Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
GitHub

TabSearch Browser Hijacker and Adware Program

TabSearch does not serve an explicit legitimate purpose for end users. Instead, its design and behavior align with monetization through advertising and forced redirects. The program changes browser ...
Finextra

Software Bundling and Free Tools: Hidden Hijacker Risks in Financial Workstations

Financial institutions handle huge amounts of confidential data. They require strong security controls year-round. Installing free software may introduce bundled ...
Bleeping Computer

GhostPoster attacks hide malicious JavaScript in Firefox addon logos

A new campaign dubbed 'GhostPoster' is hiding JavaScript code in the image logo of malicious Firefox extensions with more than 50,000 downloads, to monitor browser activity and plant a backdoor. The ...
Dark Reading

'ShadyPanda' Hackers Weaponize Millions of Browsers

A sophisticated malware operation has infected 4.3 million Chrome and Edge browser users via malicious browser extensions that masqueraded as legitimate tools for years before being weaponized. The ...
The Hacker News

ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into Spyware

A threat actor known as ShadyPanda has been linked to a seven-year-long browser extension campaign that has amassed over 4.3 million installations over time. Five of these extensions started off as ...
Computerworld

Enterprises should not install OpenAI’s new Atlas browser, analysts warn

The genAI browser from the company that created ChatGPT brings with it security concerns that could hinder widespread corporate adoption. Companies that might be eyeing OpenAI’s new ChatGPT Atlas ...
IEEE

Hephaistos: A Data Flow Analysis Framework for Identifying Browser Fingerprinting Functions in JavaScript

Abstract: With the increasing sophistication of web technologies in recent years, browser fingerprinting techniques have emerged as a widely used mechanism for uniquely identifying users based on ...
CyberGuy

How to tell if your browser has been hijacked

Imagine starting your day only to find your browser’s homepage replaced by a strange website, and your searches rerouted to unfamiliar territories. This digital disarray isn’t a fluke – it’s a sign of ...
Tom's Guide

Google just fixed a major Chrome zero-day flaw — update your browser right now

For the fastest way to join Tom's Guide Club enter your email below. We'll send you a confirmation and sign you up to our newsletter to keep you updated on all the latest news. By submitting your ...
The Hacker News

Fake Madgicx Plus and SocialMetrics Extensions Are Hijacking Meta Business Accounts

Cybersecurity researchers have disclosed two new campaigns that are serving fake browser extensions using malicious ads and fake websites to steal sensitive data. "The malicious ads are bundled with a ...