Dark Reading

'ShadyPanda' Hackers Weaponize Millions of Browsers

The China-based cyber-threat group has been using malicious extensions on the Google Chrome and Microsoft Edge marketplaces ...

Stealthy browser extensions waited years before infecting 4.3M Chrome, Edge users with ...

A seven-year malicious browser extension campaign infected 4.3 million Google Chrome and Microsoft Edge users with malware, including backdoors and spyware sending people's data to servers in China.
CSOonline

Hidden API in Comet AI browser raises security red flags for enterprises

SquareX has disclosed a previously undocumented API within the Comet AI browser that allows its embedded extensions to execute arbitrary commands and launch applications — capabilities mainstream ...
The Hacker News

ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into Spyware

ShadyPanda abused browser extensions for seven years, turning 4.3M installs into a multi-phase surveillance and hijacking ...
SecurityWeek

Chrome, Edge Extensions Caught Tracking Users, Creating Backdoors

A threat actor has published over a hundred malicious extensions that can track and profile Chrome and Microsoft Edge users ...

Evomi Announces Launch of Scraper API: Simplifying Web Data Extraction with Built-In Anti ...

The Scraper API enters a market dominated by established players like Apify, Bright Data, and Oxylabs. While these providers offer similar functionality, Evomi differentiates itself through affordable ...
NextBigFuture

Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI ...

SquareX released critical research exposing a hidden API in Comet that allows extensions in the AI Browser to execute local commands and gain full control over users’ devices. The research reveals ...
Business Insider

Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI ...

SquareX released critical research exposing a hidden API in Comet that allows extensions in the AI Browser to execute local commands and gain full control over users' devices. The research reveals ...
SiliconANGLE

SquareX warns hidden API in Perplexity’s Comet browser enables full device takeover

New research out today from browser security company SquareX Ltd. is warning of a hidden application programming interface in Perplexity AI Inc.’s Comet browser that allows extensions in the ...
Morningstar

Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI ...

PALO ALTO, Calif., Nov. 19, 2025 /PRNewswire/ -- SquareX released critical research exposing a hidden API in Comet that allows extensions in the AI Browser to execute local commands and gain full ...
Yahoo Finance

Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI ...

"For decades, browser vendors have adhered to strict security controls that prevent browsers, and especially extensions, from directly controlling the underlying device," explains Kabilan Sakthivel, ...
TechNewsWorld

Gartner Recommends Avoiding AI Browsers — for Now

Gartner is urging organizations to block AI browsers, warning that agentic browsing tools can expose sensitive data, ...