cbswatchmagazine

Experience GTA: Vice City in Your Web Browser Courtesy of DOS Zone

Experience nostalgia in a whole new way by diving back into the vibrant world of Vice City right from your browser. With a few clicks, you can be cruising down the neon-lit streets without the hassle ...
Ars Technica

Browser extensions with 8 million users collect extended AI conversations

Browser extensions with more than 8 million installs are harvesting users’ complete and extended AI conversations and selling them for marketing purposes, according to data collected from the Google ...
Bleeping Computer

GhostPoster attacks hide malicious JavaScript in Firefox addon logos

A new campaign dubbed 'GhostPoster' is hiding JavaScript code in the image logo of malicious Firefox extensions with more than 50,000 downloads, to monitor browser activity and plant a backdoor. The ...
GitHub

Node.js & JavaScript SDK for Kraken REST APIs & WebSockets

Complete & robust JavaScript & Node.js SDK for the Kraken REST APIs and WebSockets: Professional, robust & performant Kraken SDK with extensive production use in live trading environments. Complete ...
Dark Reading

'ShadyPanda' Hackers Weaponize Millions of Browsers

A sophisticated malware operation has infected 4.3 million Chrome and Edge browser users via malicious browser extensions that masqueraded as legitimate tools for years before being weaponized. The ...
SecurityWeek

Chrome, Edge Extensions Caught Tracking Users, Creating Backdoors

The extensions were seen profiling users, reading cookie data to create unique identifiers, and executing payloads with browser API access. A threat actor has published over a hundred malicious ...
Bleeping Computer

ShadyPanda browser extensions amass 4.3M installs in malicious campaign

A long-running malware operation known as "ShadyPanda" has amassed over 4.3 million installations of seemingly legitimate Chrome and Edge browser extensions that evolved into malware. The operation, ...
SiliconANGLE

SquareX warns hidden API in Perplexity’s Comet browser enables full device takeover

New research out today from browser security company SquareX Ltd. is warning of a hidden application programming interface in Perplexity AI Inc.’s Comet browser that allows extensions in the ...
Morningstar

Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers

PALO ALTO, Calif., Nov. 19, 2025 /PRNewswire/ -- SquareX released critical research exposing a hidden API in Comet that allows extensions in the AI Browser to execute local commands and gain full ...
CSOonline

Hidden API in Comet AI browser raises security red flags for enterprises

SquareX has disclosed a previously undocumented API within the Comet AI browser that allows its embedded extensions to execute arbitrary commands and launch applications — capabilities mainstream ...
acm.org

Characterizing Cryptocurrency-Themed Malicious Browser Extensions

The popularity of cryptocurrencies has led to the growth of browser extensions, including malicious ones that cause financial losses and evade vetting processes. We conduct a systematic study to ...