Browser
Vivaldi integrates Proton VPN into the browser to fight web tracking
Vivaldi has announced the integration of Proton VPN directly into its browser without requiring add-on downloads or plugin activations, allowing users to protect their data against ‘Big Tech’ surveillance for free. When enabled, browsing activity will be transmitted through Proton VPN’s encrypted tunnels while also obfuscating the user’s IP address, safeguarding their privacy and protecting them […]
Mozilla warns users to update Firefox before certificate expires
Mozilla is warning Firefox users to update their browsers to the latest version to avoid facing disruption and security risks caused by the upcoming expiration of one of the company’s root certificates. The Mozilla certificate is set to expire this Friday, March 14, 2025, and was used to sign content, including add-ons for various Mozilla […]
Microsoft tests Edge Scareware Blocker to block tech support scams
Microsoft has started testing a new “scareware blocker” feature for the Edge web browser on Windows PCs, which uses machine learning (ML) to detect tech support scams. Scareware scams (also known as tech support scams) have been a pervasive threat for years. The scammers use aggressive landing pages to persuade potential victims that their devices have […]
Microsoft previews Game Assist in-game browser in Edge Stable
Microsoft has announced that Game Assist, its recently unveiled in-game browser, is now also available in preview for Microsoft Edge Stable users. Game Assist is a special version of Edge optimized for PC gaming that will appear on top of your game in Game Bar as a “game-aware” overlay when hitting the Win+G keyboard shortcut. […]
QR codes bypass browser isolation for malicious C2 communication
Mandiant has identified a novel method to bypass browser isolation technology and achieve command-and-control operations through QR codes. Browser isolation is an increasingly popular security technology that routes all local web browser requests through remote web browsers hosted in a cloud environment or virtual machines. Any scripts or content on the visited web page is executed […]
Google says “Enhanced protection” feature in Chrome now uses AI
Google has quietly updated the description of one of Chrome’s security features, “Enchaned protection,” to confirm that it will be powered by AI in a future release. It’s unclear what has changed, but as spotted by Leo on X, Google is updating its Enhanced protection mode in Chrome’s Safe Browsing feature to include AI-powered protection. This feature now uses AI […]
Fake browser updates spread updated WarmCookie malware
A new ‘FakeUpdate’ campaign targeting users in France leverages compromised websites to show fake browser and application updates that spread a new version of the WarmCookie backdoor. FakeUpdate is a cyberattack strategy used by a threat group known as ‘SocGolish’ who compromises or creates fake websites to show visitors fake update prompts for a variety of applications, such […]
Chrome switching to NIST-approved ML-KEM quantum encryption
Google is updating the post-quantum cryptography used in the Chrome browser to protect against TLS attacks using quantum computers and to mitigate store-now-decrypt-later attacks. The upcoming change will swap Kyber used in hybrid key exchanges to a newer, and slightly modified version, renamed as Module Lattice Key Encapsulation Mechanism (ML-KEM). This change comes roughly five months […]
Qilin ransomware now steals credentials from Chrome browsers
The Qilin ransomware group has been using a new tactic and deploys a custom stealer to steal account credentials stored in Google Chrome browser. The credential-harvesting techniques has been observed by the Sophos X-Ops team during incident response engagements and marks an alarming change on the ransomware scene. Attack overview The attack that Sophos researchers analyzed […]
18-year-old security flaw in Firefox and Chrome exploited in attacks
A vulnerability disclosed 18 years ago, dubbed “0.0.0.0 Day”, allows malicious websites to bypass security in Google Chrome, Mozilla Firefox, and Apple Safari and interact with services on a local network. However, it should be noted that this only affects Linux and macOS devices, and does not work on Windows. For impacted devices, threat actors […]