Tag: browser
-
Italian-made spyware Dante linked to Chrome zero-day exploitation campaign
CVE-2025-2783, a Chrome zero-day vulnerability that was detected being exploited in March 2025 and was subsequently fixed by Google, was used by unknown attackers to deliver … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/28/dante-spyware-chrome-zero-day/
-
Atlas browser exploit lets attackers hijack ChatGPT memory
Tags: ai, attack, browser, business, ceo, chatgpt, chrome, cloud, credentials, detection, exploit, identity, mitigation, monitoring, phishing, soc, threat, update, vulnerabilityHow to detect a hit: Detecting a memory-based compromise in ChatGPT Atlas is not like hunting for traditional malware. There are no files, registry keys, or executables to isolate. Instead, security teams need to look for behavioral anomalies such as subtle shifts in how the assistant responds, what it suggests, and when it does so.”There…
-
Atlas browser exploit lets attackers hijack ChatGPT memory
Tags: ai, attack, browser, business, ceo, chatgpt, chrome, cloud, credentials, detection, exploit, identity, mitigation, monitoring, phishing, soc, threat, update, vulnerabilityHow to detect a hit: Detecting a memory-based compromise in ChatGPT Atlas is not like hunting for traditional malware. There are no files, registry keys, or executables to isolate. Instead, security teams need to look for behavioral anomalies such as subtle shifts in how the assistant responds, what it suggests, and when it does so.”There…
-
Atlas browser exploit lets attackers hijack ChatGPT memory
Tags: ai, attack, browser, business, ceo, chatgpt, chrome, cloud, credentials, detection, exploit, identity, mitigation, monitoring, phishing, soc, threat, update, vulnerabilityHow to detect a hit: Detecting a memory-based compromise in ChatGPT Atlas is not like hunting for traditional malware. There are no files, registry keys, or executables to isolate. Instead, security teams need to look for behavioral anomalies such as subtle shifts in how the assistant responds, what it suggests, and when it does so.”There…
-
Chrome Zero-Day Exploited to Deliver Italian Memento Labs’ LeetAgent Spyware
The zero-day exploitation of a now-patched security flaw in Google Chrome led to the distribution of an espionage-related tool from Italian information technology and services provider Memento Labs, according to new findings from Kaspersky.The vulnerability in question is CVE-2025-2783 (CVSS score: 8.3), a case of sandbox escape which the company disclosed in March 2025 as…
-
Chrome Zero-Day Exploited to Deliver Italian Memento Labs’ LeetAgent Spyware
The zero-day exploitation of a now-patched security flaw in Google Chrome led to the distribution of an espionage-related tool from Italian information technology and services provider Memento Labs, according to new findings from Kaspersky.The vulnerability in question is CVE-2025-2783 (CVSS score: 8.3), a case of sandbox escape which the company disclosed in March 2025 as…
-
Kaspersky Exposes Chrome Zero-Day RCE (CVE-2025-2783) Delivering Memento Labs Spyware in ForumTroll Campaign
The post Kaspersky Exposes Chrome Zero-Day RCE (CVE-2025-2783) Delivering Memento Labs Spyware in ForumTroll Campaign appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/kaspersky-exposes-chrome-zero-day-rce-cve-2025-2783-delivering-memento-labs-spyware-in-forumtroll-campaign/
-
Memento Spyware Tied to Chrome Zero-Day Attacks
While investigating the cyberattacks, researchers uncovered a new spyware product from Memento Labs, the successor to the infamous Hacking Team. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/memento-spyware-chrome-zero-day-attacks
-
Memento Labs, the ghost of Hacking Team, has returned, or maybe it was never gone at all.
Kaspersky links the first Chrome zero-day of 2025 to tools used in attacks attributed to Memento Labs, formerly known as the Hacking Team. The actor behind Operation ForumTroll used the same tools seen in Dante spyware attacks. Kaspersky researchers linked the first Chrome zero-day of 2025 (CVE-2025-2783), a sandbox escape flaw, to the arsenal of…
-
Chrome 0-Day Exploited by Mem3nt0 Mori in Espionage Attacks
Hackers exploit a Chrome 0-day to deploy spyware in attacks tied to Mem3nt0 Mori. Google patches CVE-2025-2783; users urged to update fast. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/chrome-zero-day-exploit-spyware/
-
Italian spyware vendor linked to Chrome zero-day attacks
A zero-day vulnerability in Google Chrome exploited in Operation ForumTroll earlier this year delivered malware linked to Italian spyware vendor Memento Labs, born after IntheCyber Group acquired the infamous Hacking Team. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/italian-spyware-vendor-linked-to-chrome-zero-day-attacks/
-
Critical Chrome 0-Day Under Attack: Mem3nt0 Mori Hackers Actively Exploiting Vulnerability
In March 2025, security researchers at Kaspersky detected a sophisticated campaign exploiting a previously unknown Chrome vulnerability to deliver advanced spyware to high-profile targets. The attack, dubbed Operation ForumTroll, leveraged personalized phishing links to compromise organizations across Russia, including media outlets, universities, research centers, government agencies, and financial institutions. A single click on a malicious…
-
Mozilla verlangt bald mehr Transparenz bei neuen Firefox-Erweiterungen
Tags: browserAb dem 3. November müssen zwingend alle neuen Firefox-Erweiterungen angeben, ob sie Benutzerdaten erfassen oder an Dritte weitergeben. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/datenschutz/mozilla-verlangt-bald-mehr-transparenz-bei-neuen-firefox-erweiterungen-322218.html
-
Mozilla verlangt bald mehr Transparenz bei neuen Firefox-Erweiterungen
Tags: browserAb dem 3. November müssen zwingend alle neuen Firefox-Erweiterungen angeben, ob sie Benutzerdaten erfassen oder an Dritte weitergeben. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/datenschutz/mozilla-verlangt-bald-mehr-transparenz-bei-neuen-firefox-erweiterungen-322218.html
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 68
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter TikTok videos continue to push infostealers in ClickFix attacks 131 Spamware Extensions Targeting WhatsApp Flood Chrome Web Store Salty Much: Darktrace’s view on a recent Salt Typhoon intrusion Shifts in the Underground: The Impact…
-
Hidden in Plain Sight: How we followed one malicious extension to uncover a multi-extension”¦
Hidden in Plain Sight: How we followed one malicious extension to uncover a multi-extension campaign Short read for everyone: we found a malicious Chrome extension that stole login data from a crypto trading site. Tracing the domain it talked to uncovered a second malicious extension. That second extension’s public metadata contained the developer email, which…
-
Mozilla: New Firefox extensions must disclose data collection practices
Starting next month, Mozilla will require Firefox extension developers to disclose whether their add-ons collect or share user data with third parties. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/software/mozilla-new-firefox-extensions-must-disclose-data-collection-practices/
-
AI browsers can be abused by malicious AI sidebar extensions: Report
‘Dumpster fires’: David Shipley, head of Canadian employee security awareness training firm Beauceron Security, agrees.”I think if CISOs are bored and want to spice up their lives with an incident, they should roll out these AI-powered hot messes to their users,” he said .”But, if they’re like most CISOs and they have lots of problems,…
-
Browser Fingerprinting: Was Programme wie Chrome, Firefox und Edge über dich wissen und mit anderen teilen
First seen on t3n.de Jump to article: t3n.de/news/browser-fingerprinting-chrome-firefox-edge-daten-1712770/
-
Building Chromegg: A Chrome Extension for Real-Time Secret Detection
Ever accidentally pasted an API key into a web form? Chromegg is our new Chrome extension that scans form fields in real-time, alerting you BEFORE you submit secrets. Open-source & ready to use! First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/building-chromegg-a-chrome-extension-for-real-time-secret-detection/
-
131 Malicious Chrome Extensions Discovered Targeting WhatsApp Users
A new wave of spamware targeting WhatsApp Web users has emerged, as the Socket Threat Research Team revealed the discovery of 131 malicious Chrome extensions actively flooding the Chrome Web Store. These extensions are not conventional malware, but function as high-risk automation tools, systematically violating platform policies to facilitate large-scale spam campaigns, primarily targeting Brazilian…
-
131 Chrome Extensions Caught Hijacking WhatsApp Web for Massive Spam Campaign
Cybersecurity researchers have uncovered a coordinated campaign that leveraged 131 rebranded clones of a WhatsApp Web automation extension for Google Chrome to spam Brazilian users at scale.The 131 spamware extensions share the same codebase, design patterns, and infrastructure, according to supply chain security company Socket. The browser add-ons collectively have about 20,905 active users.” First…
-
TDL 007 – Cyber Warriors Digital Shadows: Insights from Canada’s Cybersecurity Leader
Tags: ai, awareness, backup, breach, browser, business, cio, ciso, communications, conference, control, corporate, country, cryptography, cyber, cybersecurity, dark-web, data, data-breach, defense, dns, email, encryption, finance, government, healthcare, identity, incident, infrastructure, intelligence, Internet, jobs, law, leak, linux, malicious, mfa, mitigation, network, organized, phone, privacy, ransom, ransomware, RedTeam, resilience, risk, risk-management, router, service, startup, strategy, supply-chain, switch, tactics, technology, theft, threat, tool, training, windowsSummary In this episode of The Defender’s Log, host David Redekop interviews Sami Khoury, the Senior Official for Cybersecurity for the Government of Canada. With a career spanning 33 years at the Communication Security Establishment (CSE), Khoury shares how a coincidental job application blossomed into a lifelong passion for national security. Khoury emphasizes that modern…
-
Google Patches Critical Chrome Vulnerability (CVE-2025-11756) in Safe Browsing Component
Google has issued an urgent security update for its Chrome browser, addressing a high-severity vulnerability tracked as CVE-2025-11756. This flaw, which affects Chrome’s Safe Browsing feature, could allow attackers to execute arbitrary code on users’ machines, posing a direct threat to user privacy and system security. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/chrome-bug-cve-2025-11756/
-
Tor Project greift durch: Firefox-KI-Features fliegen aus dem Tor-Browser
Den Entwicklern des Tor-Browsers sind die in Firefox integrierten KI-Features zu gefährlich. Daher wird nun aufgeräumt. First seen on golem.de Jump to article: www.golem.de/news/tor-project-greift-durch-firefox-ki-features-fliegen-aus-dem-tor-browser-2510-201284.html
-
Firefox VPN soll den Datenschutz kostenlos optimieren
Mozilla will mit Firefox VPN einen kostenlosen VPN-Dienst in den eigenen Browser integrieren. Man sucht dafür nach freiwilligen Betatestern. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/datenschutz/firefox-vpn-soll-den-datenschutz-kostenlos-verbessern-321852.html
-
Firefox VPN soll den Datenschutz kostenlos optimieren
Mozilla will mit Firefox VPN einen kostenlosen VPN-Dienst in den eigenen Browser integrieren. Man sucht dafür nach freiwilligen Betatestern. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/datenschutz/firefox-vpn-soll-den-datenschutz-kostenlos-verbessern-321852.html
-
Google Fixes Critical Chrome Bug Enabling Remote Code Execution
Google patches a Chrome Safe Browsing flaw (CVE-2025-11756) that lets attackers execute code remotely. Users urged to update immediately. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/chrome-critical-rce-cve-2025-11756/