The Register on MSN

Stealthy browser extensions waited years before infecting 4.3M Chrome, Edge users with backdoors and spyware

And some are still active in the Microsoft Edge store A seven-year malicious browser extension campaign infected 4.3 million ...
The Hacker News

ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into Spyware

ShadyPanda abused browser extensions for seven years, turning 4.3M installs into a multi-phase surveillance and hijacking ...
CSO Online

AI browsers can be tricked with malicious prompts hidden in URL fragments

Researchers discovered that adding instructions for AI-powered browser assistants after the hash (#) symbol inside URLs can ...

Use AI browsers? Be careful. This exploit turns trusted sites into weapons - here's how

Researchers are warning AI browser users about a new exploit called HashJack that can infect devices and steal data.
CNET

Windows 8 review: Aggressively innovative Windows 8 forces a steep learning curve

Microsoft makes a bold statement for the future of PCs with Windows 8, but that learning curve won't be an easy climb for many.
The Hacker News

⚡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More

Big firms like Microsoft, Salesforce, and Google had to react fast — stopping DDoS attacks, blocking bad links, and fixing ...

Sneaky2FA PhaaS kit now uses redteamers' Browser-in-the-Browser attack

Sneaky2FA, a popular among cybercriminals phishing-as-a-service (PhaaS) kit, has added Browser-in-the-Browser (BitB) capabilities, giving "customers" the option to launch highly deceptive attacks.

More work for admins as Google patches latest zero-day Chrome vulnerability

Chrome has suffered two other confirmed zero days in the V8 engine in 2025, from a tally of seven across Chrome as a whole. The V8 flaws were CVE-2025-5419 in June and CVE-2025-10585 in September.