theregister

Google rushes Chrome update fixing two zero-days already under attack

Google has pushed out an emergency Chrome update to fix two previously unknown vulnerabilities that attackers were already exploiting before the patches landed. The bugs, tracked as CVE-2026-3909 and ...
Dark Reading

Speakeasies to Shadow AI: Banning AI Browsers Will Fail

Gartner recently recommended that enterprises ban AI browsers. It's an understandable impulse for cybersecurity practitioners. These tools have built-in AI sidebars that can leak sensitive data, ...
TWCN Tech News

Edge keeps changing default search engine to Bing

Microsoft Edge often switches back to Bing for several reasons. First, the browser is designed to promote Microsoft services like Bing, which can be enforced through system policies or automatic Edge ...
Bleeping Computer

GhostPoster attacks hide malicious JavaScript in Firefox addon logos

A new campaign dubbed 'GhostPoster' is hiding JavaScript code in the image logo of malicious Firefox extensions with more than 50,000 downloads, to monitor browser activity and plant a backdoor. The ...
SecurityWeek

Chrome, Edge Extensions Caught Tracking Users, Creating Backdoors

The extensions were seen profiling users, reading cookie data to create unique identifiers, and executing payloads with browser API access. A threat actor has published over a hundred malicious ...
The Hacker News

ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into Spyware

A threat actor known as ShadyPanda has been linked to a seven-year-long browser extension campaign that has amassed over 4.3 million installations over time. Five of these extensions started off as ...
Dexerto

TwitchCon PC allegedly had malware installed that forced streamer to change all her passwords

Twitch streamer Lululuvely revealed that the PC she used to stream from TwitchCon had a ‘hijacker’ program installed before she used it, potentially compromising her accounts. TwitchCon is Twitch’s ...
GitHub

browser_evaluate fails with "invalid JSON" error on large responses (potential Unicode serialization issue)

The browser_evaluate tool returns a 400 error when the evaluated JavaScript returns strings containing lone Unicode surrogates. The error manifests as: API Error: 400 ...
IEEE

Hephaistos: A Data Flow Analysis Framework for Identifying Browser Fingerprinting Functions in JavaScript

Abstract: With the increasing sophistication of web technologies in recent years, browser fingerprinting techniques have emerged as a widely used mechanism for uniquely identifying users based on ...
GitHub

ERROR: 'Invalid JSON format inside chat api '

INFO [src.webui.components.browser_use_agent_tab] Submit button clicked for new task. INFO [src.webui.components.browser_use_agent_tab] Initializing LLM: Provider=openai, Model=gpt-4o, Temp=0.6 INFO ...
The Hacker News

Researchers Expose PWA JavaScript Attack That Redirects Users to Adult Scam Apps

Cybersecurity researchers have discovered a new campaign that employs malicious JavaScript injections to redirect site visitors on mobile devices to a Chinese adult-content Progressive Web App (PWA) ...