Microsoft is shaking things up—password autofill is leaving Authenticator for good! Get ready to transition to Edge by August 2025 or risk losing saved credentials. Are you set for this new security era?
#microsoftedge
#passwordmanagement
#cybersecurity
#microsoftauthenticator
#browsersecurity
A Chrome extension exploited localhost access to talk to a local MCP server, bypassing the browser sandbox and interacting with sensitive tools like the filesystem — all without special permissions.
Researcher discloses UAF in Ladybird's JS engine allowing arbitrary R/W and ROP chain execution via constructor proxy abuse. Exploit leads to full renderer control.
In other news, I'm speaking at #Authcon, a new CIAM-focused event happening inside APIDays NYC from May 14 to 15.
I'll be talking about how browsers have become gatekeepers for login and what that means for authentication, identity, and even payments.
It’s not all FUD, either! There are real opportunities here, if you’re paying attention.
Reg link + special code in the thread. It doesn’t unlock a discount, but it does prove I'm a helpful human.
70% of malware hits via the browser, yet it's largely unmonitored. Phishing, AI leaks, risky extensions & Shadow IT are rampant. Old security tools can't keep up. Time to secure the browser itself.
Avoid autofill on sensitive forms.
Autofill can be hijacked by hidden form fields.
#FormHacking #AutofillExploits #BrowserSecurity
Perplexity's new browser wants to follow your every click to serve 'hyper-personalized' ads. Sound creepy? That's because it absolutely is.
https://hecknews.com/perplexity-comet-browser-tracking-personalized-ads/
Hey folks,
Just stumbled upon some interesting stuff regarding browser security. It's pretty wild how many attacks are actually funneled through browsers nowadays. 🤯 The real kicker? A lot of companies seem to have a massive blind spot when it comes to this.
Sure, having a firewall and antivirus is crucial, that's standard stuff. But what about the jungle of browser extensions everyone's using? Seriously, who's keeping tabs on those? And then there's phishing – that tricky Google Docs phishing scheme is definitely the new headache on the block! 🎣
Many seem to believe DLP solves everything. Truth is, attackers have gotten much savvier; they're finding clever ways to bypass those controls. Speaking as a pentester, unfortunately, I see this scenario play out constantly. 🙄
So, here's the deal: You've *got* to pay closer attention to browser activity! Make it a point to check those extensions, really drill your employees on spotting phishing attempts, and maybe take another hard look at your DLP strategy. Oh, and let me repeat this loud and clear: Automated scans absolutely DO NOT equal a real penetration test! ☝️
What are your thoughts on this? Running into similar issues or have different experiences? Let me know! 🤔
Report: 57 Unlisted Chrome Extensions Exposed 6 Million Users to Cookie Theft, Tracking Risks
#Google #Chrome #ChromeExtensions #Cybersecurity #Malware #BrowserSecurity #Privacy #CookieTheft #SecureAnnex #Infosec #ManifestV3 #Spyware #DataBreach
🚨 Over 6 million Chrome users may have unknowingly installed extensions with hidden tracking code — some with spyware-like behavior.
Researcher John Tuckner from Secure Annex discovered 57 extensions, some of them public, others hidden and only accessible via direct URL. These extensions pose serious security and privacy risks.
Here’s what these extensions can do:
- Access cookies, including sensitive headers like 'Authorization'
- Monitor browsing behavior and collect top-visited sites
- Modify search engines and results
- Inject remote scripts into webpages via iframes
- Execute commands remotely, including opening/closing tabs
- Activate tracking features on demand
Some extensions claim to be security or privacy tools — including names like “Fire Shield Extension Protection,” “Securify,” and “Browser Checkup” — but contain heavily obfuscated code and suspicious external callbacks to domains like "unknow (dot) com".
📛 These extensions are:
- Not searchable on the Chrome Web Store
- Actively pushed via ads and shady websites
- Operating under broad permissions without clear purpose
- Still live in some cases, despite partial takedowns
Here are some of the most-downloaded suspicious extensions:
- Cuponomia – Coupon and Cashback (700,000 users)
- Fire Shield Extension Protection (300,000 users)
- Browser WatchDog for Chrome (200,000 users)
- Securify for Chrome™ (200,000 users)
- Total Safety for Chrome™ (300,000 users)
If you use Chrome:
- Review your installed extensions
- Remove any of the above immediately
- Reset passwords for accounts you’ve accessed recently
- Avoid installing browser tools from unverified sources
🔐 At @Efani we believe privacy tools shouldn’t come with surveillance built in. Always check extension permissions — and if it asks for too much, it’s probably taking more than it gives.
#CyberSecurity #BrowserSecurity #ChromeExtensions #Spyware #EfaniSecure #Privacy
Think your Chrome extensions are harmless? They might be quietly spying on your every click and keystroke. Discover what hidden tracking codes are really up to and learn how to protect your privacy now!
#chromeextensions
#cybersecurity
#privacyprotection
#datasecurity
#browsersecurity
🚨 Think your browser extensions are harmless? Think again.
A new report just exposed a massive blind spot in enterprise security: browser extensions.
We all use them—spell checkers, grammar tools, even GenAI assistants. But according to the Enterprise Browser Extension Security Report 2025 by LayerX, the very tools we rely on every day are exposing sensitive enterprise data.
Here’s what the report found:
- 99% of employees use browser extensions
- 53% of those extensions can access sensitive data like cookies, passwords, and page contents
- 54% of extension publishers are unknown, often identified only by a Gmail address
- Over 20% use GenAI extensions, and 58% of these have high-risk permissions
- 51% of extensions haven’t been updated in a year, making them ripe for exploitation
The risk? A single compromised extension could give attackers a backdoor into your organization.
LayerX recommends five key actions for IT and security leaders:
- Audit every extension in use
- Categorize by usage and risk
- List out permissions granted
- Assess publisher reputation and sideloading risks
- Apply adaptive, risk-based enforcement policies
At @Efani, we advocate for secure-by-default environments—because your data protection shouldn’t rely on chance or outdated extensions.
If you’re not actively managing browser extension risks in your org, now’s the time.
#Cybersecurity #EnterpriseSecurity #BrowserSecurity #EfaniSecure
Browser extensions... seriously? 🤯 Think of 'em like little backdoors straight into your systems.
Sure, things like spellcheckers and handy AI tools seem convenient, right? But the permissions they often demand? Honestly, it's often insane. 😵💫
Look, as a pentester, I strike gold with these *all the time*! 💰 We're talking cookies, passwords, browsing habits – sometimes it's all just wide open. And *then* people are shocked when they get hacked. 🤷♂️
Yeah, security awareness training definitely matters. But here’s what’s even more critical: you absolutely *need* to know which extensions your team is actually using! Go on, check those permissions thoroughly! Otherwise, you're just asking for trouble down the line. 💥
So, spill the beans: Which browser extension has given *you* a major headache before? Let's hear it!
Real browser hijacker attacks redirected users, stole data, and caused chaos. Learn from these events to protect your own digital space.
#hijackerattacks #browsersecurity
TIP DEL DIA
Utilice un navegador centrado en la privacidad con anti seguimiento, los navegadores tradicionales te espían, roban tus datos y se enriquecen con ellos.
#BrowserSecurity #AntiTracking #PrivacyTools #Privacy #Security #Privacidad #Seguridad
🚨 4 Million+ Chrome Users at Risk: Sketchy Extensions Exposed 🧩🛑
A security researcher has uncovered dozens of shady Chrome extensions with over 4 million installs, many of which were designed to harvest user data and evade Chrome’s security review.
🔎 Key Takeaways:
・Some extensions used encrypted payloads to mask malicious behavior
・Others changed their functionality post-install to avoid early detection
・Users were tricked through fake review tactics and misleading features
・Most victims didn’t even know their data was being siphoned
🧹 What to do now:
・Audit your extensions
・Remove any you don’t 100% trust
・Use browser extensions from reputable developers only
Full article:
🔗 https://arstechnica.com/security/2025/04/researcher-uncovers-dozens-of-sketchy-chrome-extensions-with-4-million-installs/
#Cybersecurity #ChromeExtensions #Infosec #BrowserSecurity #Privacy #DataProtection
Use a privacy-focused browser with anti-tracking.
Standard browsers log and leak far too much data.
#BrowserSecurity #AntiTracking #PrivacyTools
DeadSwitch Protocol: 06 - Browser is the Weakest Link: Cloak It or Be Seen #CyberSecurity #BrowserSecurity #Privacy #Anonymity #Tor #VPN #NoTracking #Infosec #ZeroTrust #Hardening #GhostOps #DeadSwitch #TomITCafe #DigitalAnonymity #OSINT #DarkWeb #FingerprintEvasion
New browser-based ransomware threatens millions; bypasses antivirus. #Cybersecurity #Ransomware #BrowserSecurity
More details: https://hackread.com/squarex-discloses-browser-native-ransomware-that-puts-millions-at-risk/ - https://www.flagthis.com/news/12131
Oh, look! A browser with a "zen" approach to security: just leave the backdoor WIDE open by default! 🙄🔓 GitHub's latest, where fixing #blunders is a feature, not a bug. 🚀🔧
https://github.com/zen-browser/desktop/pull/927 #browsersecurity #openbackdoor #GitHub #featurenotbug #techhumor #HackerNews #ngated
