#browser-security
#browser-security

Information security

Attackers are targeting developers via Slack and Google Sites

Fake Google Security page hijacks browser as proxy for attackers

Attackers use fake Google security notifications to install malicious Progressive Web Apps that steal one-time passwords, crypto wallet addresses, location data, and intercept SMS codes through social engineering and legitimate browser APIs.

Information security

Half of all cyberattacks start in your browser: 10 essential tips for staying safe

Information security

1Password's new anti-phishing feature targets your most inescapable vulnerability - here's how

23 hours ago

Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

Threat actors have shifted to new phishing platforms after Tycoon 2FA's disruption, reusing its tools and increasing overall phishing attacks.

Attackers are targeting developers via Slack and Google Sites

A targeted phishing campaign exploits trust in the open-source community, tricking developers into providing credentials and installing malicious software.

Fake Google Security page hijacks browser as proxy for attackers

Information security

Half of all cyberattacks start in your browser: 10 essential tips for staying safe

Information security

1Password's new anti-phishing feature targets your most inescapable vulnerability - here's how

more#phishing

#privacy

fromElectronic Frontier Foundation

Privacy technologies

Privacy, power, and encryption: why end-to-end security matters | Computer Weekly

Privacy technologies

How Push Notifications Can Betray Your Privacy (and What to Do About It)

fromMIT Technology Review

Building trust in the AI era with privacy-led UX

Well-designed consent experiences enhance trust and business performance, evolving privacy into an ongoing relationship rather than a one-time transaction.

Privacy technologies

Just the Browser Is just the beginning

Open protocols and free code are constrained by centralized rulemakers and data-harvesting; minimal, policy-respecting browsers and a Small Web can restore user autonomy.

Privacy, power, and encryption: why end-to-end security matters | Computer Weekly

Privacy is a fundamental human condition, and end-to-end encryption is essential for protecting communications in a surveillance-heavy world.

fromElectronic Frontier Foundation

How Push Notifications Can Betray Your Privacy (and What to Do About It)

Push notifications can reveal personal information, and both Apple and Google have restrictions on sharing this data with law enforcement.

fromMIT Technology Review

Building trust in the AI era with privacy-led UX

Well-designed consent experiences enhance trust and business performance, evolving privacy into an ongoing relationship rather than a one-time transaction.

Privacy technologies

Just the Browser Is just the beginning

more#privacy

fromFast Company

fromwww.independent.co.uk

How to hide your sensitive info (for real) when using ChatGPT and other AI chatbots

Chatbots can be useful for summarizing complex information, but sensitive data must be properly redacted to ensure privacy.

UK politics

12 hours ago

Government to host summit about keeping children safe online in age of AI

The Independent focuses on critical issues like reproductive rights and online safety, emphasizing the need for accessible journalism.

Cloudflare can remember it for you wholesale

Agent Memory enhances AI by providing persistent memory for better recall and smarter interactions.

AI is a gold mine for spammers and scammers, but Google is using it as a tool to fight back

Generative AI tools have intensified online spam and scams, prompting tech giants like Google to enhance their defenses against these threats.

fromAP News

AI is a gold mine for spammers and scammers, but Google is using it as a tool to fight back

Generative AI tools have intensified online spam and scams, prompting tech companies like Google to enhance their defenses against malicious ads.

fromSFGATE

AI is a gold mine for spammers and scammers, but Google is using it as a tool to fight back

Generative AI tools have intensified online spam and scams, prompting tech giants like Google to enhance their defenses against these threats.

fromAP News

AI is a gold mine for spammers and scammers, but Google is using it as a tool to fight back

Generative AI tools have intensified online spam and scams, prompting tech companies like Google to enhance their defenses against malicious ads.

Software development

Claude Opus wrote a Chrome exploit for $2,283

Privacy professionals

Hidden Passenger? How Taboola Routes Logged-In Banking Sessions to Temu

Information security

Hackers are abusing unpatched Windows security flaws to hack into organizations | TechCrunch

Information security

Massive Chrome Extension Scam Exposes 20,000 Users to Data Theft

fromLondon Business News | Londonlovesbusiness.com

Privacy professionals

Booking.com Says Hackers Accessed User Information

Information security

The rising cost of data breaches: Why backup and cyber protection must go hand in hand - London Business News | Londonlovesbusiness.com

Software development

Claude Opus wrote a Chrome exploit for $2,283

Anthropic withheld its Mythos model due to security concerns, while Opus 4.6 was used to create a functional exploit for Chrome's V8 engine.

Hidden Passenger? How Taboola Routes Logged-In Banking Sessions to Temu

A bank's Taboola pixel redirected users to a Temu tracking endpoint without consent or security controls detecting the violation.

Hackers are abusing unpatched Windows security flaws to hack into organizations | TechCrunch

Hackers exploited Windows vulnerabilities published by a researcher, affecting Windows Defender and allowing high-level access.

Massive Chrome Extension Scam Exposes 20,000 Users to Data Theft

A hacking group exploited 108 Chrome Extensions to steal data from around 20,000 users, posing as legitimate tools.

Booking.com Says Hackers Accessed User Information

Hackers may have accessed customer information on Booking.com, but accounts have not been breached.

fromLondon Business News | Londonlovesbusiness.com

The rising cost of data breaches: Why backup and cyber protection must go hand in hand - London Business News | Londonlovesbusiness.com

Cyber incidents now lead to significant financial and reputational damage, necessitating a unified strategy for backup and cyber protection.

This simple email trick saves me from annoying marketing spam (and it's free to do)

Using a dedicated shopping email can effectively reduce spam and clutter in your primary inbox.

fromNature

Researchers: here's how to audit your fragmented digital identity

A search for 'Guo Wei' in ORCID returned 616 profiles, none affiliated with the Jiangsu University of Science and Technology, highlighting the difficulty in verifying academic identities.

Higher education

Digital life

fromwww.dw.com

Dangerous Apps In the Web of Data Brokers

Smartphone apps collect detailed location data, often shared with data brokers, posing security risks to users, including soldiers and government officials.

fromBusiness Matters

Why Trust and Verification Are Critical for Modern Online Platform Businesses

Trust is essential yet fragile in the digital economy, with platforms facing increasing challenges from sophisticated online scams.

#data-breach

Clothing Retailer Patches Website Flaw Exposing Customer Data

A flaw in Express's website allowed unauthorized access to customer data through sequential order IDs in URLs.

fromwww.bbc.com

Booking.com customers warned of 'reservation hijacking' after hack

A data breach at Booking.com has led to increased scams known as 'reservation hijacks' targeting customers.

Clothing Retailer Patches Website Flaw Exposing Customer Data

A flaw in Express's website allowed unauthorized access to customer data through sequential order IDs in URLs.

fromwww.bbc.com

Booking.com customers warned of 'reservation hijacking' after hack

A data breach at Booking.com has led to increased scams known as 'reservation hijacks' targeting customers.

more#data-breach

fromPrivacy International

What is digital fingerprinting: Is my device ever truly anonymous?

Digital fingerprinting is a tracking technique that monitors how browsers and devices communicate online.

AI Upgrades, Security Breaches, and Industry Shifts Define This Week in Tech - TechRepublic

AI innovation and security threats are reshaping technology and corporate strategies across various platforms and applications.

fromThe Cyber Express

Gemini Ad Safety Targets Surge In AI-Generated Scam Ads

Google's Gemini ad safety systems blocked over 8.3 billion harmful ads in 2025, focusing on early detection and combating AI-generated scams.

Deliverability

fromenglish.elpais.com

Only 13% of emails are written by people, and more than half end up in the spam folder: This isn't a technical detail; it's a structural change'

Email is increasingly dominated by automated systems, with 87% of traffic generated by them, leading to declining effectiveness and user engagement.

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.

Information security

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

6 days ago

Information security

Fake Claude Website Distributes PlugX RAT

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

A sophisticated threat disguised as adware compromised over 25,000 endpoints, allowing silent control through an unregistered domain.

6 days ago

Fake Claude Website Distributes PlugX RAT

A fake Anthropic Claude website distributed a remote access trojan disguised as a legitimate application download.

more#malware

fromTNW | Artificial-Intelligence

Zoom adds World ID verification to prove meeting participants are human, not deepfakes

Zoom integrates biometric verification to combat deepfake fraud in meetings.

fromExtremeTech

Google, Microsoft, and Meta Ignore Your Ad Tracking Opt-Outs, Audit Reveals

Google, Microsoft, and Meta track users' browsing habits despite opt-out requests, violating privacy regulations.

fromThe Cool Down

AI chatbots are subtly trying to make you buy more stuff - here's how to protect yourself

AI can influence consumer purchasing decisions without their awareness, often through subtle persuasion methods.

Don't sleep on this powerful new Chrome security booster

Assess Chrome extensions carefully to ensure developer trustworthiness and review permissions, as ownership changes can introduce security risks.

Information security

Over 300 Malicious Chrome Extensions Caught Leaking or Stealing User Data

Information security

30+ Chrome extensions disguised as AI chatbots steal secrets

3 months ago

Information security

Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts

Web design

Don't sleep on this powerful new Chrome security booster

Assess Chrome extensions carefully to ensure developer trustworthiness and review permissions, as ownership changes can introduce security risks.

Information security

Over 300 Malicious Chrome Extensions Caught Leaking or Stealing User Data

Information security

30+ Chrome extensions disguised as AI chatbots steal secrets

3 months ago

Information security

Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts

more#chrome-extensions

100 Chrome Extensions Steal User Data, Create Backdoor

Over 20,000 users installed malicious Chrome extensions that steal information, provide backdoors, or inject ads, as reported by cybersecurity firm Socket.

Age verification is a mess but we're doing it anyway

Age verification methods on the internet are flawed, leading to challenges in effectively preventing underage access to inappropriate content.

fromAbove the Law

Privacy technologies

438 Experts Said Age Verification Is Dangerous. Legislators Are Moving Forward With It Anyway. - Above the Law

Age verification mandates for the internet are technically flawed, threaten privacy, and may cause more harm than good, according to 438 researchers from 32 countries.

fromThe Verge

Age verification is a mess but we're doing it anyway

Age verification methods on the internet are flawed, leading to challenges in effectively preventing underage access to inappropriate content.

fromAbove the Law

438 Experts Said Age Verification Is Dangerous. Legislators Are Moving Forward With It Anyway. - Above the Law

Age verification mandates for the internet are technically flawed, threaten privacy, and may cause more harm than good, according to 438 researchers from 32 countries.

more#age-verification

Cursor AI Vulnerability Exposed Developer Devices

A vulnerability in Cursor AI allows attackers to hijack developer machines via malicious repositories without user interaction.

A data removal service helped me reclaim my privacy - see if you need one, too

Personal data is collected and sold by brokers, making removal services essential for protecting sensitive information.

Google Chrome lacks browser fingerprinting defenses

Chrome's safety features do not protect against browser fingerprinting, a prevalent tracking method used online.

BrowserGate: Claims of LinkedIn 'Spying' Clash With Security Research Findings

LinkedIn allegedly scans users' computers to collect data on browser extensions, raising concerns about corporate espionage.

#north-korea

Information security

North Korean social engineering campaign targets macOS users | Computer Weekly

North Korea targets macOS users in latest heist

North Korean criminals use social engineering and fake software updates to steal Apple users' credentials and cryptocurrency.

North Korean social engineering campaign targets macOS users | Computer Weekly

A North Korean campaign targeting macOS users tricked victims into executing malicious files, leading to credential and data theft.

North Korea targets macOS users in latest heist

North Korean criminals use social engineering and fake software updates to steal Apple users' credentials and cryptocurrency.

Google will soon penalize sites that hijack your browser's back button

Google will penalize websites that hijack the browser's back button to improve user experience and eliminate frustrating redirects.

fromArs Technica

Websites that hijack your back button must stop by June 15 or face Google's wrath

Google mandates that the back button must function as expected, enforcing policies against back button hijacking to enhance user experience.

1 week ago

Google Rolls Out Cookie Theft Protections in Chrome

Google introduces Device Bound Session Credentials in Chrome to enhance security against session cookie theft.

fromPCWorld

Google will soon penalize sites that hijack your browser's back button

Google will penalize websites that hijack the browser's back button to improve user experience and eliminate frustrating redirects.

fromArs Technica

Websites that hijack your back button must stop by June 15 or face Google's wrath

Google mandates that the back button must function as expected, enforcing policies against back button hijacking to enhance user experience.

1 week ago

Google Rolls Out Cookie Theft Protections in Chrome

Google introduces Device Bound Session Credentials in Chrome to enhance security against session cookie theft.

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

Threat actors exploit vulnerabilities in TBK DVR and TP-Link routers to deploy Mirai-botnet variants, targeting IoT devices for large-scale attacks.

fromMail Online

Is YOUR phone safe? Facial recognition on 21 devices can be spoofed

Facial recognition on many mobile phones can be easily fooled by printed photos, posing security risks for users.

fromArs Technica

Recent advances push Big Tech closer to the Q-Day danger zone

Organizations are transitioning to new algorithms to replace RSA and elliptic curves due to vulnerabilities exposed by quantum computing threats.

fromMail Online

Warning to iPhone users over iCloud storage scam exposing bank details

A new email scam targets iPhone users, posing as iCloud notifications to steal personal and banking information.

Anthropic starts checking ID for some Claude users

Anthropic is implementing identity verification for certain Claude features to enhance platform integrity and compliance.

WhatsApp New Update Lets You Chat Without Sharing Your Phone Number

WhatsApp is introducing usernames, allowing users to chat without sharing phone numbers, enhancing privacy and user experience.

WhatsApp notifies hundreds of users who installed a fake app that was actually government spyware | TechCrunch

WhatsApp notified 200 users about a malicious fake app containing spyware created by Italian firm SIO.

Don't open that WhatsApp message, Microsoft warns

WhatsApp messages are being exploited to deliver malicious files that allow attackers to control victims' machines and access their data.

Privacy technologies

WhatsApp is rolling out a new stricter security setting to protect users from cyber attacts | TechCrunch

WhatsApp New Update Lets You Chat Without Sharing Your Phone Number

WhatsApp is introducing usernames, allowing users to chat without sharing phone numbers, enhancing privacy and user experience.

WhatsApp notifies hundreds of users who installed a fake app that was actually government spyware | TechCrunch

WhatsApp notified 200 users about a malicious fake app containing spyware created by Italian firm SIO.

Don't open that WhatsApp message, Microsoft warns

WhatsApp messages are being exploited to deliver malicious files that allow attackers to control victims' machines and access their data.

Privacy technologies

WhatsApp is rolling out a new stricter security setting to protect users from cyber attacts | TechCrunch

Time for government, business leaders to figure out AI cybersecurity regulation - Harvard Gazette

Agentic AI poses both opportunities for cybersecurity and risks to personal data, economy, and national security, necessitating regulation by leaders.

fromInfoWorld

The agent security mess

Most granted permissions are unused by humans, but AI agents will exploit them, leading to significant security risks.

fromMakeUseOf

I turned off Chrome's Ad Privacy feature after realizing what it was actually doing

Google's Ad Privacy feature does not eliminate third-party cookies but introduces a new tracking system that emphasizes data collection.

Cyber Essentials closes the MFA loophole but leaves some organisations adrift | Computer Weekly

Multi-factor authentication becomes mandatory under Cyber Essentials v3.3, with no exceptions for organizations failing to implement it.

fromHer Campus

6 days ago

Why Website Cookies Aren't As Sweet As They Sound

Website cookies can raise serious privacy concerns due to their role in tracking user behavior and collecting personal data.

Ransomware Hits Automotive Data Expert Autovista

We are responding to a ransomware incident affecting certain Autovista systems in Europe and Australia. We appreciate our customers' patience as we work to respond to this incident in a disciplined manner.

Information security

Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites

Malicious WordPress plugins with backdoors compromised thousands of websites, demonstrating a supply-chain attack and leading to their permanent removal.

Microsoft's Windows Recall still allows silent data extraction

Microsoft needs to enhance code integrity for AIXHost.exe to prevent injection attacks.

Server-room lock was nothing but a crock

A security vulnerability allowed unauthorized access to a server room due to a flaw in the two-factor authentication lock.

n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails

Threat actors are weaponizing n8n to conduct phishing campaigns and deliver malicious payloads through automated emails.

Runtime security becomes critical as AI accelerates threats

Artificial intelligence accelerates innovation and cyber threats, necessitating a focus on runtime security for effective enterprise protection.

5 telltale signs that your phone has been compromised (and how to combat them)

Phone hacking can be detected through signs like battery drain, slow performance, unfamiliar logins, and reduced storage space.

fromWIRED

Do You Need an Identity Protection Service for Safe Browsing?

Identity theft protection services function as insurance products offering reactive compensation for damages rather than active prevention, with coverage details and sub-benefit caps critically affecting actual protection value.

1 week ago

The Hidden Cost of Recurring Credential Incidents

Credential incidents cause significant operational costs and disruptions, impacting IT teams and overall business productivity beyond just breach prevention.

fromthenextweb.com

Unmasking the illusion of safety online

Personal cybersecurity responsibility is essential as cybercrime costs billions annually, with social media amplifying vulnerabilities through voluntary data sharing and AI-enabled threat analysis.

Chrome encryption bypass discovered: New malware steals passwords and cookies

The bypass requires neither privilege escalation nor code injection, making it a stealthier approach compared to alternative ABE bypass methods.

Information security

Threat Actor Targeting VPN Users in New Credential Theft Campaign

Storm-2561 uses SEO poisoning and GitHub hosting to distribute trojans impersonating VPN software, stealing credentials through signed malware that evades detection.

Critical Chrome Security Flaws Threaten Billions of Users Worldwide

Google patched two actively exploited zero-day vulnerabilities in Chrome affecting billions of users worldwide, with flaws in graphics rendering and JavaScript execution components.

OAuth phishers make 'check where the link points' advice ineffective

Attackers use phishing emails with malicious OAuth links containing broken parameters to redirect users to attacker-controlled destinations through legitimate identity providers.

fromWIRED

Password Managers Share a Hidden Weakness

An FBI informant helped run the Incognito dark web market and allegedly approved the sale of fentanyl-laced pills, including those from a dealer linked to a confirmed death, WIRED reported this week. Meanwhile, Jeffrey Epstein's ties to Customs and Border Protection officers sparked a Department of Justice probe. Documents say that CBP officers in the US Virgin Islands were still friendly with Epstein years after his 2008 conviction, illustrating the infamous sex offender's tactics for cultivating allies.

Information security

#password-security

fromFast Company

Information security

What if everything you think you know about passwords is wrong? Here's what really makes a strong password in 2026

Information security

Every day in every way, passwords are getting worse

fromFast Company

Information security

What if everything you think you know about passwords is wrong? Here's what really makes a strong password in 2026

Information security

Every day in every way, passwords are getting worse

more#password-security

Malicious Chrome Extensions Caught Stealing Business Data, Emails, and Browsing History

CL Suite Chrome extension exfiltrates Meta Business Suite and Facebook Business Manager TOTP seeds, 2FA codes, contact lists, and analytics to attacker-controlled servers.