Chrome Extension Caught Injecting Hidden Solana Transfer Fees Into Raydium Swaps
Cybersecurity researchers have discovered a new malicious extension on the Chrome Web Store that's capable of injecting a stealthy Solana…
Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware
Cybersecurity researchers have disclosed details of a new campaign that has leveraged Blender Foundation files to deliver an information…
Matrix Push C2 Uses Browser Notifications for Fileless, Cross-Platform Phishing Attacks
Bad actors are leveraging browser notifications as a vector for phishing attacks to distribute malicious links by means of a new…
Fake Chrome Extension “Safery” Steals Ethereum Wallet Seed Phrases Using Sui Blockchain
Cybersecurity researchers have uncovered a malicious Chrome extension that poses as a legitimate Ethereum wallet but harbors functionality to…
New Browser Security Report Reveals Emerging Threats for Enterprises
According to the new Browser Security Report 2025, security leaders are discovering that most identity, SaaS, and AI-related risks converge in…
Nation-State Hackers Deploy New Airstalk Malware in Suspected Supply Chain Attack
A suspected nation-state threat actor has been linked to the distribution of a new malware called Airstalk as part of a likely supply chain…
New "Brash" Exploit Crashes Chromium Browsers Instantly with a Single Malicious URL
A severe vulnerability disclosed in Chromium's Blink rendering engine can be exploited to crash many Chromium-based browsers within a few…
Analysing ClickFix: 3 Reasons Why Copy/Paste Attacks Are Driving Security Breaches
ClickFix, FileFix, fake CAPTCHA — whatever you call it, attacks where users interact with malicious scripts in their web browser are a…
131 Chrome Extensions Caught Hijacking WhatsApp Web for Massive Spam Campaign
Cybersecurity researchers have uncovered a coordinated campaign that leveraged 131 rebranded clones of a WhatsApp Web automation extension for…
How Attackers Bypass Synced Passkeys
TLDR Even if you take nothing else away from this piece, if your organization is evaluating passkey deployments, it is insecure to deploy…
Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor
Microsoft said it has revamped the Internet Explorer (IE) mode in its Edge browser after receiving "credible reports" in August 2025 that…
New macOS XCSSET Variant Targets Firefox with Clipper and Persistence Module
Cybersecurity researchers have discovered an updated version of a known Apple macOS malware called XCSSET that has been observed in limited…
Google Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens Millions
Google on Wednesday released security updates for the Chrome web browser to address four vulnerabilities, including one that it said has been…
6 Browser-Based Attacks Security Teams Need to Prepare For Right Now
Attacks that target users in their web browsers have seen an unprecedented rise in recent years. In this article, we'll explore what a…
Fake Madgicx Plus and SocialMetrics Extensions Are Hijacking Meta Business Accounts
Cybersecurity researchers have disclosed two new campaigns that are serving fake browser extensions using malicious ads and fake websites to…
When Browsers Become the Attack Surface: Rethinking Security for Scattered Spider
As enterprises continue to shift their operations to the browser, security teams face a growing set of cyber challenges. In fact, over 80% of…
Google Patches Chrome’s Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active…