Google to Punish Sites That Hijack Your Back Button So You Can't Leave

Google announces a crackdown on sites that hijack your back button so you can't return to the search results quickly.
GovInfoSecurity

Backdooring of JavaScript Library Axios Tied to North Korea

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...
theregister

Google rushes Chrome update fixing two zero-days already under attack

Google has pushed out an emergency Chrome update to fix two previously unknown vulnerabilities that attackers were already exploiting before the patches landed. The bugs, tracked as CVE-2026-3909 and ...
scmp.com

China issues new safety rules for OpenClaw. Here are the dos and don’ts

A unit of China’s Ministry of Industry and Information Technology (MIIT) has issued guidelines on best practices and prohibitions for adopting and using OpenClaw, the popular artificial intelligence ...
Dark Reading

Speakeasies to Shadow AI: Banning AI Browsers Will Fail

Gartner recently recommended that enterprises ban AI browsers. It's an understandable impulse for cybersecurity practitioners. These tools have built-in AI sidebars that can leak sensitive data, ...
Bleeping Computer

Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps

Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into executing malicious JavaScript in their browser, allowing attackers to ...
GitHub

TabSearch Browser Hijacker and Adware Program

TabSearch does not serve an explicit legitimate purpose for end users. Instead, its design and behavior align with monetization through advertising and forced redirects. The program changes browser ...
Dark Reading

'ShadyPanda' Hackers Weaponize Millions of Browsers

A sophisticated malware operation has infected 4.3 million Chrome and Edge browser users via malicious browser extensions that masqueraded as legitimate tools for years before being weaponized. The ...
The Hacker News

ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into Spyware

A threat actor known as ShadyPanda has been linked to a seven-year-long browser extension campaign that has amassed over 4.3 million installations over time. Five of these extensions started off as ...
Dexerto

TwitchCon PC allegedly had malware installed that forced streamer to change all her passwords

Twitch streamer Lululuvely revealed that the PC she used to stream from TwitchCon had a ‘hijacker’ program installed before she used it, potentially compromising her accounts. TwitchCon is Twitch’s ...
IEEE

Hephaistos: A Data Flow Analysis Framework for Identifying Browser Fingerprinting Functions in JavaScript

Abstract: With the increasing sophistication of web technologies in recent years, browser fingerprinting techniques have emerged as a widely used mechanism for uniquely identifying users based on ...