-
LayerX research finds 82 Chrome extensions collecting and selling user data, affecting at least 6.5 million users through disclosed but concerning practices.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
LayerX security researchers have uncovered a massive, highly coordinated campaign involving at least 12 malicious browser extensions on the Google Chrome and Microsoft Edge marketplaces. Disguised as legitimate TikTok video downloaders, these extension…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Over 130,000 users are at risk from fake TikTok downloader extensions on Chrome and Microsoft Edge. Researchers discovered these malicious tools use device fingerprinting to spy on users and steal sensitive browser data.
·
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The OWASP Zed Attack Proxy (ZAP) just received a massive upgrade for testing modern web applications. The release of the ZAP PTK Add-on 0.3.0, working alongside OWASP PenTest Kit (PTK) 9.8.0, now converts browser-based security findings directly into n…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Socket’s Threat Research Team has uncovered a highly deceptive Google Chrome extension designed to steal private keys and seed phrases from cryptocurrency users. The malicious add-on, named “lmΤoken Chromophore” (extension ID bbhaganppipihl…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers at Zenity Labs disclosed a critical flaw in Perplexity’s Comet “agentic” browser that allowed attackers to steal local files using a malicious Google Calendar invite. The issue, dubbed PerplexedBrowser and grouped under Zenity’s “P…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Not everyone wants AI in their browser. Firefox 148 is introducing easy toggles to disable chatbots and AI tab grouping. Discover how Mozilla is prioritising user choice and privacy in its latest 2026 update.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat intelligence researchers at Huntress have uncovered a sophisticated browser extension campaign orchestrated by the KongTuke threat actor group, featuring a malicious ad blocker impersonating the legitimate uBlock Origin Lite extension. The campa…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Researchers uncover a 5-year malware campaign using browser extensions on Chrome, Firefox and Edge, relying on hidden payloads and shared infrastructure.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers at Cato CTRL have uncovered HashJack. This innovative indirect prompt-injection attack hides harmful commands in the fragment portion of URLs after the “#” symbol. This technique turns trusted websites into weapons agai…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
