Chrome encryption bypass discovered: New malware steals passwords and cookies

The infostealer uses a first‑seen‑in‑the‑wild debugging method to extract Chrome’s decryption key without privilege escalation, raising concerns about the future of browser data security.

Researchers Uncover New Phishing Risk Hidden Inside Microsoft Copilot

Researchers reveal how Microsoft Copilot can be manipulated by prompt injection attacks to generate convincing phishing messages inside trusted AI summaries.

VoidStealer malware steals Chrome master key via debugger trick

An information stealer called VoidStealer uses a new approach to bypass Chrome's Application-Bound Encryption (ABE) and extract the master key for decrypting sensitive data stored in the browser.
Dark Reading

'Claudy Day’ Trio of Flaws Exposes Claude Users to Data Theft

A prompt injection vulnerability paired with other flaws can turn a Google search into a full attack chain that could threaten enterprise networks.
Nature

An enzyme inside the bacterial-cell membrane chops up viral DNA on entry

When a virus infects a bacterial cell, the viral genome is the first component to be fully injected into the cell, making it an ideal immune target. A bacterial enzyme anchored to the membrane ...

Indirect Injection and Multi-Modal Attacks: Poisoning the Pipeline

Indirect prompt injection represents a more insidious threat: malicious instructions embedded in content the LLM retrieves ...