

Google's new Cookie Theft Protection is a game-changer, tying session cookies to device hardware to prevent hackers from using stolen cookies to access your accounts. This cutting-edge tech binds user sessions to a machine's security chip, making it virtually impossible for thieves to get in.

Analyst 207
Laptop on a desk with a browser window open, hinting at a security threat.

ChatGPT Exposes Users to Prompt Injection Attacks via Browser Content

Researchers have uncovered a vulnerability in ChatGPT that leaves users open to prompt injection attacks, where malicious content is embedded into web pages and then summarized by the AI system as legitimate information. This loophole could put users at risk of falling prey to spoofed security alerts and other online threats.

Analyst 207
Security researcher with concerned expression working at workstation with laptop and multiple screens displaying code.

Google Exposes Unfixed Chromium Flaw Details

A security researcher just blew the whistle on a glaring Chromium flaw that Google thought was fixed - but still works, putting tens of thousands of users at risk of a botnet attack. The exploit, first reported in 2022, allows malicious websites to remotely execute JavaScript on unsuspecting devices.

Analyst 207
Laptop screen on a desk shows a blurred password manager page with a hand hovering over the keyboard.

Microsoft Alters Edge to Mitigate Password Exposure Risk

Microsoft is taking a major step to boost password security in its Edge browser, rolling out a defense-in-depth change to mitigate the risk of password exposure. This update will be applied across all supported Edge versions, prioritizing a swift rollout to protect users.

Analyst 207
Person working on laptop in modern office setting, conveying security and technology.

Akamai Bolsters AI Browser Security with $205M LayerX Acquisition

Akamai is taking browser security to the next level with its $205 million acquisition of LayerX, a cutting-edge startup that's changing the game with its innovative approach to securing interactions between users and applications. By integrating LayerX's technology, Akamai is bolstering its security stack to protect the increasingly AI-driven and cloud-based world.

Analyst 207
Chrome browser window on laptop with multiple extensions, displaying blurred Claude AI interface on cluttered desk near…

Claude AI Extension Flaw Enables Cross-Plugin Hijacking

A security flaw in the Claude AI Chrome extension could put users at risk, as it allows other browser extensions to issue commands to Claude without verification. This vulnerability creates a backdoor for hackers to hijack the AI model, warns LayerX senior researcher Aviad Gispan.

Analyst 207
Cluttered desk with laptop, coding tools, and papers, hinting at software development work.

Mozilla Reveals AI-Powered Bug Detection Boosts Firefox Security Fixes

Mozilla's April bug cull was massive, with 423 Firefox security fixes - a whopping five times more than the previous month and 20 times the usual monthly average, thanks in part to a boost from AI-powered bug detection. This huge spike in repairs is a testament to the power of innovative technology in keeping Firefox users safe and secure.

Analyst 207
Laptop screen displays browser password manager in bright, neutral setting.

Microsoft Edge Exposes Saved Passwords in Plaintext

Microsoft Edge's password management has a concerning vulnerability: it loads all saved passwords into browser memory in plaintext at startup, making it easier for hackers to steal credentials on compromised systems. This is in stark contrast to other Chromium-based browsers like Google Chrome and Brave, which only decrypt passwords when needed.

Analyst 207
Laptop screen displays blurred password field in shared workspace near window.

Microsoft Edge Exposes Saved Passwords in Cleartext

Storing passwords in plain text poses a significant risk, especially in shared environments, as a security researcher recently discovered that Microsoft Edge saves decrypted credentials in its memory, making them vulnerable to exposure. This flaw allows saved passwords to be accessible even when they're not in use.

Analyst 207
Person working on laptop with blurred webpage on screen in a home office setting.

Kaspersky Exposes Web Filtering Category for Sites with Undefined Trust Levels

Kaspersky has introduced a new web-filtering category for sites that just don't feel right - they're not quite phishing sites, but you still shouldn't trust them. The new "Sites with an undefined trust level" category helps keep you safe from manipulative or shady online resources.

Analyst 207