-->
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million
The Hacker News Logo
Get the Latest News
cybersecurity

AI Browser | Breaking Cybersecurity News | The Hacker News

Category — AI Browser
New BioShocking Attack Tricks AI Browsers Into Leaking User Credentials

New BioShocking Attack Tricks AI Browsers Into Leaking User Credentials

6月 30, 2026 Agent Security / Browser Security
Convince an AI browser that it is playing a game, and it can hand over your login details. That is the finding behind  BioShocking , a technique from security firm LayerX that tricked six AI browsers and assistants into copying a user's credentials and sending them to an attacker. The targets included OpenAI's ChatGPT Atlas, Perplexity's Comet, and Anthropic's Claude browser extension. An AI browser is one that can act for you, not just read pages. Switch it to agent mode, and it can click, type, and reach into the sites you are already signed into. That access is the whole point, and it is also the problem. The trick works because of how these agents read. The web page and your own instructions arrive as a single stream of text. That lets a malicious page slip in commands dressed up as ordinary content or game rules, and the agent cannot reliably tell the difference. Researchers call this  indirect prompt injection . How the trick works
Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails

Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails

12月 05, 2025 Email Security / Threat Research
A new agentic browser attack targeting Perplexity's Comet browser that's capable of turning a seemingly innocuous email into a destructive action that wipes a user's entire Google Drive contents, findings from Straiker STAR Labs show. The zero-click Google Drive Wiper technique hinges on connecting the browser to services like Gmail and Google Drive to automate routine tasks by granting them access to read emails, as well as browse files and folders, and perform actions like moving, renaming, or deleting content. For instance, a prompt issued by a benign user might look like this: "Please check my email and complete all my recent organization tasks." This will cause the browser agent to search the inbox for relevant messages and perform the necessary actions. "This behavior reflects excessive agency in LLM-powered assistants where the LLM performs actions that go far beyond the user’s explicit request," security researcher Amanda Rousseau said in ...
CometJacking: One Click Can Turn Perplexity’s Comet AI Browser Into a Data Thief

CometJacking: One Click Can Turn Perplexity’s Comet AI Browser Into a Data Thief

10月 04, 2025 Agentic AI / Enterprise Security
Cybersecurity researchers have disclosed details of a new attack called CometJacking targeting Perplexity's agentic AI browser Comet by embedding malicious prompts within a seemingly innocuous link to siphon sensitive data, including from connected services, like email and calendar. The sneaky prompt injection attack plays out in the form of a malicious link that, when clicked, triggers the unexpected behavior unbeknownst to the victims. "CometJacking shows how a single, weaponized URL can quietly flip an AI browser from a trusted co-pilot to an insider threat," Michelle Levy, Head of Security Research at LayerX, said in a statement shared with The Hacker News. "This isn't just about stealing data; it's about hijacking the agent that already has the keys. Our research proves that trivial obfuscation can bypass data exfiltration checks and pull email, calendar, and connector data off-box in one click. AI-native browsers need security-by-design for agent...
cyber security

The Systems That Power America Are Under Threat. Is Your ICS/OT Program Ready?

websiteSANS InstituteCritical infrastructure / Webinar
Discover where federal ICS programs are most exposed and what closing the skills gap requires in practice.
cyber security

Inside Device Code Phishing: Live Demos, Real Kits, and What's Next

websitePush SecurityPhishing Attack / Webinar
Device code attacks are up 37x this year, with 18+ kits in the wild. Now available on-demand.
Expert Insights Articles Videos
Cybersecurity Resources