browser

Trust Wallet Links $8.5 Million Crypto Theft to Shai-Hulud NPM Attack

Trust Wallet links $8.5M crypto theft to November's Shai-Hulud NPM attack, where an exploit of their Chrome extension enabled unauthorized access to over 2,500 wallets. Attackers used stolen GitHub secrets to inject malicious code into the browser extension's update. Trust Wallet has since revoked API access and started compensating affected users while repelling ongoing impersonation scams. The Shai-Hulud malware campaign compromised numerous npm packages, exposing 400,000 developer secrets.

https://www.bleepingcomputer.com/news/security/trust-wallet-links-85-million-crypto-theft-to-shai-hulud-npm-attack/

Trust Wallet Confirms Extension Hack Led to $7 Million Crypto Theft

Trust Wallet's Chrome extension was hacked on December 24, leading to $7 million in stolen cryptocurrency. Users reported wallet drain incidents post-update. Trust Wallet confirmed the issue and released a security patch (version 2.69) to resolve it, advising users to update immediately. A phishing campaign targeting affected users also emerged, prompting Trust Wallet to warn about compromised domains. Users should refrain from using version 2.68 and secure their funds by moving them to new wallets.

https://www.bleepingcomputer.com/news/security/trust-wallet-confirms-extension-hack-led-to-7-million-crypto-theft/

OpenAI Says AI Browsers May Always Be Vulnerable to Prompt Injection Attacks

OpenAI acknowledges AI browsers, like its Atlas, are perpetually at risk of prompt injection attacks, which manipulate AI to execute hidden malicious instructions. Despite efforts to enhance security, including a reinforcement learning-based automated attacker to identify flaws, prompt injections may never be fully mitigated, raising concerns about the safety of AI operation on the web. Ongoing layered defenses and user caution are recommended, yet the high access risk of these browsers poses a significant challenge.

https://techcrunch.com/2025/12/22/openai-says-ai-browsers-may-always-be-vulnerable-to-prompt-injection-attacks/

Two Chrome Flaws Could Be Triggered by Simply Browsing the Web: Update Now

Google has issued an unscheduled Chrome update to fix two serious vulnerabilities, CVE-2025-14765 in WebGPU and CVE-2025-14766 in the V8 JavaScript engine, that can be triggered remotely when users load maliciously crafted web pages. Because Chrome has billions of users, these flaws are high-value targets for attackers, and users are strongly urged to update immediately to version 143.0.7499.146/.147 on Windows and macOS or 143.0.7499.146 on Linux. The piece provides simple update instructions (using Chrome’s About page or automatic updates) and briefly explains that one bug is a use-after-free in WebGPU, leading to potential heap corruption, while the other is an out-of-bounds read/write in V8 that can allow attackers to access or modify memory and potentially run code with elevated permissions. The core message is that users should not delay restarting and updating Chrome, since merely browsing the web could expose them to attacks until the patch is applied.

https://www.malwarebytes.com/blog/news/2025/12/two-chrome-flaws-could-be-triggered-by-simply-browsing-the-web-update-now

HTTPS Certificate Industry Phasing Out Less Secure Domain Validation Methods

Google is phasing out less secure domain validation methods for HTTPS certificates to enhance internet security. This involves retiring 11 outdated validation practices like email and phone-based verifications, which are vulnerable to attacks. The transition will be gradual, fully implemented by March 2028. The goal is to adopt stronger, automated validation methods that ensure certificates are issued only to legitimate domain owners, ultimately making the web safer for all users.

https://security.googleblog.com/2025/12/https-certificate-industry-phasing-out.html

Google Chrome Adds New Security Layer for Gemini AI Agentic Browsing

Google Chrome introduces ‘User Alignment Critic', a new security layer for Gemini AI agentic browsing, enhancing protection against unsafe actions and data exposure. This system uses an isolated LLM to vet agent actions, restricts access to trusted sites, prompts user confirmation for sensitive tasks, and detects prompt injection attempts, showcasing a robust defense compared to competitors.

https://www.bleepingcomputer.com/news/security/google-chrome-adds-new-security-layer-for-gemini-ai-agentic-browsing/

Google Fixes Two Android Zero Days Exploited in Attacks, 107 Flaws

Google's December 2025 Android security update fixes 107 vulnerabilities, including two exploited in attacks. Major issues address information disclosure and elevation of privileges. Critical flaws also include a denial-of-service vulnerability in the Android Framework and several severe vulnerabilities in the Kernel affecting Qualcomm devices. Users should update to newer Android versions or use third-party distributions for security.

https://www.bleepingcomputer.com/news/security/google-fixes-two-android-zero-days-exploited-in-attacks-107-flaws/

4.3 Million Browsers Infected: Inside ShadyPanda’s 7-Year Malware Campaign

4.3M Browsers Infected by ShadyPanda Malware: A seven-year campaign leveraged malicious browser extensions infecting 4.3 million Chrome and Edge users. ShadyPanda employed a phased strategy, transitioning from affiliate fraud to spyware. Initially, they disguised malicious extensions as legitimate tools, then progressively escalated operations to include remote code execution and comprehensive data surveillance. The extensions, some Google-verified, captured and exfiltrated extensive user data, exploiting marketplace oversight flaws. Despite termination of some extensions, others remain active with significant surveillance capabilities, highlighting systemic security vulnerabilities in extension marketplaces.

https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign

Matrix Push C2 Abuses Browser Notifications to Deliver Phishing and Malware

Cybercriminals exploit browser push notifications via the Matrix Push C2 platform to deliver malware and phishing attacks. Users are deceived into granting permission through misleading prompts, allowing attackers to send fake alerts and gather personal data. The platform enables detailed monitoring of victims and custom URL management for malicious campaigns, often resulting in data theft or financial loss. Users are advised to manage notification permissions across their browsers to mitigate these risks.

https://www.malwarebytes.com/blog/news/2025/11/matrix-push-c2-abuses-browser-notifications-to-deliver-phishing-and-malware

Kevin Boone: The Privacy Nightmare of Browser Fingerprinting

Summary: Browser fingerprinting compromises online privacy by creating unique identifiers from browser information, making tracking harder to evade than traditional cookies. While steps like using VPNs and popular browsers can mitigate risks, effective resistance is challenging and often inconvenient. Legal clarity on fingerprinting is lacking, and stronger legislation is needed to address its privacy threats. Overall, fingerprinting remains a significant concern, contributing to intrusive advertising practices.

https://kevinboone.me/fingerprinting.html

‘MatrixPush’ C2 Tool Hijacks Browser Notifications

A recent cyber threat, “Matrix Push,” uses browser notifications for phishing attacks, exploiting legitimate API requests. Infections happen through social engineering, allowing attackers to send deceptive alerts disguised as genuine notifications. To combat these threats, stronger browser protections, user vigilance, and security tools are essential.

https://www.darkreading.com/threat-intelligence/matrix-push-c2-tool-hijacks-browser-notifications-phishing

Increase in Lumma Stealer Activity Coincides With Use of Adaptive Browser Fingerprinting Tactics

Lumma Stealer, also known as Water Kurita, has resurfaced with new tactics after an initial drop in activity following the public disclosure of its core members' identities. Since late October 2025, it has employed browser fingerprinting in conjunction with its traditional command-and-control approaches to evade detection, gather extensive data on the victim's environment, and maintain operational continuity. The malware injects itself into trusted browser processes, collects detailed system and browser information via JavaScript, and sends this data back to its command-and-control (C&C) servers stealthily. Despite some operational setbacks and reduced public presence, Lumma Stealer remains active, with operators likely keeping a low profile to avoid further scrutiny. Organizations are advised to enhance email vigilance, restrict software installations, monitor for suspicious CAPTCHA behaviors, and utilize MFA, while Trend Vision One tools detect and aid in identifying relevant compromise indicators.

https://www.trendmicro.com/en_us/research/25/k/lumma-stealer-browser-fingerprinting.html

Scroll to Top