Brave Browser | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers have shed light on a new campaign targeting Brazilian users since the start of 2025 to infect users with a malicious extension for Chromium-based web browsers and siphon user authentication data. "Some of the phishing emails were sent from the servers of compromised companies, increasing the chances of a successful attack," Positive Technologies security researcher Klimentiy Galkin said in a report. "The attackers used a malicious extension for Google Chrome, Microsoft Edge, and Brave browsers, as well as Mesh Agent and PDQ Connect Agent." The Russian cybersecurity company, which is tracking the activity under the name Operation Phantom Enigma , said the malicious extension was downloaded 722 times from across Brazil, Colombia, the Czech Republic, Mexico, Russia, and Vietnam, among others. As many as 70 unique victim companies have been identified. Some aspects of the campaign were disclosed in early April by a researcher who goes by th...

The developers behind the Brave open-source web browser have revealed a new privacy-preserving data querying and retrieval system called  FrodoPIR . The idea, the company  said , is to use the technology to build out a wide range of use cases such as safe browsing, scanning passwords against breached databases, certificate revocation checks, and streaming, among others. The scheme is called  FrodoPIR  because "the client can perform hidden queries to the server, just as Frodo remained hidden from Sauron," a reference to the characters from J. R. R. Tolkien's  The Lord of the Rings . PIR, short for  private information retrieval , is a cryptographic protocol that enables users (aka clients) to retrieve a piece of information from a database server without revealing to its owner which element was selected. In other words, the goal is to be able to query a platform for information (say, cooking videos) without letting the service provider infer from...

An Indian security researcher has publicly published a proof-of-concept (PoC) exploit code for a newly discovered flaw impacting Google Chrome and other Chromium-based browsers like Microsoft Edge, Opera, and Brave. Released by Rajvardhan Agarwal, the working  exploit  concerns a remote code execution vulnerability in the V8 JavaScript rendering engine that powers the web browsers. It is believed to be the same flaw demonstrated by Dataflow Security's Bruno Keith and Niklas Baumstark at  Pwn2Own 2021 hacking contest  last week. Keith and Baumstark were awarded $100,000 for leveraging the vulnerability to run malicious code inside Chrome and Edge. According to the screenshot shared by Agarwal, the PoC HTML file, and its associated JavaScript file, can be loaded in a Chromium-based browser to exploit the security flaw and launch the Windows calculator (calc.exe) app. But it's worth noting that the exploit needs to be chained with another flaw that can allow it to ...

Brave has fixed a privacy issue in its browser that sent queries for .onion domains to public internet DNS resolvers rather than routing them through Tor nodes, thus exposing users' visits to dark web websites. The bug was addressed in a hotfix  release  (V1.20.108) made available yesterday. Brave ships with a built-in feature called " Private Window with Tor " that integrates the  Tor  anonymity network into the browser, allowing users to access .onion websites, which are hosted on the darknet, without revealing the IP address information to internet service providers (ISPs), Wi-Fi network providers, and the websites themselves. The feature was added in  June 2018 . This is achieved by relaying users' requests for an onion URL through a network of volunteer-run Tor nodes. At the same time, it's worth noting that the feature uses Tor just as a proxy and does not implement most of the privacy protections offered by Tor Browser. But according to a report fir...