Cookie
NPM package caught using QR Code to fetch cookie-stealing malware
Newly discovered npm package ‘fezbox’ employs QR codes to retrieve cookie-stealing malware from the threat actor’s server. The package, masquerading as a utility library, leverages this innovative steganographic technique to harvest sensitive data, such as user credentials, from a compromised machine. QR codes find yet another use case While 2D barcodes like QR codes have conventionally been designed […]
Brave’s Cookiecrumbler tool taps community to help block cookie notices
Brave has open-sourceed a new tool called “Cookiecrumbler,” which uses large language models (LLMs) to detect cookie consent notices and then community-driven reviews to block those that won’t break site functionality. The Brave browser has been blocking cookie consent banners by default on all websites since 2022 but found that blocking consent banners may cause website problems that […]
Cookie-Bite attack PoC uses Chrome extension to steal session tokens
A proof-of-concept attack called “Cookie-Bite” uses a browser extension to steal browser session cookies from Azure Entra ID to bypass multi-factor authentication (MFA) protections and maintain access to cloud services like Microsoft 365, Outlook, and Teams. The attack was devised by Varonis security researchers, who shared a proof-of-concept (PoC) method involving a malicious and a legitimate Chrome […]