Collecting Cyber-News from over 60 sources

Tag: browser

Newly discovered Firefox zero-days addressed

May 20, 2025 10:54 PM

Tags: browser, zero-day

First seen on scworld.com Jump to article: www.scworld.com/brief/newly-discovered-firefox-zero-days-addressed
100+ Fake Chrome Extensions Found Hijacking Sessions, Stealing Credentials, Injecting Ads

May 20, 2025 5:54 PM

Tags: browser, chrome, credentials, data, malicious, service, threat, tool

An unknown threat actor has been attributed to creating several malicious Chrome Browser extensions since February 2024 that masquerade as seemingly benign utilities but incorporate covert functionality to exfiltrate data, receive commands, and execute arbitrary code.”The actor creates websites that masquerade as legitimate services, productivity tools, ad and media creation or analysis First seen on…
Tor Browser 14.5.2 Released: Bug Fixes and Enhanced Features

May 20, 2025 10:54 AM

Tags: browser, cyber, privacy, update, vulnerability

Tor Project has launched Tor Browser 14.5.2, a significant update addressing security vulnerabilities, refining cross-platform functionality, and enhancing build system reliability. This release integrates critical Firefox security patches, resolves longstanding privacy-related bugs, and implements infrastructural improvements to streamline future development. Tor Browser 14.5.2 prioritizes security by rebasing its underlying engine on Firefox 128.10.1esr, Mozilla’s Extended…
Ethical hackers exploited zero-day vulnerabilities against popular OS, browsers, VMs and AI frameworks

May 20, 2025 5:57 AM

Tags: ai, authentication, browser, chrome, cloud, container, cve, cyber, data, docker, exploit, flaw, framework, hacker, infrastructure, linux, microsoft, network, nvidia, open-source, oracle, risk, software, technology, tool, vmware, vulnerability, zero-day

Virtual machine and container escapes: Virtualization sits at the core of public cloud infrastructure and private data centers, allowing companies to run their workloads and applications inside isolated containers or virtual servers. Any flaw that allows escaping from the confines of a virtual machine or a Linux container poses a risk not only to the…
Mozilla fixed zero-days recently demonstrated at Pwn2Own Berlin 2025

May 19, 2025 9:54 PM

Tags: access, browser, data, exploit, hacking, update, vulnerability, zero-day

Mozilla addressed two critical Firefox vulnerabilities that could be potentially exploited to access sensitive data or achieve code execution. Mozilla released security updates to fix two critical vulnerabilities in the Firefox browser that could be potentially exploited to access sensitive data or achieve code execution. >>This week at the security hacking competition pwn2own, security researchers…
Mozilla fixes Firefox zero-days exploited at hacking contest

May 19, 2025 4:54 PM

Tags: browser, exploit, hacking, update, vulnerability, zero-day

Mozilla released emergency security updates to address two Firefox zero-day vulnerabilities demonstrated in the recent Pwn2Own Berlin 2025 hacking competition. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/mozilla-fixes-firefox-zero-days-exploited-at-hacking-contest/
Firefox Tests AI-Powered Perplexity Search Engine Directly in Browser

May 19, 2025 2:54 PM

Tags: ai, browser

Mozilla Firefox experiments with AI-powered Perplexity Search Engine in its address bar for version 139, signalling a potential… First seen on hackread.com Jump to article: hackread.com/firefox-tests-ai-powered-perplexity-search-in-browser/
Firefox Patches 2 Zero-Days Exploited at Pwn2Own Berlin with $100K in Rewards

May 19, 2025 1:54 PM

Tags: access, browser, cve, data, exploit, flaw, update, vulnerability, zero-day

Mozilla has released security updates to address two critical security flaws in its Firefox browser that could be potentially exploited to access sensitive data or achieve code execution.The vulnerabilities, both of which were exploited as a zero-day at Pwn2Own Berlin, are listed below -CVE-2025-4918 – An out-of-bounds access vulnerability when resolving Promise objects that could…
Critical Firefox 0-Day Flaws Allow Remote Code Execution

May 19, 2025 11:54 AM

Tags: browser, cve, cyber, flaw, malicious, remote-code-execution, vulnerability, zero-day

Mozilla has urgently patched two critical 0-day vulnerabilities in its popular web browser Firefox, both of which could allow remote attackers to execute malicious code on user systems. The flaws, tracked as CVE-2025-4918 and CVE-2025-4919, were disclosed on May 17, 2025, and are addressed in Firefox version 138.0.4. Security experts are strongly advising all users…
Pwn2Own Day 3: Zero-Day Exploits Windows 11, VMware ESXi, and Firefox

May 19, 2025 11:54 AM

Tags: browser, cyber, exploit, hacking, vmware, vulnerability, windows, zero-day

The Pwn2Own Berlin 2025 last day ended with impressive technological accomplishments, bringing the total prize money over one million dollars. Security researchers demonstrated sophisticated exploitation techniques against high-profile targets including Windows 11, VMware ESXi, and Mozilla Firefox, revealing critical zero-day vulnerabilities that vendors must now address. The three-day hacking competition showcased 28 unique zero-day vulnerabilities,…
Pwn2Own Berlin: Firefox, Sharepoint und VMware-Produkte gehackt

May 19, 2025 9:54 AM

Tags: browser, vmware

Teilnehmer der Pwn2Own in Berlin haben zahlreiche Softwareprodukte attackiert. Ein Hersteller hat besonders schnell reagiert und sofort Patches verteilt. First seen on golem.de Jump to article: www.golem.de/news/pwn2own-berlin-firefox-sharepoint-und-vmware-produkte-gehackt-2505-196310.html
Week in review: Microsoft patches 5 actively exploited 0-days, recently fixed Chrome vulnerability exploited

May 18, 2025 10:35 AM

Tags: browser, chrome, exploit, microsoft, update, vulnerability, WeeklyReview, zero-day

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Patch Tuesday: Microsoft fixes 5 actively exploited zero-days On May 2025 … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/18/week-in-review-microsoft-patches-5-actively-exploited-0-days-recently-fixed-chrome-vulnerability-exploited/
Google Chrome data leakage bug confirmed as actively exploited

May 17, 2025 10:54 PM

Tags: browser, chrome, data, exploit, google

First seen on scworld.com Jump to article: www.scworld.com/news/google-chrome-bug-that-could-leak-sensitive-info-actively-exploited
VMware ESXi, Firefox, Red Hat Linux SharePoint Hacked Pwn2Own Day 2

May 17, 2025 1:54 PM

Tags: browser, conference, cyber, linux, vmware, vulnerability, zero-day

Security researchers demonstrated their prowess on the second day of Pwn2Own Berlin 2025, discovering critical vulnerabilities across major enterprise platforms and earning $435,000 in bounties. The competition, now in its second day at the OffensiveCon conference in Berlin, has awarded a cumulative total of $695,000 with participants revealing 20 unique zero-day vulnerabilities thus far. With…
Pwn2Own Berlin 2025: Windows 11, VMware, Firefox and Others Hacked

May 16, 2025 9:54 PM

Tags: browser, conference, vmware, windows

The beginning of Pwn2Own Berlin 2025, hosted at the OffensiveCon conference, has concluded its first two days with… First seen on hackread.com Jump to article: hackread.com/pwn2own-berlin-2025-windows-11-vmware-firefox-hacked/
Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664)

May 16, 2025 9:54 PM

Tags: browser, chrome, cisa, exploit, flaw, google, vulnerability

A high-severity Chrome vulnerability (CVE-2025-4664) that Google has fixed on Wednesday is being leveraged by attackers, CISA has confirmed by adding the flaw to its Known … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/16/cisa-recently-fixed-chrome-vulnerability-exploited-in-the-wild-cve-2025-4664/
CISA tags recently patched Chrome bug as actively exploited

May 16, 2025 10:54 AM

Tags: attack, browser, chrome, cisa, exploit, vulnerability

On Thursday, CISA warned U.S. federal agencies to secure their systems against ongoing attacks exploiting a high-severity vulnerability in the Chrome web browser. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-tags-recently-patched-chrome-bug-as-actively-exploited-zero-day/
Google fixed a Chrome vulnerability that could lead to full account takeover

May 16, 2025 9:54 AM

Tags: browser, chrome, cve, google, update, vulnerability

Google released emergency security updates to fix a Chrome vulnerability that could lead to full account takeover. Google released emergency security updates to address a Chrome browser vulnerability, tracked as CVE-2025-4664, that could lead to full account takeover. The security researcher Vsevolod Kokorin (@slonser_) discovered the vulnerability, which stems from an insufficient policy enforcement in…
Google patches Chrome vulnerability used for account takeover and MFA bypass

May 15, 2025 9:54 PM

Tags: access, attack, browser, chrome, cloud, cve, data, exploit, flaw, google, mfa, microsoft, ransomware, risk, russia, service, update, vulnerability, windows

How could this be exploited?: OAuth provides a way of giving access to something without the need for a password. It’s useful in multiple scenarios, for example, in single sign-on (SSO). Users might also encounter it when giving a contact access to a file or document in a cloud service such as Microsoft 365 without…
The Security Gap JPMorgan Chase’s CISO Didn’t Mention”Š”, “ŠAnd Why It’s in Your Browser

May 13, 2025 10:38 PM

Tags: access, adobe, api, apple, attack, browser, business, chrome, ciso, cloud, compliance, conference, control, credentials, crypto, cyber, data, detection, dora, endpoint, exploit, finance, gartner, google, grc, identity, infrastructure, microsoft, monitoring, nis-2, open-source, password, phishing, ransomware, regulation, resilience, risk, risk-assessment, saas, sbom, software, technology, theft, threat, tool, unauthorized, update, vulnerability

The Security Gap JPMorgan Chase’s CISO Didn’t Mention”Š”, “ŠAnd Why It’s in Your Browser When the CISO of JPMorgan Chase issues a public letter to all technology vendors, the industry pays attention”Š”, “Šand rightfully so. In his open letter, Rohan Amin lays out a firm, urgent call: prioritize secure-by-design practices, patch faster, and take full accountability…
Detecting Hidemium: Fingerprinting inconsistencies in anti-detect browsers

May 13, 2025 6:38 PM

Tags: browser, chrome

This is the fourth article in our series on anti-detect browsers. In the previous post, we explained how to detect anti-fingerprinting scripts injected via Chrome DevTools Protocol (CDP). Here, we analyze Hidemium, a popular anti-detect browser, and describe how it can be detected. We start with a high-level overview of First seen on securityboulevard.com Jump…
Detecting Remote Monitoring and Management Tools Used by Attackers

May 12, 2025 8:10 PM

Tags: access, browser, chrome, cloud, control, credentials, data, detection, endpoint, exploit, identity, intelligence, ivanti, microsoft, monitoring, network, open-source, risk, saas, service, social-engineering, software, strategy, theft, threat, tool, unauthorized, update, vulnerability, vulnerability-management, windows

Following up on last year’s LOLDriver plugin, Tenable Research is releasing detection plugins for the top Remote Monitoring and Management (RMM) tools that attackers have been more frequently leveraging in victim environments. Background In August 2024, Tenable Research released a detection plugin for Nessus, Tenable Security Center and Tenable Vulnerability Management to help customers identify…
Chrome 137 Integrates Gemini Nano AI to Combat Tech Support Scams

May 10, 2025 6:10 PM

Tags: ai, browser, chrome, cyber, defense, exploit, google, intelligence, malicious, scam, threat, update

Google has unveiled a groundbreaking defense mechanism in Chrome 137, integrating its on-device Gemini Nano large language model (LLM) to detect and block these malicious campaigns in real time. This update marks a significant leap in combating evolving cyber threats by leveraging artificial intelligence directly within users’ browsers. Tech support scams exploit psychological manipulation, mimicking…
Google Chrome Uses Advanced AI to Combat Sophisticated Online Scams

May 10, 2025 5:10 PM

Tags: ai, android, browser, chrome, cyber, cybersecurity, data, detection, finance, google, intelligence, scam, theft, threat

Google has integrated artificial intelligence into its cybersecurity toolkit to shield users from financial and data theft scams. On Friday, May 09, 2025, the company unveiled a comprehensive report detailing its latest AI-driven initiatives across Search, Chrome, and Android, marking a significant leap in preemptive threat detection and user protection. These advancements aim to counteract…
So soll euch der Google-Browser künftig vor Online-Betrug schützen

May 9, 2025 11:10 PM

Tags: browser, chrome, fraud, google

First seen on t3n.de Jump to article: t3n.de/news/google-chrome-ki-online-betrug-1686457/
Google Chrome to use on-device AI to detect tech support scams

May 9, 2025 8:11 PM

Tags: ai, browser, chrome, google, scam

Google is implementing a new Chrome security feature that uses the built-in ‘Gemini Nano’ large-language model (LLM) to detect and block tech support scams while browsing the web. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-chrome-to-use-on-device-ai-to-detect-tech-support-scams/
OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities

May 9, 2025 8:11 PM

Tags: browser, chrome, credentials, detection, malware, north-korea, theft, threat

The North Korean threat actors behind the Contagious Interview campaign have been observed using updated versions of a cross-platform malware called OtterCookie with capabilities to steal credentials from web browsers and other files.NTT Security Holdings, which detailed the new findings, said the attackers have “actively and continuously” updated the malware, introducing versions v3 and v4…
Google Deploys On-Device AI to Thwart Scams on Chrome and Android

May 9, 2025 3:10 PM

Tags: ai, android, browser, chrome, detection, google, LLM, scam

The tech giant plans to leverage its Gemini Nano LLM on-device to enhance scam detection on Chrome First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/google-ai-gemini-nano-scams-chrome/
What your browser knows about you, from contacts to card numbers

May 9, 2025 12:11 PM

Tags: browser, chrome, data, mobile

Chrome and Safari are the most popular browser apps, accounting for 90% of the mobile browsers market share, according to Surfshark. Chrome: the most data-hungry browser … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/09/browser-data-collection-tracking/
Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android

May 9, 2025 10:11 AM

Tags: ai, android, browser, chrome, google, intelligence, scam

Google on Thursday announced it’s rolling out new artificial intelligence (AI)-powered countermeasures to combat scams across Chrome, Search, and Android.The tech giant said it will begin using Gemini Nano, its on-device large language model (LLM), to improve Safe Browsing in Chrome 137 on desktops.”The on-device approach provides instant insight on risky websites and allows us…