web security
-
Researcher discloses ‘Brash’ flaw that can crash Chromium-based browsers by spamming tab title
A researcher has published details of ‘Brash’, a vulnerability in Chromium’s Blink engine that can crash Chromium-based browsers by rapidly updating the document.title field, causing massive DOM mutations and UI thread saturation.
-
Researchers warn of ‘AI-targeted cloaking’ that can poison agentic browsers
Security researchers and hCaptcha warn of an ‘AI-targeted cloaking’ technique that serves different content to human browsers and AI crawlers, potentially poisoning models and enabling misinformation; SPLX and hTAG detail examples and risky agent behaviors.
-
SEO-poisoning BadIIS malware tied to Operation Rewrite targets East and Southeast Asia, researchers say
Security researchers say a Chinese-speaking actor is using the BadIIS malware in an Operation Rewrite SEO-poisoning campaign to hijack search results via a compromised IIS proxy, targeting East and Southeast Asia with Vietnam as a focus.
-
Adobe patches critical SessionReaper flaw in Magento platforms (CVE-2025-54236)
Adobe has released a patch for a critical Magento vulnerability known as SessionReaper (CVE-2025-54236) that could allow unauthenticated access to customer accounts via the Commerce REST API. While Adobe says no exploitation has been observed, researchers warn the issue could be exploited at scale and urge immediate patching, with Cloud customers protected by an existing…
-
Cybersecurity Experts Discover Stealthy Backdoor in WordPress Sites
Cybersecurity researchers have uncovered a dangerous backdoor embedded in WordPress sites’ mu-plugins directory, giving hackers persistent access to execute commands without detection.
-
Widespread Browser Hijacking Campaign Disguised as Popular Extensions
A report by Koi Security has exposed a malicious browser hijacking campaign that has infected over 2.3 million users through seemingly legitimate extensions, highlighting significant security concerns in the browser extension ecosystem.
