brangberg – Page 561

DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft

Popular password manager plugins for web browsers have been found susceptible to clickjacking security vulnerabilities that could be exploited to steal account credentials, two-factor authentication (2FA) codes, and credit card details under certain conditions.
The technique has been dubbed Document Object Model (DOM)-based extension clickjacking by independent security researcher Marek Tóth,

“Rapper Bot” malware seized, alleged developer identified and charged

The U.S. Department of Justice (DoJ) announced charges against the alleged developer and administrator of the “Rapper Bot” DDoS-for-hire botnet. […]

Perplexity’s Comet AI browser tricked into buying fake items online

A study looking into agentic AI browsers has found that these emerging tools are vulnerable to both new and old schemes that could make them interact with malicious pages and prompts. […]

Hackers steal Microsoft logins using legitimate ADFS redirects

Hackers are using a novel technique that combines legitimate office.com links with Active Directory Federation Services (ADFS) to redirect users to a phishing page that steals Microsoft 365 logins. […]

GPT-5 has a Vulnerability: It May Not be GPT-5 Answering Your Call

Instead of GPT-5 Pro, your query could be quietly redirected to an older, weaker model, opening the door to jailbreaks, hallucinations, and unsafe outputs.

The post GPT-5 has a Vulnerability: It May Not be GPT-5 Answering Your Call appeared first on SecurityWeek.

Major password managers can leak logins in clickjacking attacks

Six major password managers with tens of millions of users are currently vulnerable to unpatched clickjacking flaws that could allow attackers to steal account credentials, 2FA codes, and credit card details. […]

Slow and Steady Security: Lessons from the Tortoise and the Hare

By focusing on fundamentals, enterprises can avoid the distraction of hype and build security programs that are consistent, resilient, and effective over the long run.

The post Slow and Steady Security: Lessons from the Tortoise and the Hare appeared first on SecurityWeek.

Microsoft investigates outage impacting Copilot, Office.com

Microsoft is investigating an ongoing issue preventing users across North America from accessing Office.com and the company’s Copilot AI-powered assistant. […]

Elastic Refutes Claims of Zero-Day in EDR Product

Elastic has found no evidence of a vulnerability leading to RCE after details and PoC of a Defend EDR bypass were published online.

The post Elastic Refutes Claims of Zero-Day in EDR Product appeared first on SecurityWeek.

Why email security needs its EDR moment to move beyond prevention

Email security is stuck where antivirus was a decade ago—focused only on prevention. Learn from Material Security why it’s time for an “EDR for email” mindset: visibility, post-compromise controls, and SaaS-wide protection. […]

Author: brangberg