Tag: browser
-
Malicious extensions in Chrome Web store steal user credentials
Two Chrome extensions in the Web Store named ‘Phantom Shuttle’ are posing as plugins for a proxy service to hijack user traffic and steal sensitive data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-extensions-in-chrome-web-store-steal-user-credentials/
-
Fake VPN Chrome Extensions Steal Credentials by Intercepting User Traffic
Socket’s Threat Research Team has exposed a sophisticated credential-harvesting campaign that has operated through malicious Chrome extensions since 2017. Two variants of an extension named Phantom Shuttle (幻影穿æ¢), published under the threat actor email theknewone.com@gmail.com, have compromised over 2,180 users by masquerading as legitimate network testing tools while executing complete traffic interception and credential theft. The extensions market…
-
Urban VPN Proxy Spies on AI Chatbot Conversations
Browser Tools Capture Chatbot Data, Sell to Data Broker: Koi Security. A browser extension promising a free clientless VPN for Chrome users has been harvesting conversations from artificial intelligence chatbot platforms and selling the data to third-party brokers. The data collection operates independently of the VPN functionality itself. First seen on govinfosecurity.com Jump to article:…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 76
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter CyberVolk – A Deep Dive into the Hacktivists, Tools and Ransomware Fueling Pro-Russian Cyber Attacks Operation MoneyMount-ISO, Deploying Phantom Stealer via ISO-Mounted Executables Inside GhostPoster: How a PNG Icon Infected 50,000 Firefox Users […]…
-
Waterfox browser goes AI-free, targets the Firefox faithful
Even if Mozilla is going to add an AI kill switch, that may not be enough to reassure many. First seen on theregister.com Jump to article: www.theregister.com/2025/12/18/firefox_no_ai_alternative_waterfox/
-
Exploit-Welle zwingt Unternehmen zum schnellen Update – Google stopft eine aktiv ausgenutzte Chrome-Schwachstelle
First seen on security-insider.de Jump to article: www.security-insider.de/chrome-browser-aktives-angle-exploit-a-7d30d8d636bd2586e106f46e75f03cf6/
-
Exploit-Welle zwingt Unternehmen zum schnellen Update – Google stopft eine aktiv ausgenutzte Chrome-Schwachstelle
First seen on security-insider.de Jump to article: www.security-insider.de/chrome-browser-aktives-angle-exploit-a-7d30d8d636bd2586e106f46e75f03cf6/
-
Exploit-Welle zwingt Unternehmen zum schnellen Update – Google stopft eine aktiv ausgenutzte Chrome-Schwachstelle
First seen on security-insider.de Jump to article: www.security-insider.de/chrome-browser-aktives-angle-exploit-a-7d30d8d636bd2586e106f46e75f03cf6/
-
Von 6 Millionen Nutzern installiert: Diese Chrome-Erweiterung sammelt laut Experten heimlich deine ChatGPT-Daten
First seen on t3n.de Jump to article: t3n.de/news/6-millionen-nutzer-installiert-chrome-erweiterung-sammelt-heimlich-chatgpt-daten-1721943/
-
Von 6 Millionen Nutzern installiert: Diese Chrome-Erweiterung sammelt laut Experten heimlich deine ChatGPT-Daten
First seen on t3n.de Jump to article: t3n.de/news/6-millionen-nutzer-installiert-chrome-erweiterung-sammelt-heimlich-chatgpt-daten-1721943/
-
Mozilla Corporation installs Firefox driver in CEO reboot
Anthony Enzor-DeMeo picked to replace interim boss Laura Chambers First seen on theregister.com Jump to article: www.theregister.com/2025/12/16/mozilla_corporation_new_ceo/
-
When Zero-Days Go Active: What Ongoing Windows, Chrome, and Apple Exploits Reveal About Modern Intrusion Risk
A series of actively exploited zero-day vulnerabilities affecting Windows, Google Chrome, and Apple platforms was disclosed in mid-December, according to The Hacker News, reinforcing a persistent reality for defenders: attackers no longer wait for exposure windows to close. They exploit them immediately. Unlike large-scale volumetric attacks that announce themselves through disruption, zero-day exploitation operates quietly.…
-
GhostPoster Malware Hit 50K Users via Firefox Extension Icons
The GhostPoster campaign hid malware inside Firefox extension icons, infecting tens of thousands of users through trusted add-ons. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/ghostposter-malware-hit-50k-users-via-firefox-extension-icons/
-
Google Chrome Extension is Intercepting Millions of Users’ AI Chats
A Chrome browser extension with 6 million users, as well as seven other Chrome and Edge extensions, for months have been silently collecting data from every AI chatbot conversion, packaging it, and then selling it to third parties like advertisers and data brokers, according to Koi Security. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/google-chrome-extension-is-intercepting-millions-of-users-ai-chats/
-
GhostPoster Malware Found in 17 Firefox Add-ons with 50,000+ Downloads
A new campaign named GhostPoster has leveraged logo files associated with 17 Mozilla Firefox browser add-ons to embed malicious JavaScript code designed to hijack affiliate links, inject tracking code, and commit click and ad fraud.The extensions have been collectively downloaded over 50,000 times, according to Koi Security, which discovered the campaign. The add-ons are no…
-
Chrome Security Update Fixes Remote Code Execution Flaws
Tags: browser, chrome, cyber, flaw, google, linux, remote-code-execution, update, vulnerability, windowsGoogle has released an emergency security update for the Chrome browser, addressing two high-severity vulnerabilities that could enable remote code execution attacks. The stable channel update version 143.0.7499.146/.147 is now rolling out to Windows, Mac, and Linux users.”‹ Critical Vulnerabilities Patched The update fixes two significant security flaws reported by external security researchers. The first…
-
GhostPoster attacks hide malicious JavaScript in Firefox addon logos
A new campaign dubbed ‘GhostPoster’ is hiding JavaScript code in the image logo of malicious Firefox extensions counting more than 50,000 downloads, to monitor browser activity and plant a backdoor. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ghostposter-attacks-hide-malicious-javascript-in-firefox-addon-logos/
-
Chrome Extension with 6M+ Users Found Collecting AI Chatbot Inputs
A popular browser extension promoted as a free and secure VPN has been discovered secretly capturing user conversations across multiple AI chatbot platforms including ChatGPT, Claude, Gemini, and Microsoft Copilot raising fresh concerns over privacy and data exploitation in the age of generative AI. Researchers using the Wings agentic”‘AI risk engine uncovered that Urban VPN…
-
Featured Chrome Browser Extension Caught Intercepting Millions of Users’ AI Chats
A Google Chrome extension with a “Featured” badge and six million users has been observed silently gathering every prompt entered by users into artificial intelligence (AI)-powered chatbots like OpenAI ChatGPT, Anthropic Claude, Microsoft Copilot, DeepSeek, Google Gemini, xAI Grok, Meta AI, and Perplexity.The extension in question is Urban VPN Proxy, which has a 4.7 rating…
-
A Browser Extension Risk Guide After the ShadyPanda Campaign
In early December 2025, security researchers exposed a cybercrime campaign that had quietly hijacked popular Chrome and Edge browser extensions on a massive scale.A threat group dubbed ShadyPanda spent seven years playing the long game, publishing or acquiring harmless extensions, letting them run clean for years to build trust and gain millions of installs, then…
-
BSI prüft Chrome, 1Password und Co.: Was du über die Sicherheit von Passwortmanagern wissen musst
First seen on t3n.de Jump to article: t3n.de/news/bsi-prueft-chrome-1password-und-co-1721006/
-
CISA Alerts on Actively Exploited Google Chromium Zero-Day Flaw
Tags: access, browser, chrome, cisa, cyber, cybersecurity, exploit, flaw, google, infrastructure, risk, vulnerability, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a critical zero-day vulnerability in Google Chrome that is being actively exploited in the wild. The flaw, tracked asCVE-2025-14174, poses a significant risk to millions of users across multiple web browsers. Vulnerability Details Security researchers discovered an out-of-bounds memory access vulnerability within…
-
Google fixed a new actively exploited Chrome zero-day
Google addressed three vulnerabilities in the Chrome browser, including a high-severity bug already exploited in the wild. Google released security updates to fix three vulnerabilities in the Chrome browser, including a high-severity flaw that threat actors are already exploiting in real-world attacks. >>Google is aware that an exploit for 466192044 exists in the wild,
-
Chrome Targeted by Active InWild Exploit Tied to Undisclosed High-Severity Flaw
Google on Wednesday shipped security updates for its Chrome browser to address three security flaws, including one it said has come under active exploitation in the wild.The vulnerability, rated high in severity, is being tracked under the Chromium issue tracker ID “466192044.” Unlike other disclosures, Google has opted to keep information about the CVE identifier,…
-
Google Releases Critical Chrome Security Update to Address Three Zero-Days
Google has released a Chrome security update to fix three zero-day vulnerabilities, including a high-severity flaw with an active exploit First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/google-chrome-security-update/
-
Chrome Targeted by Active InWild Exploit Tied to Undisclosed High-Severity Flaw
Google on Wednesday shipped security updates for its Chrome browser to address three security flaws, including one it said has come under active exploitation in the wild.The vulnerability, rated high in severity, is being tracked under the Chromium issue tracker ID “466192044.” Unlike other disclosures, Google has opted to keep information about the CVE identifier,…