Browser Security | Breaking Cybersecurity News | The Hacker News

Secure Service Edge (SSE) has somehow become the default answer to a very real problem: how do you secure access in a world of GenAI, hybrid work, SaaS sprawl, unmanaged devices, and third-party users, without rebuilding your entire network? On paper, SSE looks like the modern solution. Consolidation. Centralized policy. One pane of glass. In practice, many teams discover something uncomfortable after rollout: the POC proved the architecture, not the risk reduction. The demo worked. Production didn't. Why is this? Network "rip and replace." - Most SSE deployments still require traffic steering, tunnels, PAC files, certificate gymnastics, and coordination across networking, identity, security, and IT just to reach baseline enforcement. That's a lot of moving parts before you've reduced a single real risk. Limited browser and session visibility. - SSE platforms primarily see connections , not actions . URLs, IPs, flows. But modern risk lives inside the browser and SaaS session:...

AI-powered browsers are changing how we use the web, but they're also creating some serious new security risks. Tools like Perplexity's Comet and Opera's Neon can summarize pages and automate tasks for you. The problem is that researchers have found these agentic copilots can be hijacked by malicious prompts hidden in ordinary webpages, essentially turning your browser against you. In August 2025, Brave's security team disclosed an indirect prompt injection against Perplexity's Comet using hidden instructions in a Reddit spoiler tag, leading Comet to extract an email address and a one-time passcode. No memory corruption, no code execution exploit. The browser simply followed instructions it couldn't distinguish from legitimate user intent. In this post, we'll look at how these attacks work, why they slip past traditional defenses, and what security teams can do to keep data safe from compromised AI agents. AI Browsers: Powerful, But a New Target AI-ena...

Employees are increasingly using personal AI tools, AI-powered extensions, and emerging agentic browsers to accelerate their work. But unlike sanctioned AI platforms, these tools operate inside the browser runtime, where neither CASBs, SWGs, EDRs, nor DLP solutions have visibility. This has quietly turned the browser into an unmanaged AI execution environment, giving way to a new threat known as shadow AI. Shadow AI isn't just the latest buzzword; it's a serious risk that leaves organizations vulnerable to data loss, cyberattacks, compliance violations, and more.  What is Shadow AI? Shadow AI refers to GenAI-powered tools, browser extensions, and browsers that workers use on their own, without any company vetting or guidance. Different from shadow IT, where unsanctioned apps or devices slip through the cracks, shadow AI lives directly in the browser.  For example, employees might use their personal Claude accounts to work with sensitive company data or work on important pr...

Browser extensions have evolved over the years into powerful productivity platforms to streamline workflows, integrate business tools, and optimize how work is done. Now in the age of AI, extensions are once again evolving to enable advanced automation and data-driven decision-making directly in the browser. And as these extensions continue to mature, so will the cyberattacks. Today's extension-based attacks do not discriminate; they target every traditional browser, including Chrome, Edge, Firefox, and more, as well as the new AI-powered browsers like ChatGPT's Atlas and Perplexity's Comet. They adapt to each environment's security nuances. Most enterprises assume that if they secure one browser, it's enough.  The reality is that cross-platform extension threats are becoming increasingly common, and organizations must take broader vigilance. In this article, you'll learn why leveraging a Secure Enterprise Browsing (SEB) platform is critical for organizations to keep up with tod...

The browser has quietly become the most critical application in the enterprise — and the most targeted. With SaaS, cloud, and hybrid work redefining IT boundaries, browsers now handle proprietary data, credentials, and business workflows. Yet legacy security tools like firewalls, antivirus, and EDR were never designed to defend this new digital front line. The shift from being an ancillary tool to becoming the main location of work means legacy security solutions, such as firewalls, antivirus, VDI, etc., are not equipped to provide the necessary level of protection needed to secure today's organizations. The browser, once an afterthought, is now the weak link that legacy defenses simply can't secure.  This article examines the modern browser exploitation playbook and details why legacy tools alone are no match for today's cybercriminals. By adopting a Secure Enterprise Browser (SEB), enterprises can complement their existing security tools, shore up their weak link, and future-p...

Artificial Intelligence (AI) has served as a great resource for cyber defenders by enabling real-time detection and response through advanced pattern recognition and predictive analysis that traditional methods weren't able to achieve. However, AI has recently become a dangerous and widely available enabler for attackers to leverage. CISOs now face adversaries who easily scale large-scale cyberattacks like spear-phishing and polymorphic malware at machine speed.  This article examines the rising AI-driven cyberthreat landscape and presents the browser, the enterprises' new endpoint, as the most strategic control plane for defense. By adopting a Secure Enterprise Browser (SEB) into the security stack, enterprises can reduce their attack surface, contain incidents at scale, and future-proof themselves against these advanced attacks.  Why Traditional Defenses Struggle Against AI  Most organizations have robust defense in place against cyberattacks, such as firewalls, EDR...