Tag: browser
-
GreedyBear: 40 Fake Crypto Wallet Extensions Found on Firefox Marketplace
A new, coordinated cybercrime campaign called “GreedyBear” has stolen over $1 million from crypto users. Learn how the group uses malicious extensions, malware, and fake websites in an industrial-scale attack uncovered by Koi Security. First seen on hackread.com Jump to article: hackread.com/greedybear-fake-crypto-wallet-extensions-firefox-marketplace/
-
GreedyBear Steals $1M in Crypto Using 150+ Malicious Firefox Wallet Extensions
A newly discovered campaign dubbed GreedyBear has leveraged over 150 malicious extensions to the Firefox marketplace that are designed to impersonate popular cryptocurrency wallets and steal more than $1 million in digital assets.The published browser add-ons masquerade as MetaMask, TronLink, Exodus, and Rabby Wallet, among others, Koi Security researcher Tuval Admoni said.What makes the First…
-
Wave of 150 crypto-draining extensions hits Firefox add-on store
A malicious campaign dubbed ‘GreedyBear’ has snuck onto the Mozilla add-ons store, targeting Firefox users with 150 malicious extensions and stealing an estimated $1,000,000 from unsuspecting victims. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/wave-of-150-crypto-draining-extensions-hits-firefox-add-on-store/
-
Mustang Panda Targets Windows Users with ToneShell Malware Disguised as Google Chrome
The China-aligned threat actor Mustang Panda, also known as Earth Preta, HIVE0154, RedDelta, and Bronze President, has been deploying the ToneShell backdoor against Windows users, primarily targeting government and military entities in the Asia-Pacific and Europe. Active since at least 2012, the group leverages spear-phishing emails with military-themed lures to deliver malicious archives, such as…
-
Brave Browser-Tipps: Den Chrome-basierten Browser optimal nutzen
So optimierst du den auf Chrome basierenden Brave Browser für maximale Sicherheit und Komfort. Praxistipps ohne Technik-Kenntnisse! First seen on tarnkappe.info Jump to article: tarnkappe.info/tutorials/brave-browser-tipps-den-chrome-basierten-browser-optimal-nutzen-319146.html
-
Python-powered malware snags hundreds of credit cards, 200K passwords, and 4M cookies
PXA Stealer pilfers data from nearly 40 browsers, including Chrome First seen on theregister.com Jump to article: www.theregister.com/2025/08/04/pxa_stealer_4000_victims/
-
Mozilla flags phishing wave aimed at hijacking trusted Firefox add-ons
Devs told to exercise ‘extreme caution’ with emails disguised as account update prompts First seen on theregister.com Jump to article: www.theregister.com/2025/08/04/mozilla_add_on_phishing/
-
Mozilla Issues Warning on Phishing Campaign Targeting Add-on Developer Accounts
Mozilla has issued an urgent security warning to Firefox add-on developers following the detection of a sophisticated phishing campaign targeting accounts on the Add-ons Mozilla Organization (AMO) platform. The alert, published by Scott DeVaney from Mozilla’s Add-ons Community team on August 1, 2025, warns developers to exercise extreme caution when receiving emails purporting to be…
-
Apple Patches Zero-Day Exploit Targeting Google Chrome Users
A zero-day exploit targeted Google Chrome users has been patched by Apple. Their latest updates target a variety of devices and operating systems. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-apple-zero-day-chrome-exploit-patch/
-
Apple fixed a zero-day exploited in attacks against Google Chrome users
Apple addressed a high-severity vulnerability that has been exploited in zero-day attacks targeting Google Chrome users. Apple released security updates to address a high-severity vulnerability, tracked as CVE-2025-6558 (CVSS score of 8.8), that has been exploited in zero-day attacks targeting Google Chrome users. The vulnerability is an insufficient validation of untrusted input in ANGLE and…
-
Apple patches security flaw exploited in Chrome zero-day attacks
Apple has released security updates to address a high-severity vulnerability that has been exploited in zero-day attacks targeting Google Chrome users. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apple-patches-security-flaw-exploited-in-chrome-zero-day-attacks/
-
Apple Patches Multiple Vulnerabilities, Including Safari Vulnerability Abused in Chrome 0-Day Attacks
Apple has released a comprehensive set of security updates across its entire product ecosystem on July 29, 2025, addressing multiple vulnerabilities including a critical Safari flaw that was reportedly exploited in Chrome zero-day attacks. The updates span iOS, iPadOS, macOS, watchOS, tvOS, and visionOS platforms, demonstrating the company’s commitment to maintaining security across all its…
-
Apple Patches Safari Vulnerability Also Exploited as Zero-Day in Google Chrome
Apple on Tuesday released security updates for its entire software portfolio, including a fix for a vulnerability that Google said was exploited as a zero-day in the Chrome web browser earlier this month.The vulnerability, tracked as CVE-2025-6558 (CVSS score: 8.8), is an incorrect validation of untrusted input in the browser’s ANGLE and GPU components that…
-
Google Launches DBSC Open Beta in Chrome and Enhances Patch Transparency via Project Zero
Google has announced that it’s making a security feature called Device Bound Session Credentials (DBSC) in open beta to ensure that users are safeguarded against session cookie theft attacks.DBSC, first introduced as a prototype in April 2024, is designed to bind authentication sessions to a device so as to prevent threat actors from using stolen…
-
Chrome Vulnerabilities Allow Attackers to Hijack Memory and Run Malicious Code
Google has released an emergency security update for its Chrome browser to address critical vulnerabilities that could allow attackers to hijack system memory and execute malicious code on affected devices. The Stable channel has been updated to version 138.0.7204.183/.184 for Windows and Mac systems, and 138.0.7204.183 for Linux, with the rollout scheduled over the coming…
-
Raven Stealer Malware Exploits Telegram to Steal Logins, Payment Data, and Autofill Info
Raven Stealer has emerged as sophisticated, lightweight information-stealing malware crafted in Delphi and C++, targeting Windows systems with a focus on extracting sensitive data like logins, payment details, and autofill information from Chromium-based browsers such as Chrome and Edge. First spotted on GitHub on July 15, 2025, this malware operates with high stealth, requiring minimal…
-
SHUYAL Emerges: Stealing Login Credentials from 19 Major Browsers
A sophisticated new information stealer named SHUYAL was recently discovered by Hybrid Analysis. It has demonstrated extensive capabilities in credential extraction from 19 different web browsers, including popular ones like Google Chrome, Microsoft Edge, Opera, Brave, and Yandex, as well as more specialized ones like Opera GX, Vivaldi, Chromium, Waterfox, Tor, Epic Privacy Browser, Comodo…
-
Chrome’s AI Challenger Has Landed: Meet Comet
Perplexity’s Comet Blends Familiarity With Agentic AI to Reshape the Web. Perplexity, the fast-rising AI search engine startup backed by the likes of Nvidia and Jeff Bezos, is riding on a cosmic high with the launch of Comet – a full-featured AI-native web browser that claims to browse at the speed of thought. First seen…
-
Arch Linux users told to purge Firefox forks after AUR malware scare
The distro’s greatest asset is arguably also its greatest weakness First seen on theregister.com Jump to article: www.theregister.com/2025/07/22/arch_aur_browsers_compromised/
-
âš¡ Weekly Recap: SharePoint 0-Day, Chrome Exploit, macOS Spyware, NVIDIA Toolkit RCE and More
Even in well-secured environments, attackers are getting in”, not with flashy exploits, but by quietly taking advantage of weak settings, outdated encryption, and trusted tools left unprotected.These attacks don’t depend on zero-days. They work by staying unnoticed”, slipping through the cracks in what we monitor and what we assume is safe. What once looked suspicious…
-
Backup tool Rescuezilla resurrects itself across six Ubuntus
2.6.1 adds Plucky Puffin and Firefox actually works this time First seen on theregister.com Jump to article: www.theregister.com/2025/07/18/rescuezilla_261/
-
Week in review: Google fixes zero-day vulnerability in Chrome, critical SQL injection flaw in FortiWeb
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Update Google Chrome to fix actively exploited zero-day (CVE-2025-6558) For … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/20/week-in-review-google-fixes-zero-day-vulnerability-in-chrome-critical-sql-injection-flaw-in-fortiweb/
-
Update Google Chrome to fix actively exploited zero-day (CVE-2025-6558)
For the fifth time this year, Google has patched a Chrome zero-day vulnerability (CVE-2025-6558) exploited by attackers in the wild. About CVE-2025-6558 CVE-2025-6558 is a … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/16/update-google-chrome-to-fix-actively-exploited-zero-day-cve-2025-6558/
-
CVE-2025-6554 marks the fifth actively exploited Chrome Zero-Day patched by Google in 2025
Google released security patches to address multiple Chrome vulnerabilities, including one flaw that has been exploited in the wild. Google released fixes for six Chrome flaws, including one actively exploited in the wild tracked as CVE-2025-6558 (CVSS score of 8.8). CVE-2025-6558 stems from improper validation of untrusted input in Chrome’s ANGLE and GPU components. Clément…
-
Google fixes actively exploited sandbox escape zero day in Chrome
Google has released a security update for Chrome to address half a dozen vulnerabilities, one of them actively exploited by attackers to escape the browser’s sandbox protection. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-fixes-actively-exploited-sandbox-escape-zero-day-in-chrome/
-
Urgent: Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild
Google on Tuesday rolled out fixes for six security issues in its Chrome web browser, including one that it said has been exploited in the wild.The high-severity vulnerability in question is CVE-2025-6558 (CVSS score: 8.8), which has been described as an incorrect validation of untrusted input in the browser’s ANGLE and GPU components.”Insufficient validation of…
-
Sicherheitslücke: Hacker attackieren Chrome-Nutzer per Sandbox-Escape
In Google Chrome klaffen mehrere gefährliche Sicherheitslücken. Eine wird schon aktiv ausgenutzt und ermöglicht einen Ausbruch aus der Sandbox. First seen on golem.de Jump to article: www.golem.de/news/google-warnt-zero-day-luecke-in-chrome-laesst-hacker-aus-sandbox-ausbrechen-2507-198152.html
-
Google Chrome 0-Day Vulnerability Under Active Exploitation
Google has released an emergency security update for Chrome 138 to address a critical zero-day vulnerability that is actively being exploited in the wild. The vulnerability, tracked as CVE-2025-6558, affects the browser’s ANGLE and GPU components and has prompted immediate action from Google’s security team to protect users from ongoing attacks. Critical Zero-Day Vulnerability Discovered…
-
Crypto Roundup: Malicious Firefox Extensions
Also: Winkle Abduction Sentencing and Crypto Theft Rising. This week, uncovering 40 malicious crypto Firefox extensions, three sentenced in a Belgium court for crypto kidnapping, the rise of crypto theft. The U.S. Secret Service is a huge crypto custodian, and prosecutors claw back funds pilfered by a fake presidential inaugural committee. First seen on govinfosecurity.com…
-
Google reveals details on Android’s Advanced Protection for Chrome
Google is sharing more information on how Chrome operates when Android mobile users enable Advanced Protection, highlighting strong security improvements. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-reveals-details-on-androids-advanced-protection-for-chrome/