Cybersecurity

This article from Brave's security team highlights a significant security risk in agentic browsers, where they can be tricked into doing things such as stealing credentials. They demonstrate a proof of concept in the article.

Agentic browsers have a built-in AI assistant that can browse the web and perform tasks on your behalf. While they speak about Perplexity's Comet browser, know that Edge with Co-pilot has these same vulnerabilities. There are many in development.

The article details a vulnerability called indirect prompt injection. This attack allows a bad actor to hide malicious instructions on a webpage that the AI will follow as if they were legitimate commands.

Traditional browsers like Firefox that are designed for human use only and lack these autonomous AI capabilities are not vulnerable to this specific attack.

https://brave.com/blog/comet-prompt-injection/

Never ever ever never ever use a free #VPN (except Proton VPN, but it will be slower if you don't pay) or a VPN from some unknown company. Pay some money!!, or you WILL get scammed and robbed.

"FreeVPN.One, a Chrome extension with over 100,000 installs and a verified badge on the Chrome Web Store, is exposed by researchers for taking screenshots of users’ screens and exfiltrating them to remote servers.

... it has been capturing full-page screenshots ... logging sensitive visual data like personal messages, financial dashboards, and private photos, and uploading it to aitd[.]one, a domain registered by the extension’s developer."

https://cyberinsider.com/chrome-vpn-extension-with-100k-installs-screenshots-all-sites-users-visit/

#CyberSecurity

"A 22-year-old man from the U.S. state of Oregon has been charged with allegedly developing and overseeing a distributed denial-of-service (DDoS)-for-hire botnet called RapperBot.

Ethan Foltz of Eugene, Oregon, has been identified as the administrator of the service, the U.S. Department of Justice (DoJ) said. The botnet has been used to carry out large-scale DDoS-for-hire attacks targeting victims in over 80 countries since at least 2021.

Foltz has been charged with one count of aiding and abetting computer intrusions. If convicted, he faces a maximum penalty of 10 years in prison. In addition, law enforcement authorities conducted a search of Foltz's residence on August 6, 2025, seizing administrative control of the botnet infrastructure."

https://thehackernews.com/2025/08/doj-charges-22-year-old-for-running.html

#CyberSecurity #CyberCrime #Botnet #DDoS

Britain abandoned its demand that Apple provide so-called backdoor access to any encrypted user data stored in the cloud, U.S. Director of National Intelligence Tulsi Gabbard said.

@AssociatedPress reports: https://flip.it/ZlPUI8

#Apple #UK #Cybersecurity #Encryption #Technology

Of the things you thought of upon waking up this morning, we’re betting “solar stalking” wasn’t on the list. And yet, here we are. A solar stalker is someone who could hack the energy system of a home with rooftop solar panels. Unlikely? Perhaps, but the U.S. cybersecurity agency CISA recently published an advisory about security vulnerabilities with a particular solar energy company’s solar inverters. @Techcrunch has more:

https://flip.it/Focc6L

#Tech #Technology #SolarEnergy #CyberSecurity #Energy

#Cisco warns of max severity flaw in #FirewallManagementCenter

https://www.bleepingcomputer.com/news/security/cisco-warns-of-max-severity-flaw-in-firewall-management-center/

#cybersecurity #firewall

#Microsoft reminds of #Windows10 support ending in two months

https://www.bleepingcomputer.com/news/microsoft/microsoft-reminds-users-of-windows-10-retirement-in-october/

#cybersecurity #Windows #EndOf10

#Plex users urged to update Media Server after security flaw exposed

https://nerds.xyz/2025/08/plex-update-security-flaw/

#cybersecurity

Project #Hydra: Improving state resolution in #Matrix

https://matrix.org/blog/2025/08/project-hydra-improving-state-res/

#FOSS #cybersecurity #privacy

#Crypto24 #ransomware hits large orgs with custom EDR evasion tool

https://www.bleepingcomputer.com/news/security/crypto24-ransomware-hits-large-orgs-with-custom-edr-evasion-tool/

#cybercrime #cybersecurity

Pro-Russian hackers blamed for water dam sabotage in #Norway

https://www.bleepingcomputer.com/news/security/pro-russian-hackers-blamed-for-water-dam-sabotage-in-norway/

#Russia #cybersecurity #infrastructure

Why security experts recommend standalone password managers over browser-based options

https://bitwarden.com/blog/beyond-your-browser/

#passwords #PasswordManager #cybersecurity

#Booking(dot)com #phishing campaign uses sneaky 'ん' character to trick you

https://www.bleepingcomputer.com/news/security/bookingcom-phishing-campaign-uses-sneaky-character-to-trick-you/

#cybersecurity

#LLM Coding Integrity Breach

https://www.schneier.com/blog/archives/2025/08/llm-coding-integrity-breach.html

#cybersecurity #IntegrityFailure

#CISA warns of #Nable #Ncentral flaws exploited in zero-day attacks

https://www.bleepingcomputer.com/news/security/cisa-warns-of-n-able-n-central-flaws-exploited-in-zero-day-attacks/

#cybersecurity

#Fortinet warns of #FortiSIEM pre-auth RCE flaw with exploit in the wild

https://www.bleepingcomputer.com/news/security/fortinet-warns-of-fortisiem-pre-auth-rce-flaw-with-exploit-in-the-wild/

#cybersecurity

New downgrade attack can bypass #FIDO auth in #Microsoft #EntraID

https://www.bleepingcomputer.com/news/security/new-downgrade-attack-can-bypass-fido-auth-in-microsoft-entra-id/

#cybersecurity

#AI Applications in #Cybersecurity

https://www.schneier.com/blog/archives/2025/08/ai-applications-in-cybersecurity.html

Spike in #Fortinet #VPN brute-force attacks raises zero-day concerns

https://www.bleepingcomputer.com/news/security/spike-in-fortinet-vpn-brute-force-attacks-raises-zero-day-concerns/

#cybersecurity

#Pennsylvania #AttorneyGeneral's #email, site down after #cyberattack

https://www.bleepingcomputer.com/news/security/pennsylvania-attorney-generals-email-site-down-after-cyberattack/

#cybersecurity

"Government officials outside the US now openly talk of decoupling from America on topics like AI, platform governance, and tech-enabled industry policy. Those conversations — framed around “technological sovereignty” — have sprung up in even the most ardent of US allies where local policymakers are wary of attaching their countries’ long-term interests to the world’s largest economy whose policy agenda can appear to shift, arbitrarily, from one day to the next.

Such potential “digital conscious uncoupling” could not come at the worst time.

Authoritarian governments, led by China and Russia, are pursuing aggressive tactics — embodied in the United Nations’ Convention Against Cybercrime — to embed mass surveillance, widespread suppression and government control over how technology develops.

Confronted with this widespread threat to the digital world, Western democracies must speak with one voice, and not become divided among themselves. Unfortunately, that is now unlikely as Washington pushes MAGA policymaking and the US’ long-standing allies demur on signing up to a digital agenda that, for many, no longer meets their geopolitical needs."

https://www.techpolicy.press/washingtons-quest-for-ai-dominance-leaves-allies-between-rock-and-a-hard-place/

#USA #Trump #AI #BigTech #GeoPolitics #Surveillance #CyberSecurity

#Microsoft asks users to ignore certificate enrollment errors

https://www.bleepingcomputer.com/news/microsoft/microsoft-asks-users-to-ignore-certificate-enrollment-errors/

#cybersecurity #Windows

#SIGINT During #WorldWarII

https://www.schneier.com/blog/archives/2025/08/sigint-during-world-war-ii.html

#ww2 #OPSEC #cybersecurity

Sloppy #AI defenses take #cybersecurity back to the 1990s, researchers say

https://www.scworld.com/news/sloppy-ai-defenses-take-cybersecurity-back-to-the-1990s-researchers-say

Hackers leak #AllianzLife data stolen in #Salesforce attacks

https://www.bleepingcomputer.com/news/security/hackers-leak-allianz-life-data-stolen-in-salesforce-attacks/

#cybersecurity #privacy #DataBreach #Allianz #insurance