#firefox-security-vulnerabilities

[ follow ]
#cybersecurity #vulnerabilities #malware #vulnerability #apt28 #phishing #supply-chain-attack #social-engineering
Node JS
fromZero Day Initiative
12 hours ago

Zero Day Initiative - Node.js Trust Falls: Dangerous Module Resolution on Windows

Node.js module resolution can lead to security vulnerabilities if malicious packages are placed in the root node_modules directory.
#linkedin
Law
fromArs Technica
7 hours ago

LinkedIn scanning users' browser extensions sparks controversy and two lawsuits

LinkedIn faces lawsuits alleging lack of user consent for data collection practices.
Privacy technologies
fromTech Times
2 days ago

LinkedIn 'BrowserGate' Investigation Alleges Secret Browser Extension Scanning Within Platform

LinkedIn allegedly collects extensive user data through a hidden system called 'Spectroscopy' without explicit user consent.
Privacy technologies
fromTNW | Insights
3 days ago

LinkedIn secretly scans 6,000+ browser extensions and fingerprints your device

LinkedIn's hidden JavaScript routine collects extensive user data without disclosure, raising concerns about covert surveillance practices.
Law
fromArs Technica
7 hours ago

LinkedIn scanning users' browser extensions sparks controversy and two lawsuits

LinkedIn faces lawsuits alleging lack of user consent for data collection practices.
Privacy technologies
fromTech Times
2 days ago

LinkedIn 'BrowserGate' Investigation Alleges Secret Browser Extension Scanning Within Platform

LinkedIn allegedly collects extensive user data through a hidden system called 'Spectroscopy' without explicit user consent.
Privacy technologies
fromTNW | Insights
3 days ago

LinkedIn secretly scans 6,000+ browser extensions and fingerprints your device

LinkedIn's hidden JavaScript routine collects extensive user data without disclosure, raising concerns about covert surveillance practices.
more#linkedin
Privacy technologies
fromTechCrunch
6 hours ago

WireGuard VPN developer can't ship software updates after Microsoft locks account | TechCrunch

WireGuard is locked out of its Microsoft developer account, preventing critical software updates for Windows users.
#cybersecurity
Information security
fromComputerWeekly.com
1 day ago

Russian cyber spies targeting consumer, Soho routers | Computer Weekly

Russian cyber intelligence services conducted a DNS hijacking campaign targeting vulnerable broadband routers to steal data from victims.
Information security
fromArs Technica
14 hours ago

Anthropic limits access to Mythos, its new cybersecurity AI model

Mythos has identified critical zero-day vulnerabilities, while Anthropic's AI model has shown both capabilities and risks in cybersecurity applications.
Node JS
fromThe Hacker News
3 days ago

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

36 malicious npm packages disguised as Strapi CMS plugins facilitate exploitation and credential harvesting.
Information security
fromSecurityWeek
17 hours ago

US Disrupts Russian Espionage Operation Involving Hacked Routers and DNS Hijacking

The US disrupted a Russian espionage operation using hacked SOHO routers to capture sensitive data from victims.
Information security
fromComputerWeekly.com
1 day ago

Russian cyber spies targeting consumer, Soho routers | Computer Weekly

Russian cyber intelligence services conducted a DNS hijacking campaign targeting vulnerable broadband routers to steal data from victims.
Information security
fromArs Technica
14 hours ago

Anthropic limits access to Mythos, its new cybersecurity AI model

Mythos has identified critical zero-day vulnerabilities, while Anthropic's AI model has shown both capabilities and risks in cybersecurity applications.
more#cybersecurity
Science
fromNature
1 week ago

Daily briefing: Quantum computers could crack cybersecurity systems before 2030

Quantum computing advancements may threaten cybersecurity systems sooner than expected, potentially compromising encryption methods by the end of the decade.
Deliverability
fromZDNET
11 hours ago

How a burner email can protect your inbox - setting one up one is easy and free

A burner email address protects against spam and phishing by providing a temporary, disposable option for account creation.
#ransomware
Healthcare
fromTheregister
16 hours ago

Ransomware knocks Dutch healthcare software vendor offline

A ransomware attack has taken down Dutch healthcare software vendor ChipSoft, affecting its services to hospitals across the country.
Information security
fromSecurityWeek
1 day ago

Medusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems

Medusa ransomware group rapidly exploits vulnerabilities, impacting critical sectors and employing double extortion tactics since June 2021.
Healthcare
fromTheregister
16 hours ago

Ransomware knocks Dutch healthcare software vendor offline

A ransomware attack has taken down Dutch healthcare software vendor ChipSoft, affecting its services to hospitals across the country.
Information security
fromSecurityWeek
1 day ago

Medusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems

Medusa ransomware group rapidly exploits vulnerabilities, impacting critical sectors and employing double extortion tactics since June 2021.
more#ransomware
UX design
fromEntrepreneur
1 day ago

The Hidden Risk Behind Every 'Frictionless' Digital Experience

Digital experiences should prioritize human agency over pressure tactics to foster trust and informed decision-making.
React
fromMDN Web Docs
1 day ago

Under the hood of MDN's new frontend | MDN Blog

MDN's frontend was overhauled to simplify design and improve code structure, addressing technical debt from the previous React app.
Mental health
fromwww.theguardian.com
1 day ago

I felt ashamed and scared': how an online friendship became a sextortion nightmare

Online friendships can lead to severe risks, including sextortion, which can have devastating emotional consequences.
Cryptocurrency
fromFortune
2 days ago

A quantum threat to Bitcoin has some asking the unthinkable: Is it time to freeze old wallets belonging to Satoshi Nakamoto? | Fortune

Quantum computing poses a significant threat to Bitcoin wallets, particularly those of Satoshi Nakamoto, potentially allowing hackers to access them by 2029.
US politics
fromArs Technica
3 days ago

CBP facility codes sure seem to have leaked via online flashcards

Immigration offenses and internal systems of CBP are detailed in flashcards, highlighting procedures and responsibilities of agents.
#openclaw
DevOps
fromInfoWorld
5 days ago

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.
Information security
fromArs Technica
5 days ago

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.
DevOps
fromInfoWorld
5 days ago

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.
Information security
fromArs Technica
5 days ago

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.
more#openclaw
Software development
fromInfoWorld
5 days ago

Internet Bug Bounty program hits pause on payouts

The Internet Bug Bounty program is pausing submissions for bug reports in open-source software to reassess its approach to security.
Information security
fromTechRepublic
15 hours ago

'BlueHammer' Exploit Targets Windows, Potentially Impacting 1 Billion+ Devices

A security researcher released exploit code for a Windows zero-day vulnerability called BlueHammer, allowing privilege escalation without an official Microsoft patch.
Privacy professionals
fromWIRED
21 hours ago

Men Are Buying Hacking Tools to Use Against Their Wives and Friends

Telegram groups facilitate the sale of hacking and surveillance services, promoting abusive content targeting women and girls.
Node JS
fromNist
1 day ago

NVD

Tinyproxy versions up to 1.11.3 are vulnerable to HTTP request parsing desynchronization due to case-sensitive Transfer-Encoding header comparison.
React
fromInfoWorld
5 days ago

Local-first browser data gets real

Signals provide a performant alternative for reactive state management in front-end development.
#chrome-extensions
Web design
fromComputerworld
1 week ago

Don't sleep on this powerful new Chrome security booster

Assess Chrome extensions carefully to ensure developer trustworthiness and review permissions, as ownership changes can introduce security risks.
Web design
fromComputerworld
1 week ago

Don't sleep on this powerful new Chrome security booster

Assess Chrome extensions carefully to ensure developer trustworthiness and review permissions, as ownership changes can introduce security risks.
more#chrome-extensions
Information security
fromSecurityWeek
17 hours ago

Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover

A critical vulnerability in Ninja Forms allows file uploads that could lead to remote code execution on affected websites.
#firefox
Web frameworks
fromTheregister
2 weeks ago

Firefox 149 brings a free VPN and native dialog boxes

Firefox 149 introduces a split view feature and a built-in free VPN with 50 GB monthly traffic for web content.
Web frameworks
fromTheregister
2 weeks ago

Firefox 149 brings a free VPN and native dialog boxes

Firefox 149 introduces a split view feature and a built-in free VPN with 50 GB monthly traffic for web content.
more#firefox
Node JS
fromSecurityWeek
2 days ago

Guardarian Users Targeted With Malicious Strapi NPM Packages

A supply chain attack targeting the Strapi ecosystem involved 36 malicious NPM packages delivering various harmful payloads.
Information security
fromThe Hacker News
18 hours ago

Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems

Anthropic's Project Glasswing uses Claude Mythos to identify and address cybersecurity vulnerabilities, surpassing human capabilities in some instances.
#fbi
fromSecuritymagazine
3 days ago
Privacy professionals

Breach of FBI Surveillance System Considered a "Major Incident," Security Experts Weigh In

FBI confirms major breach of surveillance system, exposing sensitive data and potentially revealing criminal probes and surveillance targets.
Privacy professionals
fromSecuritymagazine
3 days ago

Breach of FBI Surveillance System Considered a "Major Incident," Security Experts Weigh In

FBI confirms major breach of surveillance system, exposing sensitive data and potentially revealing criminal probes and surveillance targets.
more#fbi
#ai
Information security
fromwww.theguardian.com
11 hours ago

Anthropic says its latest AI model can expose weaknesses in software security

Claude Mythos exposes thousands of software vulnerabilities, prompting Anthropic to limit its release and collaborate with cybersecurity specialists.
Information security
fromTheregister
1 day ago

Anthropic Mythos model can find and exploit 0-days

AI model Mythos can generate zero-day vulnerabilities, surpassing human capabilities, but Anthropic chose not to release it to prevent widespread exploitation.
Information security
fromwww.theguardian.com
11 hours ago

Anthropic says its latest AI model can expose weaknesses in software security

Claude Mythos exposes thousands of software vulnerabilities, prompting Anthropic to limit its release and collaborate with cybersecurity specialists.
Information security
fromTheregister
1 day ago

Anthropic Mythos model can find and exploit 0-days

AI model Mythos can generate zero-day vulnerabilities, surpassing human capabilities, but Anthropic chose not to release it to prevent widespread exploitation.
more#ai
Web design
fromFast Company
3 weeks ago

Firefox's cute and fierce new mascot wants to protect you from the internet

Mozilla launches Kit, a fox mascot based on the Firefox logo, to compete in the AI-driven browser market while emphasizing privacy and user control as Firefox's market share declines.
#chrome
fromBGR
1 week ago
Privacy technologies

9 Reasons You Should Consider Ditching Google Chrome - BGR

Information security
fromTechRepublic
6 days ago

Patch Now: Chrome Flaw Under Active Attack, Google Confirms

Google has released a security update for Chrome due to multiple high-severity vulnerabilities, including an actively exploited use-after-free flaw.
Privacy technologies
fromBGR
1 week ago

9 Reasons You Should Consider Ditching Google Chrome - BGR

Chrome's dominance in the browser market raises privacy concerns due to its ties with Google's advertising business.
Information security
fromTechRepublic
6 days ago

Patch Now: Chrome Flaw Under Active Attack, Google Confirms

Google has released a security update for Chrome due to multiple high-severity vulnerabilities, including an actively exploited use-after-free flaw.
more#chrome
Web development
fromComputerworld
4 weeks ago

Anthropic's Claude found 22 vulnerabilities in Firefox in two weeks

Anthropic and Mozilla's AI-powered security testing identified 22 Firefox vulnerabilities, including 14 serious flaws, using Claude Opus 4.6 across nearly 6,000 C files.
#phishing
Information security
fromTheregister
1 day ago

Hundreds compromised daily in Microsoft device code phishes

A Microsoft device-code phishing campaign is compromising hundreds of organizations daily, utilizing AI and automation to steal financial data.
Privacy technologies
fromTechzine Global
1 month ago

Fake Google Security page hijacks browser as proxy for attackers

Attackers use fake Google security notifications to install malicious Progressive Web Apps that steal one-time passwords, crypto wallet addresses, location data, and intercept SMS codes through social engineering and legitimate browser APIs.
Information security
fromTheregister
1 day ago

Hundreds compromised daily in Microsoft device code phishes

A Microsoft device-code phishing campaign is compromising hundreds of organizations daily, utilizing AI and automation to steal financial data.
Privacy technologies
fromTechzine Global
1 month ago

Fake Google Security page hijacks browser as proxy for attackers

Attackers use fake Google security notifications to install malicious Progressive Web Apps that steal one-time passwords, crypto wallet addresses, location data, and intercept SMS codes through social engineering and legitimate browser APIs.
more#phishing
Privacy technologies
fromZDNET
2 weeks ago

Firefox is adding a free VPN for all users - but can you trust it?

Mozilla is launching a free VPN for Firefox users, available March 24, with limitations on data usage.
Software development
fromTechCrunch
1 month ago

Anthropic's Claude found 22 vulnerabilities in Firefox over two weeks | TechCrunch

Anthropic discovered 22 vulnerabilities in Firefox using Claude Opus 4.6, with 14 classified as high-severity, most fixed in Firefox 148.
Information security
fromThe Hacker News
1 day ago

The Hidden Cost of Recurring Credential Incidents

Credential incidents cause significant operational costs and disruptions, impacting IT teams and overall business productivity beyond just breach prevention.
Software development
fromTheregister
1 month ago

Firefox finds a slew of new bugs with Claude's help

Approximately 10-15 percent of Firefox browser crashes result from bit flips caused by faulty hardware rather than software errors, affecting hundreds of thousands of users monthly.
Information security
fromThe Hacker News
1 day ago

Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign

A campaign targets ComfyUI instances for cryptocurrency mining and botnet enlistment through remote code execution exploits.
Web frameworks
fromTheregister
1 month ago

Firefox 149 beta develops a split personality

Firefox 149 beta introduces split view functionality allowing two web pages to display side by side with a draggable separator, though users should back up their profile before testing.
Information security
fromTechCrunch
1 day ago

Russian government hackers broke into thousands of home routers to steal passwords | TechCrunch

Russian hackers hijacked thousands of routers globally to redirect internet traffic and steal passwords and access tokens.
Information security
fromThe Hacker News
1 day ago

Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign

APT28 has launched a campaign exploiting MikroTik and TP-Link routers for cyber espionage, compromising DNS settings to capture credentials since May 2025.
#firefox-148
more#firefox-148
Information security
fromSecurityWeek
1 day ago

GrafanaGhost: Attackers Can Abuse Grafana to Leak Enterprise Data

A vulnerability in Grafana's AI components allows attackers to leak enterprise information by bypassing security measures.
Information security
fromThe Hacker News
1 day ago

[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk

Identity programs are maturing, yet the risk from disconnected applications and AI agents is increasing for enterprises.
Information security
fromTechRepublic
2 days ago

Apple Rolls Out Fix: New macOS Update Could Protect 100M Mac Users

Apple's macOS update introduces a warning system to prevent users from executing potentially harmful commands in Terminal.
#fortinet
Information security
fromSecurityWeek
2 days ago

Fortinet Rushes Emergency Fixes for Exploited Zero-Day

Fortinet released emergency hotfixes for a critical vulnerability in FortiClient EMS that allows remote code execution without authentication.
Information security
fromThe Hacker News
3 days ago

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet released patches for a critical vulnerability in FortiClient EMS, allowing unauthenticated attackers to execute unauthorized commands.
Information security
fromSecurityWeek
2 days ago

Fortinet Rushes Emergency Fixes for Exploited Zero-Day

Fortinet released emergency hotfixes for a critical vulnerability in FortiClient EMS that allows remote code execution without authentication.
Information security
fromThe Hacker News
3 days ago

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet released patches for a critical vulnerability in FortiClient EMS, allowing unauthenticated attackers to execute unauthorized commands.
more#fortinet
#ai-security
Information security
fromSecurityWeek
2 days ago

Google DeepMind Researchers Map Web Attacks Against AI Agents

Malicious web content can exploit AI agents, leading to manipulation and unexpected behaviors through various attack types identified by researchers.
Information security
fromSecurityWeek
2 days ago

Google DeepMind Researchers Map Web Attacks Against AI Agents

Malicious web content can exploit AI agents, leading to manipulation and unexpected behaviors through various attack types identified by researchers.
more#ai-security
#axios
Information security
fromBleepingComputer
4 days ago

Axios npm hack used fake Teams error fix to hijack maintainer account

A social engineering attack linked to North Korean hackers compromised Axios maintainers, leading to a supply chain attack with malicious npm package versions.
fromSiliconANGLE
1 week ago
Information security

Hackers compromise popular Axios Javascript library with hidden malware - SiliconANGLE

Information security
fromBleepingComputer
4 days ago

Axios npm hack used fake Teams error fix to hijack maintainer account

A social engineering attack linked to North Korean hackers compromised Axios maintainers, leading to a supply chain attack with malicious npm package versions.
Information security
fromSiliconANGLE
1 week ago

Hackers compromise popular Axios Javascript library with hidden malware - SiliconANGLE

Axios HTTP client library was hacked to distribute malware via a compromised npm account, affecting multiple operating systems.
more#axios
Information security
fromThe Hacker News
5 days ago

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

Threat actors exploit HTTP cookies for PHP web shells on Linux servers, enabling remote code execution with stealthy control mechanisms.
#google-chrome
Information security
fromThe Hacker News
1 week ago

New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation - Patch Released

Google released security updates for Chrome to address 21 vulnerabilities, including a zero-day flaw exploited in the wild.
Information security
fromTechRepublic
1 week ago

Google Issues High-Risk Security Patch for 3.5 Billion Chrome Users

Google has released a security update for Chrome addressing eight high-risk vulnerabilities affecting its 3.5 billion users.
Information security
fromThe Hacker News
1 week ago

New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation - Patch Released

Google released security updates for Chrome to address 21 vulnerabilities, including a zero-day flaw exploited in the wild.
Information security
fromTechRepublic
1 week ago

Google Issues High-Risk Security Patch for 3.5 Billion Chrome Users

Google has released a security update for Chrome addressing eight high-risk vulnerabilities affecting its 3.5 billion users.
more#google-chrome
Information security
fromTheregister
1 week ago

Don't open that WhatsApp message, Microsoft warns

WhatsApp messages are being exploited to deliver malicious files that allow attackers to control victims' machines and access their data.
fromComputerworld
2 weeks ago

Chrome encryption bypass discovered: New malware steals passwords and cookies

The bypass requires neither privilege escalation nor code injection, making it a stealthier approach compared to alternative ABE bypass methods.
Information security
fromSecurityWeek
2 weeks ago

Chrome 146 Update Patches High-Severity Vulnerabilities

The first vulnerability, CVE-2026-4673, is a heap buffer overflow issue in WebAudio that earned the reporting researcher a $7,000 bug bounty reward. Google has yet to determine the bounty amount for CVE-2026-4677, another bug reported by the same researcher.
Information security
#ai-security-research
Information security
fromInfoQ
3 weeks ago

AI Model Discovers 22 Firefox Vulnerabilities in Two Weeks

Claude Opus 4.6 discovered 22 security vulnerabilities in Firefox within two weeks, with 14 classified as high-severity, demonstrating AI's capability to identify security flaws in established codebases faster than human researchers.
Information security
fromThe Hacker News
1 month ago

Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model

Anthropic's Claude AI discovered 22 Firefox vulnerabilities including 14 high-severity issues, demonstrating AI's capability in security research while showing limitations in exploit development.
Information security
fromInfoQ
3 weeks ago

AI Model Discovers 22 Firefox Vulnerabilities in Two Weeks

Claude Opus 4.6 discovered 22 security vulnerabilities in Firefox within two weeks, with 14 classified as high-severity, demonstrating AI's capability to identify security flaws in established codebases faster than human researchers.
Information security
fromThe Hacker News
1 month ago

Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model

Anthropic's Claude AI discovered 22 Firefox vulnerabilities including 14 high-severity issues, demonstrating AI's capability in security research while showing limitations in exploit development.
more#ai-security-research
#chrome-zero-day-vulnerabilities
Information security
fromThe Hacker News
3 weeks ago

Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach, Rogue AI Agents & More

Active Chrome zero-day exploits, Instagram E2EE discontinuation, and SocksEscort proxy service disruption highlight escalating security threats and privacy rollbacks across major platforms.
fromTechRepublic
3 weeks ago
Information security

Critical Chrome Security Flaws Threaten Billions of Users Worldwide

Google patched two actively exploited zero-day vulnerabilities in Chrome affecting billions of users worldwide, with flaws in graphics rendering and JavaScript execution components.
Information security
fromThe Hacker News
3 weeks ago

Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach, Rogue AI Agents & More

Active Chrome zero-day exploits, Instagram E2EE discontinuation, and SocksEscort proxy service disruption highlight escalating security threats and privacy rollbacks across major platforms.
Information security
fromTechRepublic
3 weeks ago

Critical Chrome Security Flaws Threaten Billions of Users Worldwide

Google patched two actively exploited zero-day vulnerabilities in Chrome affecting billions of users worldwide, with flaws in graphics rendering and JavaScript execution components.
more#chrome-zero-day-vulnerabilities
#browser-security
Information security
fromComputerworld
3 weeks ago

Google warns of two actively exploited Chrome zero days

Critical Chromium browser vulnerabilities with active exploitation require immediate updates across all Chromium-based browsers to prevent drive-by attacks.
fromZDNET
1 month ago
Information security

Half of all cyberattacks start in your browser: 10 essential tips for staying safe

Information security
fromComputerworld
3 weeks ago

Google warns of two actively exploited Chrome zero days

Critical Chromium browser vulnerabilities with active exploitation require immediate updates across all Chromium-based browsers to prevent drive-by attacks.
fromZDNET
1 month ago
Information security

Half of all cyberattacks start in your browser: 10 essential tips for staying safe

more#browser-security
fromTheregister
3 weeks ago

Google rushes Chrome update to fix zero-days under attack

CVE-2026-3909 is an out-of-bounds write flaw in Skia, the graphics library Chrome uses to render web content and parts of its user interface. Memory corruption bugs like this can sometimes be abused by attackers to crash applications or run their own code if successfully exploited.
Information security
fromComputerworld
1 month ago

Exploit available for new Chrome zero-day vulnerability, says Google

Gene Moody, field CTO at Action1, explained that, in this vulnerability, a browser frees an object, but later continues to use the stale reference memory location. Any attacker who can shape heap layout with controlled content can potentially replace the contents of that freed memory with data they control. Because this lives in the renderer, and is reachable through normal page content, he said, the trigger surface is almost absolute.
Information security
[ Load more ]