Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Browser. Show all posts
privacy laws
AI Security AI technology Browser Browser Security Chrome Cyber Security Data Privacy Data Privacy Laws privacy laws

Chrome vs Comet: Security Concerns Rise as AI Browsers Face Major Vulnerability Reports

 

The era of AI browsers is inevitable — the question is not if, but when everyone will use one. While Chrome continues to dominate across desktops and mobiles, the emerging AI-powered browser Comet has been making waves. However, growing concerns about privacy and cybersecurity have placed these new AI browsers under intense scrutiny. 

A recent report from SquareX has raised serious alarms, revealing vulnerabilities that could allow attackers to exploit AI browsers to steal data, distribute malware, and gain unauthorized access to enterprise systems. According to the findings, Comet was particularly affected, falling victim to an OAuth-based attack that granted hackers full access to users’ Gmail and Google Drive accounts. Sensitive files and shared documents could be exfiltrated without the user’s knowledge. 

The report further revealed that Comet’s automation features, which allow the AI to complete tasks within a user’s inbox, were exploited to distribute malicious links through calendar invites. These findings echo an earlier warning from LayerX, which stated that even a single malicious URL could compromise an AI browser like Comet, exposing sensitive user data with minimal effort.  
Experts agree that AI browsers are still in their infancy and must significantly strengthen their defenses. SquareX CEO Vivek Ramachandran emphasized that autonomous AI agents operating with full user privileges lack human judgment and can unknowingly execute harmful actions. This raises new security challenges for enterprises relying on AI for productivity. 

Meanwhile, adoption of AI browsers continues to grow. Venn CEO David Matalon noted a 14% year-over-year increase in the use of non-traditional browsers among remote employees and contractors, driven by the appeal of AI-enhanced performance. However, Menlo Security’s Pejman Roshan cautioned that browsers remain one of the most critical points of vulnerability in modern computing — making the switch to AI browsers a risk that must be carefully weighed. 

The debate between Chrome and Comet reflects a broader shift. Traditional browsers like Chrome are beginning to integrate AI features to stay competitive, blurring the line between old and new. As LayerX CEO Or Eshed put it, AI browsers are poised to become the primary interface for interacting with AI, even as they grapple with foundational security issues. 

Responding to the report, Perplexity’s Kyle Polley argued that the vulnerabilities described stem from human error rather than AI flaws. He explained that the attack relied on users instructing the AI to perform risky actions — an age-old phishing problem repackaged for a new generation of technology. 

As the competition between Chrome and Comet intensifies, one thing is clear: the AI browser revolution is coming fast, but it must first earn users’ trust in security and privacy.
Read more »
Technology
AI Browser Cloud Data Google Internet Technology

Incognito Mode Is Not Private, Use These Instead


Incognito (private mode) is a famous privacy feature in web browsers. Users may think that using Incognito mode ensures privacy while surfing the web, allowing them to browse without restrictions, and that everything disappears when the tab is closed. 

With no sign of browsing history in Incognito mode, you may believe you are safe. However, this is not entirely accurate, as Incognito has its drawbacks and doesn’t guarantee private browsing. But this doesn’t mean that the feature is useless. 

What Incognito mode does

Private browsing mode is made to keep your local browsing history secret. When a user opens an incognito window, their browser starts a different session and temporarily saves browsing in the session, such as history and cookies. Once the private session is closed, the temporary information is self-deleted and is not visible in your browsing history. 

What Incognito mode can’t do

Incognito mode helps to keep your browsing data safe from other users who use your device

A common misconception among users is that it makes them invisible on the internet and hides everything they browse online. But that is not true.

Why Incognito mode doesn't guarantee privacy

1. It doesn’t hide user activity from the Internet Service Provider (ISP)

Every request you send travels via the ISP network (encrypted DNS providers are an exception). Your ISPs can track user activity on their networks, and can monitor your activity and all the domains you visit, and even your unencrypted traffic. If you are on a corporate Wi-Fi network, your network admin can see the visited websites. 

2. Incognito mode doesn’t stop websites from tracking users

When you are using Incognito, cookies are deleted, but websites can still track your online activity via device and browser fingerprinting. Sites create user profiles based on unique device characteristics such as resolution, installed extensions, and screen size.

3. Incognito mode doesn’t hide your IP address

If you are blocked from a website, using Incognito mode won’t make it accessible. It can’t change your I address.

Should you use Incognito mode?

It may give a false sense of benefits, but Incognito mode doesn’t ensure privacy. It is only helpful for shared devices.

What can you use?

There are other options to protect your online privacy, such as:

  1. Using a virtual private network (VPN)
  2. Privacy-focused browsers: Browsers such as Tor are by default designed to block trackers, ads, and fingerprinting.
  3. Using private search engines: Instead of Google and Bing, you can use private search engines such as DuckDuckGo and Startpage.

Read more »
Password Manager
Browser Clickjacking Attacks Credential Cyber Security Passkeys Password Manager

Passkeys under threat: How a clever clickjack attack can bypass your secure login

 


At DEF CON 33, independent security researcher Marek Tóth revealed a new class of attack called DOM-based extension clickjacking that can manipulate browser-based password managers and, in limited scenarios, hijack passkey authentication flows. This is not a failure of cryptography itself, but a breakdown in the layers surrounding it.


What is being attacked, and how?

Clickjacking is not new. In its classic form, an attacker overlays a transparent frame or control on a visible page so that a user thinks they are clicking one thing but actually triggers another. 

What Tóth’s technique adds is the targeting of browser extensions’ UI elements specifically, the autofill prompts that password managers inject into web pages. The attacker’s script controls the page’s Document Object Model (DOM) and applies CSS tricks (such as setting opacity to zero or overlaying fake elements) so that a user’s genuine click (for example, “Accept cookies”) also activates that hidden autofill element. The result: the extension may populate fields transparently, then the attacker reads the filled data. 

In many of Tóth’s tests, a single click was sufficient to trigger data leakage credentials, TOTP codes (2FA), credit card information, or personal data. In some setups, passkey workflows could also be subverted using “signed assertion hijacking,” if the server did not enforce session-bound challenges. 


How serious is the exposure?

Tóth examined 11 popular password-manager extensions (such as Bitwarden, 1Password, LastPass, iCloud Passwords). All were vulnerable under default settings to at least one variant of the attack. 

Among the risks:

Credential theft: Usernames, passwords and even stored TOTP codes could be auto-populated and exfiltrated. 

Credit card data: Autofill of payment fields (card number, expiration, CVV) was exposed in several tests. 

Passkey hijack: If the relying server does not bind the challenge to a session, an attacker controlling a page could co-opt a passkey login request. 

Some vendors have already released patches. For example, Enpass addressed clickjacking in browser extensions in version 6.11.6. Other tools remain at risk under certain configurations. 


Why this doesn’t mean cryptographic failure

It is critical to clarify: the underlying passkey standards (WebAuthn / FIDO protocols) were not broken. Instead, the attack targets the implementation and environment around them namely, the browser’s extension UI interaction. The exploit is possible only when the extension injects visible elements into the page DOM, and when an attacker can manipulate those elements. 

In other words, passkeys are strong in theory. But every layer above — browser, extension, site must preserve integrity or risk defeat.


What must users and organizations do

Users should:

1. Update your browser and your password-manager extensions immediately; enable auto-update.

2. Disable inline autofill where possible; prefer manual copy-paste or invoke filling only through the extension’s menu.

3. On Chromium-based browsers, set extension site access to “on click,” not “all sites.”

4. Remove or disable unused extensions.

5. For high-value accounts, prefer platform-native passkey or hardware-backed authenticators rather than extension-based credentials.


Organizations should:

• Audit extension policies and restrict or whitelist extensions.

• Enforce secure best practices on web apps (e.g., session­-bound challenges with passkeys).

• Encourage or mandate the use of vetted and updated password-management tools.


This disclosure emphasizes that security is a chain, and your cryptographic strength is only as strong as its weakest link. Passkeys are an important evolution beyond passwords, but until all layers: browser, extensions, applications are hardened, risk remains. Act now before attackers exploit complacency.


Read more »
trending news
Browser Browser news news and trends Technology trending news

Beyond Google: The Rise of Privacy-Focused Search Engines

 

For years, the search engine market has been viewed as a two-player arena dominated by Google, with Microsoft’s Bing as the backup. But a quieter movement is reshaping how people explore the web: privacy-first search engines that promise not to turn users into products. 

DuckDuckGo has become the most recognisable name in this space. Its interface looks and feels much like Google, yet it refuses to track users, log searches, or build behavioural profiles. Instead, every query stands alone, delivering neutral results primarily sourced from Bing and other partners. 

While this means fewer personalised suggestions, it also ensures a cleaner, unbiased search experience. Startpage, on the other hand, positions itself as a privacy shield for Google. Acting as a middleman, it fetches Google’s results without passing on users’ IP addresses or histories. 

This gives people access to Google’s powerful index while keeping their identities hidden. For those seeking an extra layer of anonymity, Startpage even offers a built-in proxy to browse sites discreetly. 

Mojeek is one of the rare engines to build its own independent index. By crawling the web directly, it offers results shaped by its own algorithms rather than those of industry giants. While sometimes rougher around the edges, Mojeek’s independence appeals to users tired of mainstream filters and echo chambers. 

SearXNG takes yet another approach. As an open-source meta-search engine, it aggregates results from dozens of sources, from Google and Bing to Wikipedia. Crucially, it does this without sharing personal data. Users can even host their own SearXNG instance, tailoring the sources and ranking systems to their preferences, an unmatched level of control, though the experience varies by setup. Finally, Swisscows distinguishes itself with both privacy and family-friendly results. 

It blocks tracking, filters explicit content, and now runs on a subscription model of around $4.4 per month. While no longer free, its positioning makes it attractive for parents and classrooms seeking a safe and secure search option. 

Taken together, these alternatives highlight that Google is not the only gateway to the internet. From DuckDuckGo’s simplicity to SearXNG’s transparency and Mojeek’s independence, privacy-first search engines prove that it’s possible to browse the web without surrendering personal data.
Read more »
Vulnerabilities and Exploits
Browser Clickjacking links Login Credentials Password Manager Vulnerabilities and Exploits

Password Managers Face Clickjacking Flaw, Millions of Users at Risk



For years, password managers have been promoted as one of the safest ways to store and manage login details. They keep everything in one place, help generate strong credentials, and protect against weak or reused passwords. But new research has uncovered a weakness in several widely used browser extensions that could expose sensitive information for millions of people.


Details about the flows

Security researchers recently found that 11 different password manager extensions share a vulnerability linked to the way they rely on the Document Object Model (DOM). The DOM is part of how web pages are structured, and in this case, it opens a door to a technique known as “clickjacking.”

Clickjacking works by tricking users into clicking on invisible or disguised elements of a web page. For example, a malicious site may look legitimate but contain hidden layers. A single misplaced click can unintentionally activate the password manager’s autofill function. Once that happens, the manager may begin entering saved credentials directly into the attacker’s page.

The danger lies in how quietly this happens. Users often close the site without realizing that their passwords or even stored credit card information and personal details like addresses or phone numbers may already have been copied by attackers.


The scale of the issue

The affected list includes some of the most recognized password managers in the industry. An estimated 40 million users worldwide could be impacted. While some companies have already addressed the issue through updates, not all providers have released fixes yet. For example, RoboForm has patched its extension, and Bitwarden has rolled out a new version. However, others remain in the process of responding.


Protecting yourself

There is no universal fix for clickjacking, but users can take important steps to reduce risk:

1. Be cautious with links: Avoid clicking on unfamiliar or suspicious links, even if they appear genuine. It is always safer to type the website address directly or use trusted bookmarks.

2. Update your tools: Make sure your password manager extension is up to date. Updates often contain security fixes that block known vulnerabilities.

3. Change autofill settings: If you use a Chromium-based browser, switch your password manager’s autofill to “on-click.” This ensures that details are only filled in when you actively choose to do so.

4. Disable unnecessary autofill: Consider turning off automatic completion for personal information like email addresses in your browser settings.


The bottom line

Password managers are still an essential tool for safe online habits, but like any technology, they are not immune to flaws. Staying alert, practicing careful browsing, and keeping your software updated can substantially lower the risk. Until every provider has addressed the vulnerability, users should take extra precautions to keep their digital identities secure.



Read more »
PWA
Browser Browser Security Client Accounts Cyber Attacks cybercriminals Data protection data security Data Theft Mobile Security PWA

Cybercriminals Escalate Client-Side Attacks Targeting Mobile Browsers

 

Cybercriminals are increasingly turning to client-side attacks as a way to bypass traditional server-side defenses, with mobile browsers emerging as a prime target. According to the latest “Client-Side Attack Report Q2 2025” by security researchers c/side, these attacks are becoming more sophisticated, exploiting the weaker security controls and higher trust levels associated with mobile browsing. 

Client-side attacks occur directly on the user’s device — typically within their browser or mobile application — instead of on a server. C/side’s research, which analyzed compromised domains, autonomous crawling data, AI-powered script analysis, and behavioral tracking of third-party JavaScript dependencies, revealed a worrying trend. Cybercriminals are injecting malicious code into service workers and the Progressive Web App (PWA) logic embedded in popular WordPress themes. 

When a mobile user visits an infected site, attackers hijack the browser viewport using a full-screen iframe. Victims are then prompted to install a fake PWA, often disguised as adult content APKs or cryptocurrency apps, hosted on constantly changing subdomains to evade takedowns. These malicious apps are designed to remain on the device long after the browser session ends, serving as a persistent backdoor for attackers. 

Beyond persistence, these apps can harvest login credentials by spoofing legitimate login pages, intercept cryptocurrency wallet transactions, and drain assets through injected malicious scripts. Some variants can also capture session tokens, enabling long-term account access without detection. 

To avoid exposure, attackers employ fingerprinting and cloaking tactics that prevent the malicious payload from triggering in sandboxed environments or automated security scans. This makes detection particularly challenging. 

Mobile browsers are a favored target because their sandboxing is weaker compared to desktop environments, and runtime visibility is limited. Users are also more likely to trust full-screen prompts and install recommended apps without questioning their authenticity, giving cybercriminals an easy entry point. 

To combat these threats, c/side advises developers and website operators to monitor and secure third-party scripts, a common delivery channel for malicious code. Real-time visibility into browser-executed scripts is essential, as relying solely on server-side protections leaves significant gaps. 

End-users should remain vigilant when installing PWAs, especially those from unfamiliar sources, and treat unexpected login flows — particularly those appearing to come from trusted providers like Google — with skepticism. As client-side attacks continue to evolve, proactive measures on both the developer and user fronts are critical to safeguarding mobile security.
Read more »
Scam
Browser Malicious Browser Extension Mozilla phishing Scam

Mozilla Alerts Extension Developers About Phishing Scam on Add-ons Platform

 



Mozilla has issued a warning to developers who publish browser extensions on its official platform, addons.mozilla.org (AMO), about a new phishing campaign targeting their accounts. The attackers are reportedly sending emails that falsely claim to be from the Mozilla team, attempting to trick developers into giving away their login credentials.

AMO is the central hub for Firefox browser extensions, hosting more than 60,000 add-ons and over 500,000 visual themes. These are used by millions of Firefox users across the world, making the platform a valuable target for cybercriminals.

In its advisory, Mozilla stated that the scam emails are disguised to look like official communication from its staff. The messages often claim that the developer’s account needs to be updated in order to continue using certain features. This tactic is meant to create urgency and increase the chances of the developer clicking on a malicious link.

Mozilla urged developers to be extra cautious and double-check any email they receive related to their add-on accounts. Specifically, it advised checking if the message came from a genuine Mozilla domain such as mozilla.org, mozilla.com, or firefox.com. In addition, developers should make sure that the email passes technical checks like SPF, DKIM, and DMARC, which are designed to verify the sender's identity.

To avoid falling victim, Mozilla recommends that developers avoid clicking on any links in suspicious emails. Instead, they should go directly to Mozilla’s official website using a browser and log in only through trusted web addresses.

While Mozilla has not yet confirmed how many developers were affected or whether any accounts were compromised, at least one developer has come forward saying they fell for the scam. Mozilla has promised to share more details as its investigation progresses.

This warning comes just weeks after Mozilla introduced new security features aimed at protecting users from malicious extensions. The company’s Add-ons Operations team has recently removed hundreds of suspicious add-ons, including some designed to steal cryptocurrency.

Andreas Wagner, who oversees security efforts on the platform, noted that while not all harmful extensions are easy to detect, cybercriminals stole nearly $500 million in crypto last year through fake wallet extensions and similar scams.

Mozilla’s latest alert serves as a reminder for all developers and users to stay careful when it comes to online threats, especially those targeting widely used platforms.

Read more »
Malware Threat
Browser Credential Theft Cyber Attacks CyberThreat Data Theft Information Security Infostealer Infostealer Malware Malicious Browsers Malware Attack Malware Threat

Shuyal Malware Targets 19 Browsers with Advanced Data Theft and Evasion Capabilities

 

A newly discovered infostealing malware named “Shuyal” has entered the cyber threat landscape, posing a serious risk to users by targeting a wide range of web browsers and deploying sophisticated evasion methods. Identified by researchers at Hybrid Analysis, Shuyal is capable of stealing credentials and sensitive information from 19 different browsers, including lesser-known privacy-focused options like Tor and Brave. 

The malware is named after identifiers found in its code path and represents a new generation of data stealers with expanded surveillance capabilities. Unlike traditional malware that only focuses on login credentials, Shuyal goes deeper—harvesting system-level information, capturing screenshots, monitoring clipboard activity, and sending all of it to cybercriminals using a Telegram bot-controlled infrastructure. 

In his analysis, Vlad Pasca from Hybrid Analysis highlighted that Shuyal performs extensive system reconnaissance. Once it infects a device, it disables the Windows Task Manager to prevent users from detecting or ending the malware’s process. It also hides its tracks by removing evidence of its activities through self-deleting mechanisms, including batch scripts that erase runtime files once the data has been exfiltrated. 

Among the browsers targeted by Shuyal are mainstream options such as Chrome and Edge, but it also compromises more obscure browsers like Waterfox, OperaGx, Comodo, Falko, and others often marketed as safer alternatives. This wide reach makes it particularly concerning for users who believe they are using secure platforms. 

Shuyal collects technical details about the system, including hard drive specifications, connected input devices like keyboards and mice, and display configurations. It compresses all collected data using PowerShell into a temporary folder before transmitting it to the attackers. This organized method of data collection and transfer demonstrates the malware’s highly stealthy design. 

The malware also ensures it remains active on compromised machines by copying itself into the Startup folder, allowing it to launch each time the system is rebooted. 

Although researchers have not yet pinpointed the exact methods attackers use to distribute Shuyal, common delivery vectors for similar malware include phishing emails, malicious social media posts, and deceptive captcha pages. Experts caution that infostealers like Shuyal often serve as precursors to more serious threats, including ransomware attacks and business email compromises. 

Hybrid Analysis encourages cybersecurity professionals to study the published indicators of compromise (IOCs) associated with Shuyal to strengthen their defense strategies. As cyber threats evolve, early detection and proactive protection remain essential.
Read more »
OpenAI
AI integration AI Powered AI technology Browser ChatGPT Chrome Cyber Security Data collection data security Google Chrome Internet Browser OpenAI

OpenAI Launching AI-Powered Web Browser to Rival Chrome, Drive ChatGPT Integration

 

OpenAI is reportedly developing its own web browser, integrating artificial intelligence to offer users a new way to explore the internet. According to sources cited by Reuters, the tool is expected to be unveiled in the coming weeks, although an official release date has not yet been announced. With this move, OpenAI seems to be stepping into the competitive browser space with the goal of challenging Google Chrome’s dominance, while also gaining access to valuable user data that could enhance its AI models and advertising potential. 

The browser is expected to serve as more than just a window to the web—it will likely come packed with AI features, offering users the ability to interact with tools like ChatGPT directly within their browsing sessions. This integration could mean that AI-generated responses, intelligent page summaries, and voice-based search capabilities are no longer separate from web activity but built into the browsing experience itself. Users may be able to complete tasks, ask questions, and retrieve information all within a single, unified interface. 

A major incentive for OpenAI is the access to first-party data. Currently, most of the data that fuels targeted advertising and search engine algorithms is captured by Google through Chrome. By creating its own browser, OpenAI could tap into a similar stream of data—helping to both improve its large language models and create new revenue opportunities through ad placements or subscription services. While details on privacy controls are unclear, such deep integration with AI may raise concerns about data protection and user consent. 

Despite the potential, OpenAI faces stiff competition. Chrome currently holds a dominant share of the global browser market, with nearly 70% of users relying on it for daily web access. OpenAI would need to provide compelling reasons for people to switch—whether through better performance, advanced AI tools, or stronger privacy options. Meanwhile, other companies are racing to enter the same space. Perplexity AI, for instance, recently launched a browser named Comet, giving early adopters a glimpse into what AI-first browsing might look like. 

Ultimately, OpenAI’s browser could mark a turning point in how artificial intelligence intersects with the internet. If it succeeds, users might soon navigate the web in ways that are faster, more intuitive, and increasingly guided by AI. But for now, whether this approach will truly transform online experiences—or simply add another player to the browser wars—remains to be seen.
Read more »
Technology
Browser Firefox Internet Mozilla Technology

Malicious Firefox Extension Steals Verification Tokens: Update to stay safe


Credential theft and browser security were commonly found in Google Chrome browsers due to its wide popularity and usage. Recently, however, cyber criminals have started targeting Mozilla Firefox users. A recent report disclosed a total of eight malicious Firefox extensions that could spy on users and even steal verification tokens.

About the malicious extension

Regardless of the web browser we use, criminals are always on the hunt. Threat actors generally prefer malicious extensions or add-ons; therefore, browser vendors like Mozilla offer background protections and public support to minimize these threats as much as possible. Despite such a measure, on July 4th, the Socket Threat Research Team's report revealed that threat actors are still targeting Firefox users. 

According to Kush Pandya, security engineer at Socket Threat Research Team, said that while the “investigation focuses on Firefox extensions, these threats span the entire browser ecosystem.” However, the particular Firefox investigation revealed a total of eight potentially harmful extensions, including user session hijacking to earn commissions on websites, redirection to scam sites, surveillance via an invisible iframe tracking method, and the most serious: authentication theft.

How to mitigate the Firefox attack threat

Users are advised to read the technical details of the extensions. According to Forbes, Mozilla is taking positive action to protect Firefox users from such threats. The company has taken care of the extensions mentioned in the report. According to Mozilla, the malicious extension impacted a very small number of users; some of the extensions have been shut down. 

“We help users customize their browsing experience by featuring a variety of add-ons, manually reviewed by our Firefox Add-ons team, on our Recommended Extensions page,” said a Firefox spokesperson. To protect the users, Mozilla has disabled “extensions that compromise their safety or privacy, or violate its policies, and continuously works to improve its malicious add-on detection tools and processes.”

How to stay safe?

To protect against these threats, Mozilla has advised users to Firefox users to take further steps, cautioning that such extensions are made by third parties. Users should check the extension rating and reviews, and be extra careful of extensions that need excessive permissions that are not compatible with what the extension claims to do. If any extension seems to be malicious, “users should report it for review,” a Firefox spokesperson said. 

Read more »
malware
Browser FIN7 GrayAlpha Infection Vectors Internet malware

GrayAlpha Exposed: Deploys Malware via Infection Vectors


Experts from Insikt Group have found new infrastructure linked with GrayAlpha, a cybercrime gang overlapping with the financially motivated group called FIN7. Fin7 has been in the cybercrime game since 2013 and is known as one of the most infamous and technologically advanced gang-attacking organizations worldwide. “The group is organized like a professional business, with compartmentalized teams handling malware development, phishing operations, money laundering, and management,” reports Insikt Group.

The discovered infrastructure comprises domains used for distributing payload and extra IP addresses that are linked to GrayAlpha. Insikt Group found a custom PowerShell loader called PowerNet, which decompresses and launches NetSupport RAT. Insikt Group discovered another custom loader called MaskBat that shares similarities with FakeBat but is hidden and has strings linked to GrayAlpha.

The experts discovered three main primary infection techniques:

  1. Traffic distribution system (TDS) Tag-124
  2. Fake 7-Zip download site
  3. Fake browser update pages

All the infection vectors were used simultaneously, and a detailed analysis by the experts revealed the individual alleged to be a member of GrayAlpha operation. 

Individuals and organizations are suggested to implement app allow-lists to stop the download of authentic-looking spoof files that contain malware. If allow-lists are not possible, detailed employee security training is a must, especially in detecting malvertising. Besides this, the use of tracking rules like YARA and Malware Intelligence Hunting queries given in this report is important for identifying both present and past compromises. Due to the continuous evolution nature of malware, these rules should be regularly and teamed with wider identification techniques, such as monitoring of network artifacts and use of Recorded Future Network Intelligence.

In the future, experts must keep an eye on the wider cybercriminal ecosystem to predict and address emerging threats in a better way. The constant advancement in the cybercrime industry raises the chance of attacks against organizations. Generally, APT operations are linked to state-sponsored entities, but GrayAlpha shows that threat actors can show the same level of persistence. Similar to the ransomware-as-service (RaaS) model, threat actors are getting more sophisticated day by day, raising the need for adaptive and comprehensive security measures. 

Read more »
Scam
Browser confidential documents Cyber Security Emails phishing Scam

When Trusted Sites Turn Dangerous: How Hackers Are Fooling Users

 


A recent cyberattack has revealed how scammers are now using reliable websites and tailored links to steal people's login credentials. This new method makes it much harder to spot the scam, even for trained eyes.


How It Was Caught

A cybersecurity team at Keep Aware was silently monitoring browser activity to observe threats in real time. They didn’t interrupt the users — instead, they watched how threats behaved from start to finish. That’s how they noticed one employee typed their login details into a suspicious page.

This alert led the team to investigate deeper. They confirmed that a phishing attack had occurred and quickly took action by resetting the affected user’s password and checking for other strange activity on their account.

What stood out was this: the phishing page didn’t come from normal browsing. The user likely clicked a link from their email app, meaning the scam started in their inbox but took place in their browser.


How the Scam Worked

The employee landed on a real, long-standing website known for selling outdoor tents. This site was over 9 years old and had a clean online reputation. But cybercriminals had broken in and added a fake page without anyone noticing.

The page showed a message saying the user had received a “Confidential Document” and asked them to type in their email to view a payment file. This is a typical trick — creating a sense of urgency to get the person to act without thinking.


Tactics Used by Hackers

The fake page was designed to avoid being studied by experts. It blocked right-clicking and common keyboard shortcuts so that users or researchers couldn’t easily inspect it.

It also had smart code that responded to how the person arrived. If the phishing link already included the target’s email address, the page would automatically fill it in. This made the form feel more genuine and saved the user a step — making it more likely they’d complete the action.

This technique also allowed attackers to keep track of which targets clicked and which ones entered their information.


Why It Matters

This attack shows just how advanced phishing scams have become. By using real websites, targeted emails, and smooth user experiences, scammers are getting better at fooling people.

To stay safe, always be cautious when entering personal information online. Even if a site looks familiar, double-check the web address and avoid clicking suspicious email links. If something feels off, report it before doing anything else.


Read more »
Safari
Browser ChatGPT Data Breach Google Chrome Safari

How Web Browsers Have Become a Major Data Security Risk

 




For years, companies protected sensitive data by securing emails, devices, and internal networks. But work habits have changed. Now, most of the data moves through web browsers.  

Employees often copy, paste, upload, or transfer information online without realizing the risks. Web apps, personal accounts, AI tools, and browser extensions have made it harder to track where the data goes. Old security methods can no longer catch these new risks.  


How Data Slips Out Through Browsers  

Data leaks no longer happen only through obvious channels like USB drives or emails. Today, normal work tasks done inside browsers cause unintentional leaks.  

For example, a developer might paste secret codes into an AI chatbot. A salesperson could move customer details into their personal cloud account. A manager might give an online tool access to company data without knowing it.  

Because these activities happen inside approved apps, companies often miss the risks. Different platforms also store data differently, making it harder to apply the same safety rules everywhere.  

Simple actions like copying text, using extensions, or uploading files now create new ways for data to leak. Cloud services like AWS or Microsoft add another layer of confusion, as it becomes unclear where the data is stored.  

The use of multiple browsers, Chrome, Safari, Firefox — makes it even harder for security teams to keep an eye on everything.  


Personal Accounts Add to the Risk  

Switching between work and personal accounts during the same browser session is very common. People use services like Gmail, Google Drive, ChatGPT, and others without separating personal and office work.  

As a result, important company data often ends up in personal cloud drives, emails, or messaging apps without any bad intention from employees.  

Studies show that nearly 40% of web use in Google apps involves personal accounts. Blocking personal uploads is not a solution. Instead, companies need smart browser rules to separate work from personal use without affecting productivity.  


Moving Data Is the Most Dangerous Moment  

Data is most vulnerable when it is being shared or transferred — what experts call "data in motion." Even though companies try to label sensitive information, most protections work only when data is stored, not when it moves.  

Popular apps like Google Drive, Slack, and ChatGPT make sharing easy but also increase the risk of leaks. Old security systems fail because the biggest threats now come from tools employees use every day.  


Extensions and Unknown Apps — The Hidden Threat  

Browser extensions and third-party apps are another weak spot. Employees often install them without knowing how much access they give away.  

Some of these tools can record keystrokes, collect login details, or keep pulling data even after use. Since these risks often stay hidden, security teams struggle to control them.  

Today, browsers are the biggest weak spot in protecting company data. Businesses need better tools that control data flow inside the browser, keeping information safe without slowing down work.  


Read more »
Safari
Browser Cyber Fraud Google link Safari

Browser Warning: Fake Websites Steal Millions from Users

 



Cyber scammers give new warnings as they do not stop scamming unsuspecting web shoppers through a new phishing campaign posing to be online stores. Many of these fake stores Google has removed from its search results, but links remain on social media and other sites, hence why all internet users need to know how to spot these dangerous sites.


How the Scam Works

In its latest research, Human Security's Satori team has found that cyber thieves are taking advantage of a method that leads internet users from legitimate online platforms to fake online shopping. The attackers inject a malicious program that creates fake product listings in genuine websites. This tactic pushes these fake listings up to the top rank of the search results; hence, users who click on such pages are attracted by what seems to be a good deal. When you click on such links, you are redirected to a phishing site by a malicious person who actually controls the site.

On such rogue sites, they will force you to pay using the actual service providers that have a history of legitimacy, therefore giving you more confidence. After you pay, you never receive the product and lose your cash. Maybe some consumers have effectively filed a credit card chargeback, but recovery is not always possible.


A Massive Phishing Campaign

According to the latest research, the cybercrooks have managed to compromise more than 1,000 websites to spread false business proposals. The thieves had established 121 fake online shops, where the amount of dollars in money lost by hundreds of thousands of gullible people was going into millions. According to Human Security, hundreds of thousands of people have been duped by these cheats.

Be Alert with These False Sites Signs

The victim will not get caught again if he can see the following signs:

- Deals That Seem Too Good to Be True: Something that you bought a little below its selling price is a red flag. Confirm if the website is legit before you go further.

- Inconsistent Website Names: Sometimes, the domain name, popup titles, and payment processing pages can have different names. Fake sites often have inconsistent names in these details.

- Order Process Quality: Be cautious when the ordering process appears suspicious or lacks most normal security measures, such as autofill with an address.

- Check Reviews: Look for reviews of the website from outside sources. Recognize that some reviews are completely false. Some review sites are much better about guaranteeing legitimacy.


This phishing scam, they have called "Phish 'n' Ships." This campaign effectively makes use of search engine optimization tricks to push these phony listings up as top results, giving them a spurious sense of legitimacy to unsuspecting users. In spite of these having been largely removed by Google, the criminals' strategies are changing day by day.


Continued Threat Against Browser Users

These attacks are highly likely to be affected in all major web browsers, but researchers warn that "Phish 'n' Ships" has not been suppressed, because it remains active.

Even though Google succeeded in taking down some of its parts partially, criminals will most likely change their attack in order to continue scamming further.

Meanwhile, Malwarebytes has detected another threat in Bing search results. Cybercrooks have misused the terms "Keybank login" and other similar ones to reroute innocent surfers fraudulently to phishing sites aimed at stealing banking credentials. Sometimes, even the top result of the search is a malicious link.


Security Tips for Ad Campaigns

Before launching online ads, organisations should make sure that the advertising associates they hire are well-equipped to handle malvertising. Key best practices for this include ad monitoring for threats, latent "cloaked" malicious scanning and processes in place in case of attacks.

By being vigilant and checking websites, users can avoid becoming a victim of these very sophisticated scams.



Read more »
TOR
anonymization Browser Cyber Security Darknet Encryption Network Online Privacy Security servers TOR

Exploring the Tor Network: A Comprehensive Look at Online Anonymity and Privacy

 

The Tor network, originally developed in the early 2000s by the U.S. Naval Research Laboratory, has been operated since 2006 by the independent non-profit organization, The Tor Project. The project's primary goal is to offer a free method for anonymizing internet traffic. Approximately 85% of The Tor Project’s funding comes from U.S. government entities, while the remaining 15% is sourced from private donations and NGOs.

Tor, which stands for "The Onion Router," functions by routing a user's connection through three randomly selected servers (nodes), layering encryption like the layers of an onion. The destination site only detects the IP address of the final node, called the exit server, masking the user's original address. The system refreshes the connection route every 10 minutes, though the access node remains stable for two to three months.

Data transferred within the Tor network is encrypted until it reaches the exit server. However, users must still encrypt any sensitive information entered on websites, as data exiting the network can be read if it's not further encrypted. To access Tor, users need a specialized browser—like the Tor browser, based on Mozilla Firefox and configured for secure browsing.

With about 6,500 servers currently active worldwide, individuals, companies, and organizations operate these nodes. Any internet user with a DSL connection can set up a Tor node. However, the network's openness can be a vulnerability; if an exit node operator is not vigilant, unencrypted data can be intercepted. Additionally, sophisticated entities, such as intelligence agencies, could potentially track Tor users by analyzing traffic patterns or compromising nodes.

Despite these risks, Tor remains the most secure method of maintaining anonymity online. Around two million people, particularly those in heavily monitored states, use the Tor network daily. The darknet, a collection of hidden websites, also depends on Tor's anonymization for access.
Read more »
Web
Browser Internet Mozilla Technology User Privacy User Tracking Web

Mozilla Privacy: Tracking Users Without Consent


The organization behind the privacy-centric Firefox browser, has come under fire for allegedly tracking users without their consent. This controversy centers around a feature called Privacy Preserving Attribution (PPA), which has sparked a heated debate about privacy, consent, and the future of online tracking.

The User Tracking Allegations

The European digital rights group NOYB (None Of Your Business) has filed a privacy complaint against Mozilla, claiming that the PPA feature in Firefox tracks users’ online behavior without their explicit consent. According to NOYB, this practice violates the EU’s General Data Protection Regulation (GDPR), which mandates that users must be informed and give consent before any tracking can occur.

What is Privacy Preserving Attribution?

Privacy Preserving Attribution is a method designed to measure the effectiveness of online advertisements without relying on invasive third-party cookies. Instead of allowing individual websites to track users, PPA shifts this responsibility to the browser itself. The idea is to provide advertisers with the data they need while protecting users’ privacy.

However, the implementation of PPA has raised significant concerns. Critics argue that by enabling this feature by default, Mozilla has effectively bypassed the need for user consent. This move has been seen as contradictory to Mozilla’s long-standing reputation as a champion of online privacy.

The GDPR Implications

The GDPR is one of the most stringent privacy regulations in the world, and it requires that any form of data processing must be transparent and consensual. NOYB’s complaint suggests that Mozilla’s PPA feature does not meet these criteria. If the complaint is upheld, Mozilla could face substantial fines and be forced to alter its approach to user tracking.

Mozilla’s Response

In response to the allegations, Mozilla has defended the PPA feature, stating that it is designed to balance the needs of advertisers with the privacy rights of users. Mozilla argues that PPA is a more privacy-friendly alternative to traditional tracking methods and that it does not collect any personally identifiable information.

Despite these assurances, the controversy has highlighted a broader issue within the tech industry: the tension between innovation and privacy. As companies strive to develop new technologies, they must also navigate the complex landscape of privacy regulations and user expectations.

Read more »
Zero-day Flaw
Browser Chrome User Security Vulnerability and Exploits Zero-day Flaw

'0.0.0.0 Day' Vulnerability Puts Chrome, Firefox, Mozilla Browsers at Risk

 

A critical security bug known as "0.0.0.0 Day" has shook the cybersecurity world, leaving millions of users of popular browsers such as Chrome, Firefox, and Safari vulnerable to future assaults. This vulnerability allows malicious actors to possibly gain access to files, messages, credentials, and other sensitive data saved on a device within a private network, specifically "localhost.” 

What is 0.0.0.0 day flaw?

The term "0.0.0.0 Day" refers to a new vulnerability identified by Israeli cybersecurity startup Oligo that hackers can exploit before a fix is released. The zeroes indicate a lack of prior information or awareness of flaws. This makes it especially risky because users and developers are taken completely off guard. 

According to the research, the exploit consists of fraudulent websites luring browsers into allowing them to interface with APIs (Application Programming Interfaces) running on a user's local PC. These APIs are primarily intended for internal communication within applications and should not be available from other sources, such as websites. Attackers that exploit the 0.0.0.0 Day vulnerability could possibly get unauthorised access to sensitive information saved on a user's device, steal data, or even launch malware. 

Impact on key browsers 

The security ramifications of this issue are extensive. Here's a closer look at the possible impact on major browsers. 

Chrome zero-Day vulnerability: Google Chrome, the world's most popular browser, is an obvious target for attackers. A successful exploit of the 0.0.0.0 Day bug could allow criminals to get beyond Chrome's security measures and get access to a user's local network. This could expose sensitive information kept on a user's PC, compromise corporate networks if a user works remotely, or even aid in the installation of malware. 

Firefox zero-day vulnerability: Although Firefox is not as extensively used as Chrome, it is a popular choice for many consumers. A successful exploit of the 0.0.0.0 Day vulnerability may have similar repercussions for Firefox users. Attackers could potentially obtain access to local networks, steal data, or carry out malware attacks. 

Safari Zero-Day vulnerability: The 0.0.0.0 Day vulnerability could also affect Apple's Safari browser, which is the default browser on all Apple devices. While Apple has a reputation for strong security, this vulnerability underlines the ongoing need for vigilance. A successful exploit can allow attackers access to a user's local network on a Mac or iOS device, possibly compromising private information or aiding new assaults. 

The disclosure of the 0.0.0.0 Day vulnerability underlines the ongoing challenge of ensuring browser security in an increasingly complicated threat ecosystem. Browser developers must continue to invest in R&D to remain ahead of thieves. Users must also be cautious and follow best practices to safeguard themselves from emerging risks.
Read more »
Zero Day
Browser Data Google Chrome Vulnerability and Exploits Zero Day

Google Issues Emergency Update for New Chrome Vulnerability

 



Google has announced an urgent security update for its Chrome browser to fix a newly discovered vulnerability that is actively being exploited. This recent flaw, identified as CVE-2024-5274, is the eighth zero-day vulnerability that Google has patched in Chrome this year.

Details of the Vulnerability

The CVE-2024-5274 vulnerability, classified as high severity, involves a 'type confusion' error in Chrome's V8 JavaScript engine. This type of error occurs when the software mistakenly treats a piece of data as a different type than it is, potentially leading to crashes, data corruption, or allowing attackers to execute arbitrary code. The vulnerability was discovered by Google security researcher Clément Lecigne.

Google has acknowledged that the flaw is being exploited in the wild, which means that malicious actors are already using it to target users. To protect against further attacks, Google has not yet disclosed detailed technical information about the flaw.

To address the issue, Google has released a fix that is being rolled out via the Chrome Stable channel. Users on Windows and Mac will receive the update in versions 125.0.6422.112/.113, while Linux users will get the update in version 125.0.6422.112. Chrome typically updates automatically, but users need to relaunch the browser for the updates to take effect. To ensure the update is installed, users can check their Chrome version in the About section of the Settings menu.

Ongoing Security Efforts

This marks the third actively exploited zero-day vulnerability in Chrome that Google has fixed in May alone. Earlier this year, Google adjusted its security update schedule, reducing it from twice weekly to once weekly. This change aims to close the patch gap and reduce the time attackers have to exploit known vulnerabilities before a fix is released.

Previous Zero-Day Vulnerabilities Fixed This Year

Google has been actively addressing several critical vulnerabilities in Chrome throughout 2024. Notable fixes include:

1. CVE-2024-0519: An out-of-bounds memory access issue in the V8 engine, which could lead to heap corruption and unauthorised data access.

2. CVE-2024-2887: A type confusion vulnerability in the WebAssembly standard, which could be exploited for remote code execution.

3. CVE-2024-2886: A use-after-free bug in the WebCodecs API, allowing arbitrary reads and writes, leading to remote code execution.

4. CVE-2024-3159: An out-of-bounds read in the V8 engine, enabling attackers to access sensitive information.

5. CVE-2024-4671: A use-after-free flaw in the Visuals component, affecting how content is rendered in the browser.

6. CVE-2024-4761: An out-of-bounds write issue in the V8 engine.

7. CVE-2024-4947: Another type confusion vulnerability in the V8 engine, risking arbitrary code execution.

Importance of Keeping Chrome Updated

The continuous discovery and exploitation of vulnerabilities surfaces that it's imperative to keep our softwares up to date. Chrome’s automatic update feature helps ensure users receive the latest security patches without delay. Users should regularly check for updates and restart their browsers to apply them promptly.

Overall, Google’s quick response to these vulnerabilities highlights the critical need for robust security measures and careful practices in maintaining up-to-date software to protect against potential cyber threats.


Read more »
Privacy
Ad Blocking AdGuard DNS Browser DNS phishing Privacy

Block Ads and Boost Security with AdGuard DNS

 



Advertisements are omnipresent, disrupting our web browsing and compromising our online security. Many ads slow down our internet speed, infringe on our privacy, and even pose malware risks. However, there is a solution that can alleviate these issues: AdGuard DNS.

AdGuard DNS offers a comprehensive way to block malicious websites, intrusive ads, and trackers while also enabling parental controls. This service stands out by allowing up to 20 devices to connect across more than 50 servers in 15 locations. Now, a five-year subscription is available for $24.97, down from the regular price of $719.64, but only until May 22.

Default DNS (Domain Name System) services translate website names into IP addresses, guiding your browser to the correct site. AdGuard DNS takes this further by filtering out unsafe sites before you even visit them. This added layer of protection can demonstrably enhance your digital security.


Benefits of Blocking Ads

Blocking ads with a DNS service like AdGuard can make web pages load faster. This is because ads often consume substantial bandwidth and processing power, particularly those that are interactive or video-based. By reducing the data your browser needs to load, AdGuard DNS can dramatically improve your browsing experience.

Unlike browser-based ad-blockers, AdGuard DNS provides network-wide protection. This means it blocks ads and trackers not only in your web browser but also across your entire operating system, installed programs, and mobile apps. This system-level blocking is far more effective than relying solely on browser extensions, which can't intercept ads and trackers operating outside the browser.

AdGuard DNS also enhances your privacy and security. Ads are not just annoying; they can be dangerous, containing trackers, malware, and phishing links. For example, in April 2021, hackers used malicious ads to distribute infected software via fake sites, leading to data theft for many users. By blocking such ads, AdGuard DNS protects you from these threats before they reach your device.

For those seeking even more robust protection, AdGuard DNS offers advanced features like AI-powered malware filtering. This level of protection ensures that even the most sophisticated cyber threats are kept at bay, providing peace of mind in an increasingly vulnerable digital environment. 

In conclusion, AdGuard DNS provides a powerful, comprehensive solution for blocking ads, strengthening privacy, and securing your digital experience. With its current discounted offer, it's an excellent opportunity to protect your online world effectively and affordably.


Read more »
junk files
Android Browser Cche Cookies Cyber Security Cyberattacks CyberThreat Firefox Google Chrome junk files

Banish Browser Clutter: How to Easily Remove Junk Files on Android

 


A web browser on users' Android phones may collect data, such as cookies and cache, that can be useful, but can also be unwanted and may pose a security risk to their privacy. It is recommended that users clear these data regularly so that junk can be removed from their devices and that unknown data trackers will not be able to store extraneous information on their devices. 

It is important to know that cleaning cache and cookies depends on the type of browser users use, such as Google Chrome, Samsung Internet, or Mozilla Firefox. The process of clearing this data varies from browser to browser and usually involves entering the browser settings and choosing the data that users wish to delete. 

By clicking on the More button in Google Chrome and navigating to History, users can clear their browser's cookies and cache. Deletes can be done in a variety of ways with this browser, such as by deleting browsing history, cookies and site information, cached images and files, or selecting a time range during which they should be deleted. 

It is possible to delete browsing data, cookies, and cache on the Samsung Internet browser app or through the phone's settings menu, just as Samsung Internet offers similar options. As far as Mozilla Firefox is concerned, there are several ways to clear browsing data, including the Open tabs, Browsing History, Site Data, and Downloads folder, as well as the Cookies and Cached images and files. Most of the junk that builds up inside the device's cache and cookies is just plain junk. Some of it could have come from a single site a user visited. 

As a result of this tracking, some companies are showing their users advertisements based on the items they are buying or watching on the internet. Other companies are tracking their browsing history on an active basis, helping them show them advertisements based on those items. As a result, it is essential to clear out the cache frequently. The tool enables users to remove any data they no longer need on their phone, especially if they have a cookie in their phone that contains a cookie from a known data tracker. 

Users will have to log back into some of their favourite websites after clearing the cache, but this is a small price to pay to make sure their phone does not accumulate unnecessary data by doing so. It is important to note that the steps vary slightly depending on the kind of phone and web browser that the user is using. 

In the Android version of Google Chrome, users can delete cookies and cache by first tapping the More button at the top right of the browser, which is indicated by a column of three dots. They can then tap History, and then they can delete their cookies and cache. Chrome users can also access this by clicking the Privacy and Security menu in their Chrome Settings. As well as removing browsing history, cookies, and site data, Chrome offers two advanced settings to clear users' cached files and images. 

The user can select which time ranges to delete from the drop-down menu when selecting whether he/she wants to delete the entire history or select a selection from anywhere within the past 24 hours to within the last four weeks. When users tap on the Advanced tab, users can also access additional options such as deleting saved passwords, auto-complete information for forms, and site settings. 

When they have selected the items they want to delete, tap the blue Clear data button at the bottom of the screen. If Chrome determines that certain websites are "important" to its users, they might receive a prompt asking them to confirm before clearing the cache, if Chrome deems that particular website to be "important" to the user. Similar to the Chrome browser for Android, the Mozilla Firefox Android app also allows users to clear their cache from within the application. 

It is possible to access this feature by tapping on the More button that is located to the right of the address bar, also indicated by three vertically aligned dots. In the Settings menu, tap the Delete browsing data option. Then scroll down and select the option. There is a lot of freedom in Firefox when it comes to the Delete browsing data menu compared to the other three browsers mentioned here, in that it allows users to delete all current open tabs, their browsing history, their site data, their permissions, and even their Downloads folder, along with their Cookies and Cached files and images. 

As with Chrome, users have the option to select a time range, however, they can be more specific regarding the type of data that they wish to remove, as opposed to merely picking a time range. As a bonus, Firefox also comes with an option that allows users not to retain their browsing data after they have signed up for the application but before they begin using it. 

There is an option within the Settings tab that instructs Firefox to delete any combination of these settings every time the user quits the browser. This will eliminate any combination of these settings every time the user quits the browser. If users want to remain tidy with their browser history, this functionality can be quite useful since they can avoid accidentally handing their browsing history over to a person who may have stolen the phone from them or gained access to it in some other way.
Read more »
Subscribe to: Comments (Atom)