Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

A research team has recently discovered a complex attack technique that allows malicious extensions to impersonate any installed extension in a victim's browser. This new form of polymorphic attack can mimic any extension, thereby increasing the risks for users. Additionally, Microsoft has revealed a global campaign of malicious advertising attacks. These attacks exploit browser vulnerabilities to distribute malware and compromise user security.

DuckDuckGo's browser now guards against investment scams and fake tech support alongside existing phishing defenses.

Seraphic Security, a leader in enterprise browser security, has announced a $29 million Series A funding round led by GreatPoint Ventures

Google Deploys AI to Catch Scammy Websites in Real Time on Chrome If you've ever clicked a link and suddenly

Google releases an update for Chrome’s CVE-2025-6554, a critical zero-day flaw, to prevent exploitation

DuckDuckGo's browser now guards against investment scams and fake tech support alongside existing phishing defenses.

V8 Sandbox + Leaptiering Author: olivf@, saelo@ Last Updated: July 2024 Status: in development Visibility: public Relevant bugs: 40931165, 42204201 A new design for JavaScript function invocation and...

Patterns of concerning behavior led Google to remove trust in certificates from Chunghwa Telecom and Netlock from Chrome.

Il fut un temps où le navigateur web n’était qu’une simple porte d’entrée vers Internet. Aujourd’hui, c’est devenu le bureau universel de l’entreprise moderne. Avec la généralisation du SaaS, du cloud et désormais de l’intelligence artificielle intégrée directement dans les interfaces (ce qui sera au passage un des sujet du prochain Briefing Calipia) Microsoft rappelle qu’il est urgent de repenser la sécurité d’un outil devenu omniprésent dans la vie numérique des organisations.

Recent security updates for Chrome and Firefox address multiple high-severity vulnerabilities related to memory safety. Google's Chrome update to version 120.0.6099.129/.130 for Windows and Mac/Linux, respectively, fixes 11 vulnerabilities, with the most severe being a use-after-free issue in WebRTC. Mozilla's Firefox update to version 121 addresses 13 vulnerabilities, including several high-severity use-after-free and heap buffer overflow issues. These types of vulnerabilities are particularly dangerous as they can lead to arbitrary code execution, allowing attackers to potentially take control of affected systems. The prompt application of these updates is crucial to mitigate risks associated with these vulnerabilities. The widespread use of Chrome and Firefox makes these updates particularly significant, as exploitation of these vulnerabilities could lead to large-scale attacks. Cybersecurity professionals should ensure that these updates are applied across their organizations to protect against potential exploits. Regular updates and patch management are essential practices in maintaining robust cybersecurity defenses.

YouTube video by Cyber Insurance News

Passwords are dying and passkeys are taking over. In this post we tear apart WebAuthn and build our own software FIDO2 authenticator from scratch.

Google patches a critical Chrome zero-day vulnerability (CVE-2025-5419) actively exploited in the wild update now to stay protected.

LayerX has launched ExtensionPedia, a security platform for browser extensions. This initiative aims to help businesses manage and secure the extensions used by their employees. ExtensionPedia offers centralized management, monitoring, and control features for extensions, thereby reducing the security risks associated with their use. The platform is designed to work with major browsers, including Google Chrome and Mozilla Firefox. LayerX announced this new offering to address the growing security needs in modern work environments.