Sturnus, an advanced Android banking trojan, has been discovered by ThreatFabric. Learn how this malware bypasses end-to-end encryption on Signal and WhatsApp, steals bank credentials using fake screens, and executes fraudulent transactions.

Cybersecurity researchers have discovered a new, highly dangerous Android banking malware called Sturnus, named after the common starling or ‘songbird’ because of its complex and ‘chaotic’ communication style.

The Dutch cybersecurity firm ThreatFabric identified this privately-operated threat, which has features that are simply far more advanced and dangerous than what we’ve seen before.

According to ThreatFabric’s blog post, published on November 20, 2025, Sturnus is far more advanced than previous malware, capable of stealing your bank details, able to view chat content on apps like WhatsApp, Telegram, and Signal by abusing Android’s Accessibility Service

****How it Decodes Your ‘Encrypted’ Chats****

Even though these apps use end-to-end encryption, which means only you and the person you’re chatting with can read the messages, Sturnus completely gets around this protection. It works by relying on the Android Accessibility Service to read the message content directly from the screen after the legitimate app has decrypted it. This means the attackers can see full conversations, contacts, and all incoming and outgoing messages in real time.

(Image credit: ThreatFabric)

****A Fully Featured Threat****

The malware is distributed through social engineering campaigns, including Phishing (email), Smishing (SMS text messages), or via a malicious Dropper application, which tricks users into installing the final malware as an unofficial APK file

Once Sturnus infects a phone, it uses two integrated methods to steal sensitive data: deploying fake login screens, known as HTML overlays, that perfectly mimic banking apps; and simultaneously employing a comprehensive keylogging pipeline via the Accessibility Service to record every keystroke and screen tap.

Further probing revealed that the malware gives the attackers extensive remote control. They can type, monitor all activity, and, most disturbingly, display a black screen overlay to hide their actions while it silently executes fraudulent transactions in the background. The malware even uses its keylogging ability to steal PINs and Passwords, making it easy to unlock the device itself.

(Image credit: ThreatFabric)

****The Attack Status and Targets****

It is worth noting that Sturnus is highly persistent. It gains special privileges on the phone, called Device Administrator rights, and actively protects them. If a user tries to disable these rights or uninstall the malware in settings, Sturnus detects the attempt and automatically stops the action. This defence makes it very difficult to get rid of it once installed.

Researchers assess that although this malware is not yet widespread and is currently in an early testing phase, it is already fully functional. Its configurations show an immediate focus on targeting financial institutions across Southern and Central Europe. This concentration on high-value apps and specific regions suggests the criminals are simply getting ready for a much larger, more coordinated global attack.

In commentary shared exclusively with Hackread.com, Aditya Sood, VP of Security Engineering and AI Strategy at Aryaka, provided insight into the malware’s technical edge and broader risks.

“Sturnus poses a different kind of threat compared to other Android malware due to its ability to use a mix of plaintext, RSA, and AES-encrypted communication with the C2 server it responds to,” Sood said.

“The combination of these three allows Sturnus to blend more easily into normal network patterns, while also hiding commands and stolen data from defence systems. This advanced level of evasion and resilience from the malware disrupts signature-based detection and can impede reverse-engineering efforts, making it harder to inspect Sturnus’ network traffic or recover the contents that it steals.”

Sood also highlighted the risk to organisations: “As a banking trojan, Sturnus is primarily targeting financial organisations. However, the ability to steal messages from end-to-end encrypted platforms like Signal could spell serious problems for organisations, as those applications are used across several industries to secure sensitive or confidential information.”

He advises, “Individuals who are at-risk, or who are in control of sensitive information, must avoid downloading APK files from outside Google Play, and should continuously monitor for malicious activity if infection is suspected.”

New Sturnus Android Malware Reads WhatsApp, Telegram, Signal Chats via Accessibility Abuse

ShinyHunters breached Gainsight apps integrated with Salesforce, claiming access to data from 1000 firms using stolen credentials and compromised tokens.

Salesforce, a renowned customer relationship management (CRM) platform, has confirmed it is dealing with a significant security incident. The company announced late Wednesday that some of its customers’ data was likely accessed by an outside party through an issue involving apps published by Gainsight, a company that provides customer success software.

“Our investigation indicates this activity may have enabled unauthorised access to certain customers’ Salesforce data through the app’s connection,” Salesforce’s official update stated.

The problem lies with the access tokens used by Gainsight’s connected applications, which are basically special digital keys allowing the apps to link to Salesforce systems. Attackers managed to steal and use these keys to bypass normal security.

Salesforce responded fast, immediately revoking all active tokens for the affected Gainsight apps and removing them from the AppExchange. Access to the Gainsight platform via Salesforce remains unavailable as of this morning. Both companies stressed the issue did not come from a flaw within the core Salesforce platform, but rather through the Gainsight app’s external connection.

****The Attack and the Threat****

Gainsight’s statement confirms the breach was detected when API calls came from unauthorised (non-whitelisted) IP addresses. As per the company’s update, only three organisations are currently known to be impacted, and Salesforce has proactively reached out to them. The investigation is still ongoing.

The notorious hacking group ShinyHunters claimed responsibility for the breach, telling DataBreaches.net they used credentials stolen from an earlier attack on Salesloft, where Gainsight was also a victim, to compromise Gainsight.

ShinyHunters on Telegram showing records allegedly stolen in the Gainsight data breach (Image credit: Hackread.com)

ShinyHunters claims this combined data theft affects “almost 1000 organisations,” including large companies like the following:

1.  F5
2.  Gitlab
3.  Verizon
4.  LinkedIn
5.  DocuSign
6.  Atlassian
7.  SonicWall
8.  MalwareBytes
9.  Thomson Reuters

_and others from the GainSight campaign._

ShinyHunters claims they used these stolen secrets to gain access to roughly 285 additional Salesforce customer systems. The exposed data potentially includes business contact and licensing details.

Furthermore, the hackers are trying to extort victims, directly threatening Salesforce to create a new data leak site containing data from both the Gainsight and Salesloft campaigns if the platform does not negotiate.

ShinyHunters on Telegram claiming the Gainsight data breach (Image credit: Hackread.com)

****Company Response and Customer Action****

Gainsight is working closely with Salesforce and has brought in the top cybersecurity firm, Mandiant, for an independent investigation. Gainsight’s official statement says they will not restore API access until all security layers have been fully reviewed.

Gainsight clarified that any function depending on reading from or writing to Salesforce is affected, including Connector data sync, Rules, Data Designer, Reports, Cockpit, Timeline, and Renewal Center.

However, most in-app workflows using Gainsight-native data are unaffected and run normally. As a precaution, Gainsight also revoked access for its Zendesk connector and temporarily delisted its app from the HubSpot Marketplace.

Customers can request the precise IP ranges for legitimate connections via a support ticket. Gainsight recommends using the direct NXT login method to bypass the Salesforce login block.

****Expert Analysis:****

In an analysis shared exclusively with Hackread.com, Brian Soby, CTO and co-founder at AppOmni, provided critical insight into the breach and its wider context:

“The Gainsight breach closely resembles other SaaS supply-chain compromises we’ve seen in recent years. Given how successful those earlier attacks were, it isn’t surprising that attackers reused similar techniques,” Soby said.

“What stands out most in this case is the sheer prevalence of Gainsight integrations. Gainsight is widely deployed and tightly connected to Salesforce, Slack, Google, Microsoft, and numerous other SaaS environments. Because of that footprint, customers now have to quickly identify every location where Gainsight was integrated, revoke those OAuth tokens, and investigate whether any of those connections were abused.”

Soby highlighted a specific difficulty in the investigation: “Salesforce has stated that it deleted tokens issued to Gainsight. While well-intentioned, that action also removed the records customers rely on to determine which of their users had granted OAuth access to Gainsight, which is the first step in conducting a proper investigation.”

Soby concluded by stressing that the industry has failed to learn from past incidents: “More broadly, this incident highlights persistent weaknesses in SaaS supply-chain security. The attack closely mirrors the earlier Drift breach, which also targeted Salesforce, Google Workspace, and other widely used SaaS platforms. The scale of the Gainsight compromise underscores that many organisations did not apply the lessons they should have learned from Drift, leaving large portions of their SaaS supply chain exposed.”

ShinyHunters Breach Gainsight Apps on Salesforce, Claim Data from 1000 Firms

Everest ransomware claims to have stolen over 180GB of seismic survey data from Petrobras, demanding contact through qTox with a countdown in place.

Everest ransomware group has listed two separate entries on its dark web leak site, both targeting Petrobras, a Brazilian majority state-owned multinational corporation giant in the petroleum industry headquartered in **Rio de Janeiro**.

****Petrobras and SAExploration Data****

Both listings were published on November 14, 2025. The first listing points to an alleged data breach involving both **Petrobras** and a partner firm, SAExploration. According to the group, it managed to steal a database that contains over 176 gigabytes of seismic navigation data. More than half of that, over 90 gigabytes, is said to belong directly to Petrobras.

The files, as per the group, contain highly detailed technical information, including ship positioning, equipment configurations, hydrophone readings, and depth measurements. There are also quality control documents, metadata, and processed reports that outline survey progress and initial conclusions from field operations.

It is worth noting that seismic surveys are critical in the oil and gas industry and require major investments to plan, capture, and process. If competitors gain access to this level of detail, including the accuracy of ship movement and node placement, they could use it to replicate Petrobras’ methods, lower their own costs, or gain leverage in contract negotiations.

Screenshort published by the Everest Ransomware group claiming Petrobras data breach (Image credit: Hackread.com)

****Petrobras’ Campos Basin Seismic Surveys****

The second listing from **Everest ransomware** focuses on Petrobras’ Campos Basin seismic surveys, which include both 3D and 4D data sets. This batch is again said to total more than 90 gigabytes and includes similar categories of sensitive information.

From ship coordinates and source depths to shot pressures and equipment alignment, the files suggest a full sweep of field survey documentation. Screenshots of some of the stolen data have also been shared by the group, which helps support the claim.

Screenshots published by the Everest Ransomware group (Image credit: Hackread.com)

The group has also issued a demand, stating that a representative from Petrobras must contact them through the encrypted messaging platform Tox within four days. They’ve provided a specific Tox ID and warned that if no communication is made before the deadline, further action may follow. A countdown timer was also posted alongside the message, making the deadline clear for the company to respond.

Screenshorts published by the Everest Ransomware group claiming Petrobras data breach (Image credit: Hackread.com)

****Right After The Alleged Under Armour Hack****

These breaches surfaced just as Everest also claimed responsibility for **hacking Under Armour**, saying it exfiltrated 343 gigabytes of data, including customer information, product records, and internal corporate files.

While Under Armour’s alleged breach targets a consumer-facing brand, the Petrobras incident could have deeper implications for industrial competitiveness and strategic operations within the energy sector.

Petrobras has not yet commented publicly on the claims; therefore, Hackread.com has reached out to the company. This article will be updated accordingly.

Everest Ransomware Says It Breached Brazilian Energy Giant Petrobras

Trustwave SpiderLabs warns of Eternidade Stealer, a new banking trojan spreading via personalised WhatsApp messages. Find out how this malicious software bypasses security checks and deploys fake login screens for major banks and wallets.

Cybersecurity researchers at Trustwave’s SpiderLabs have issued a warning about a new banking trojan targeting bank customers in Brazil. Dubbed Eternidade Stealer (Portuguese for Eternity), this malware uses the popular messaging app WhatsApp to trick people and steal their private financial information.

****The Attack Starts with a Simple Message****

The criminals employ social engineering, starting with a personalised WhatsApp message in Portuguese, featuring greetings that adjust to the time of day (like ‘good morning’). This tactic immediately makes the message seem legitimate. Once the victim clicks the attached malicious file, a complex attack chain begins.

The message researchers received via WhatsApp (Image credit: SpiderLabs)

The threat quickly takes over the user’s WhatsApp account. The program’s first action is to rapidly steal the victim’s entire contact list, which is immediately sent to the criminal’s control server. It then automatically sends itself to all the victim’s contacts using a spreading program written in Python script. This shift to Python is an important change from earlier attacks, which typically used different software.

Attack chain (Image credit: SpiderLabs)

****A Highly Targeted Operation****

According to Trustwave’s blog post, the Eternidade Stealer is built using Delphi, a programming language favoured by cybercriminals in Brazil for its efficiency and regional familiarity. The malware is highly localised; it only targets users with the Brazilian Portuguese operating system language.

Before launching its main attack, the stealer profiles the victim’s computer, checking for security software like Windows Defender or Kaspersky to help it avoid detection. The program is also cleverly designed to get its instructions by logging into a specific email account using the IMAP protocol to fetch the current location of its control server.

Researchers were able to confirm this behaviour when they accessed the threat actor’s email account, finding the criminal was using simple, easily-compromised credentials.

The threat actor’s email account accessed by SpiderLabs (Image credit: SpiderLabs)

****Stealing From Banks and Wallets****

Once active, the malware is programmed to watch for a long list of financial targets. It actively scans for applications linked to major Brazilian banks (like Itaú, Bradesco, and Caixa Econômica Federal), popular payment services (such as MercadoPago), and even cryptocurrency wallets and exchanges, including MetaMask, Trust Wallet, and Binance.

When a victim opens one of these targeted applications, the stealer deploys a fake screen, known as an overlay, that looks exactly like the login page. The victim unknowingly enters their sensitive information into this fake form, sending their credentials directly to the criminals.

To stay safe, be cautious of any unexpected messages or attachments, even if they appear to be from a known contact. If you receive a suspicious file, never open it; instead, call or text the supposed sender on a different platform to confirm they actually sent it.

New Eternidade Stealer Uses WhatsApp to Steal Banking Data

SquareX warns Perplexity's Comet AI browser contains a hidden MCP API that bypasses security, allowing attackers to install malware and seize full device control.

Security researchers from web browser security firm SquareX have issued a public warning after uncovering a vulnerability in Perplexity’s Comet AI browser. Their research, published on November 19, 2025, reveals a hidden feature that could allow cybercriminals complete control over a user’s computer.

****The Concealed API Threat****

The problem lies with a secretive mechanism called the MCP API (specifically, chrome.perplexity.mcp.addStdioServer). For your information, traditional web browsing relies on ‘sandbox isolation,’ a principle that intentionally locks down the browser environment to prevent websites or extensions from running programs on your PC.

However, the MCP API allows Comet’s own ‘embedded extensions’ to bypass this vital security layer, allowing them to execute any command on your device without asking for permission. This means that a breach could lead to malicious software installation, data theft, or device monitoring.

This feature has caused a massive breach of trust, particularly because official documentation for the MCP API is nearly non-existent, while the few available details only explain the feature’s intent, and don’t disclose that Comet’s extensions maintain persistent access to the API and can launch local applications arbitrarily. SquareX argues this functionality breaks decades of established browser security standards.

****Invisible Extensions, Zero Control****

Researchers found that the Comet browser comes pre-loaded with two hidden extensions: one for analytics and one for its AI agent features. These components power the browser’s agentic capabilities (its ability to act on your behalf). The MCP API resides in the Agentic extension and can be activated directly by the Perplexity website, creating a secret channel to access local data.

SquareX demonstrated the attack using extension stomping, where they disguised a malicious extension that then commanded the Agentic Extension to invoke the MCP API, and successfully launched WannaCry.

The team also noted that common vulnerabilities like XSS and MitM network attacks could be used to exploit this vulnerability just as easily. A compromise of Perplexity’s systems would instantly create a disastrous third-party risk, giving attackers unprecedented control over Comet users.

Attack demo (Credit: SquareX)

****Warning for the AI Browser Future****

While SquareX notes there is no evidence of Perplexity currently misusing this capability, the third-party risk remains substantial. They first contacted Perplexity to disclose the attack on Tuesday, November 4th, 2025, but as of the writing of their report, they had not received a reply. The firm clarified that this specific, vulnerable API has only been found in Comet among current AI browsers.

This discovery highlights inherent issues in the design of the new generation of AI browsers. SquareX is urging Perplexity and other AI browser makers to fully disclose all powerful APIs and provide users with a simple option to disable any embedded extensions that possess system-level access.

****Immediate Security Update: Perplexity Patches the Flaw****

SquareX has confirmed to us today that Perplexity has quietly fixed the vulnerability in the Comet browser. The firm noted that the attack they demonstrated now fails, showing the error message, ‘Local MCP is not enabled’ (see screenshot below). Since SquareX and other researchers were still able to carry out the attack just yesterday, it seems Perplexity deployed this fix very recently.

While SquareX is still waiting for a formal response from Perplexity about their initial report, the important thing is that users are no longer at risk from the MCP API exploit. The company looks forward to an official statement and remains committed to supporting Perplexity on security matters.

Security experts shared their analysis with Hackread.com on the broader implications for security and the enterprise. Randolph Barr, Chief Information Security Officer at Cequence Security, said the findings highlight a “deeper issue that goes beyond a single browser implementation.”

He emphasised that the shift breaks long-standing security assumptions: “AI-native browsers are introducing system-level behaviours that traditional browsers have intentionally restricted for decades… When embedded extensions can trigger OS-level actions… the browser effectively becomes a privileged agent on the device.”

Barr noted this creates an “expanded attack surface” driven by curiosity-driven adoption by employees on personal devices, behaviours that “inevitably bleed into the workplace.”

He also pointed out that AI browsers are easy targets, stating, “Attackers can identify them with a few lines of JavaScript or by probing for AI-specific behaviours… At scale, that enables targeted attacks against users running these higher-risk, agent-enabled environments.”

Ronald Lewis, Senior Innovation Manager at Black Duck, reminded users that AI browsers carry inherited risks alongside new ones. He pointed out that the Comet AI Browser “incorporates many of the risks associated with traditional browsers but also incorporates a significant number of AI-borne risks.”

Lewis suggested consumers be vigilant and proactively think about risks such as the potential for the AI tool to perform harmful or unexpected actions due to ambiguous instructions, whether it could respond to hidden system instructions, if external sources could manipulate the tool’s behaviour, and if third-party integrations could interact with the tool to trigger unintended actions.

Comet Browser Flaw Lets Hidden API Run Commands on Users’ Devices

The operator, Alexander Volosovik, also known as “Yalishanda”, “Downlow” and “Stas_vl,” ran a long-running bulletproof hosting operation used by top ransomware groups.

The UK’s National Crime Agency (NCA), working with international law enforcement agencies, has exposed and sanctioned Alexander Volosovik, also known online as “Yalishanda,” Downlow”, and “Stas\_vl” for running a long-standing bulletproof hosting operation that has supported major cybercrime and ransomware groups like LockBit, Evil Corp and BlackBasta.

Volosovik operated under the names Media Land LLC and ML.Cloud LLC, both based in Russia. According to the NCA, his infrastructure gave ransomware gangs and malware operators the tools to carry out cyber attacks that caused serious damage to organisations around the world, from financial losses to disrupted operations.

****Volosovik’s Hosting Helped 8chan Return After Takedown****

According to cybersecurity journalist Brian Krebs’ report from 2019, Volosovik is the world’s biggest “bulletproof” hosting operator. His infrastructure has been used to support a wide range of illegal online activity, from phishing sites to stolen data markets.

One notable case was the return of 8chan, later rebranded as 8kun, which came back online using IP space provided by Volosovik’s company, Media Land LLC. Despite facing widespread deplatforming, 8chan was able to resume operations through this hosting setup, which was designed to resist takedown efforts and obscure the identities of its clients.

Alexander Volosovik AKA Yalishanda (Image source: NCA UK)

Bulletproof hosting providers play a behind-the-scenes role in the cybercrime economy. They offer hosting that ignores abuse complaints, hides user identities, and actively resists takedowns by law enforcement. This makes them a valuable service for cybercriminals who want to operate with less risk of being stopped.

****Sanctions from the UK and Five Eyes****

The UK’s Foreign, Commonwealth and Development Office (FCDO) announced sanctions against Volosovik and three of his associates. This move was coordinated with similar actions from the US Treasury’s OFAC and Australia’s Department of Foreign Affairs and Trade.

The NCA said the action is part of a broader strategy to target support services that make cybercrime easier and more scalable. While ransomware operators often get the headlines, operations like Volosovik’s are what keep those attacks running behind the scenes.

To support the sanctions, the NCA and its Five Eyes partners (Australia, Canada, New Zealand, the US and the UK) have issued alerts to industry warning about the risks tied to bulletproof hosting services like Media Land and AEZA, another Russia-based bulletproof web hosting service.

Ransomware continues to be one of the most damaging forms of cybercrime. Victims in the UK and globally have included sectors like telecoms, finance and critical infrastructure. Hosting services that give safe infrastructure to ransomware groups make it harder for authorities to stop attacks before they spread.

Paul Foster, Deputy Director of the NCA’s National Cyber Crime Unit, said services like Media Land allow cybercriminals to launch and monetise attacks with confidence. He added that today’s coordinated action is designed to weaken that digital shield.

****Dutch Police Seize 250 Servers in Bulletproof Hosting Crackdown****

While the NCA says it will continue working with international allies to disrupt these operations and stop sanctioned services from abusing infrastructure within the UK, in a separate operation in the Netherlands, authorities seized around 250 physical servers used by an unknown bulletproof hosting provider that had been active since 2022 and linked to more than 80 cybercrime investigations

According to the Dutch Police’s press release, the service offered anonymous VPS and RDP access without identity verification or logs, which made it a go‑to platform for ransomware actors, phishing networks and malware operations.

Investigators now have access to the hardware and thousands of virtual servers taken offline, giving them a rare window into how back‑end infrastructure supports large‑scale cybercrime.

UK Exposes Bulletproof Hosting Operator Linked to LockBit and Evil Corp

Hacker using the alias 888, claims to be selling Samsung Medison data taken through a third party breach, including internal files, keys and user info.

A hacker using the alias 888 on a cybercrime forum is offering internal records and data they claim belong to **Samsung**. In a post dated 13 November 2025, the hacker says the breach came from an attack on a third-party contractor, giving them access to data from several companies, including Samsung.

The hacker says the files include source code, private keys, SMTP credentials, configuration files, hardcoded credentials and user PII taken from a healthcare backup. The post also lists access to MSSQL and AWS S3. In a note, the hacker adds that the MSSQL and AWS S3 data were already exported and dumped, and that the access itself was an extra item they were offering.

While the exact size of the data remains unclear, it is being offered as a one-time sale, with the hacker asking interested buyers to submit offers through Keybase. Payment is in XMR, the privacy-focused cryptocurrency also known as Monero.

****Alleged Samsung Medison Data****

The screenshots shared by the hacker were analysed by Hackread.com and show what appears to be backend database content and cloud storage data from a Samsung Medison healthcare environment, including SQL tables, user/employee records, internal logs and exported cloud directories.

Screenshot from the hacker’s post (Image credit: Hackread.com)

**Samsung Medison Co., Ltd** is a South Korean medical device company owned by Samsung. It focuses on ultrasound systems and other medical imaging technologies used in hospitals and clinics.

Hackread.com has contacted Samsung for comment, and only the company can confirm or deny the material. If the files turn out to be real, the situation raises a clear privacy and security threat because the data shown includes names, emails, country details, SQL records and cloud logs tied to a healthcare setting. This type of information can be misused for targeting, intrusion or follow-up attacks.

The same hacker has a long record of breaches and leaks going back to the days of the now-closed Breach Forums. **In July 2024**, they released thousands of employee records tied to Microsoft and Nokia.

Hacker Selling Alleged Samsung Medison Data Stolen In 3rd Party Breach

Tel Aviv, Israel, 19th November 2025, CyberNewsWire

**Tel Aviv, Israel, November 19th, 2025, CyberNewsWire**

Seraphic, the leader in enterprise browser security (SEB) and AI enablement, today announced native protection for Electron-based applications such as ChatGPT desktop, Teams, Slack, and more, becoming the first and only browser security platform to introduce this capability.  

AI runs in the browser: SaaS applications, AI copilots, agentic browsers, and Electron apps all execute within a JavaScript-driven environment. Since Seraphic’s tech lives within the JavaScript Engine, the Seraphic platform is designed to serve the AI revolution and operate as the control point for securing any AI-powered browser such as Atlas, Comet, Leo, Dia, Genspark, and more, and any additional AI tool that interacts with the browser. The Seraphic Browser Security Platform offers inline DLP, safe browsing, remote connectivity and real-time visibility across all devices, whether managed or unmanaged. 

> “Existing solutions such as SASE, RBI, VDI, and even newer approaches like dedicated browsers or extension-based security tools struggle to support emerging technologies like AI and the Electron framework due to architectural limitations. Seraphic was built differently. Our design is inherently flexible because we operate at the core of the browser, not around it. As a result, when AI exploded, these capabilities emerged naturally and effortlessly for us,” said Ilan Yeshua, CEO & Co-Founder of Seraphic. 

Seraphic’s Electron app protection ties directly into its expanding AI Security features designed to protect enterprises as generative AI and LLM-based tools become central to daily workflows. Seraphic’s GenAI dashboard turns AI oversight from reactive to proactive, enabling organizations to adopt AI with confidence and protect against AI-driven threats. All this is achieved without making infrastructure changes and with no user friction. 

With Seraphic’s GenAI dashboard, enterprises get: 

*   **Complete AI Activity Visibility:** Real-time monitoring of all AI interactions, including prompts, uploads, downloads, and agentic behavior. 
*   **Shadow AI Detection:** Identifies unauthorized or high-risk AI tools and enforces granular access and usage guardrails. 
*   **Inline AI Data Protection (DLP):** Inspects prompts, pasted text, file uploads, and cross-tab activity before data leaves the device; blocks, masks, or watermarks sensitive content. 
*   **Protection for AI & Agentic Browsers:** Native enforcement for ChatGPT Atlas, Dia, Genspark, Comet, and other agentic tools, preventing token misuse, unauthorized automation, and AI-driven threats. 
*   **Electron Application Protection:** First-of-its-kind coverage for Electron apps. 

> “Seraphic gives organizations a single, lightweight control point that follows the user everywhere, securing any device, any browser, and now any Electron app without disrupting productivity or forcing architectural changes. By extending our enterprise browser security to Electron environments, we enable security teams to safely embrace AI, with the visibility and fine‑grained controls they need to keep sensitive data, identities, and intellectual property protected,” said Alon Levin, VP Product Management at Seraphic. 

In addition to its enterprise solution, Seraphic supports the wider security community through BrowserTotal, a free platform where users can educate themselves on AI threats like Prompt Injection and analyze LLMs for safety, empowering organizations and individuals to proactively mitigate risks as AI technologies evolve. 

More information related to Seraphic’s Electron app protection can be found here.

**About Seraphic** 

Seraphic transforms any traditional or AI browser into a secure enterprise browser, delivering real-time protection against phishing, data loss, and credential theft on both managed and unmanaged devices. Backed by CrowdStrike’s Falcon Fund, recognized with the Frost & Sullivan Global Zero Trust Enabling Technology Leadership Award, and trusted by Fortune 500 enterprises, Seraphic provides the browser-layer security foundation for modern, cloud-driven businesses. 

Users can learn more at **seraphicsecurity.com**. 

**Contact**

**Head of Communications**  
**Eric Wolkstein**  
**Seraphic**  
**ericw@seraphicsecurity.com**

Seraphic Becomes the First and Only Secure Enterprise Browser Solution to Protect Electron-Based Applications

Two FortiWeb vulnerabilities, including a critical unauthenticated bypass (CVE-2025-64446), are under attack. Check logs for rogue admin accounts and upgrade immediately.

In worrying news for organisations relying on Fortinet FortiWeb products, the company has released emergency patches for two critical security weaknesses that hackers are already using in real-world attacks. These FortiWeb devices are special firewalls designed to protect web applications.

****Critical Flaw Allowed Total Takeover****

The most serious issue, CVE-2025-64446, is being exploited globally, with attack origins traced to the US, Europe, and Asia. This flaw is rated extremely high (9.8 out of 10) and has been active since early October 2025. It is a type of Path Traversal problem, which means attackers could trick the system into running files it shouldn’t.

What makes this flaw so bad is that it allows even a hacker who isn’t logged in (unauthenticated) to bypass security, create a new administrator account, and gain complete control over the device. The attacker could then disable security rules and possibly gain deeper network access.

Research firm Qualys analysed this threat, explaining that the attack cleverly combines two flaws to bypass the normal login process. The US CISA added this flaw to its KEV catalogue on November 14, 2025, demanding a fix by November 21, 2025.

****Second Exploit Also Requires Immediate Fix****

More recently, a second flaw, CVE-2025-58034, has also been confirmed as being actively exploited. This issue is an OS Command Injection vulnerability, which lets a logged-in (authenticated) attacker run unauthorised code on the system.

Although it is rated lower (6.7), its active exploitation is a serious concern. Jason McFadyen of Trend Micro’s Trend Research team is credited with the discovery. Due to the danger, CISA also added this flaw to its critical list on November 18, 2025, with a fix required by November 25, 2025.

****What You Need to Do Now****

Fortinet has released fixes, and CVE-2025-64446 was silently patched in version 8.0.2 on October 28, 2025, even though an official security alert was not released at that time.

Affected organisations must immediately update their FortiWeb versions. For example, if you are running version 8.0.1 or earlier, you must update to FortiWeb 8.0.2 or higher. If you are using the 7.6 branch, you must update to 7.6.6 to fix all recent issues (version 7.6.5 only fixed the older critical flaw). Updates are also available for versions in the 7.4, 7.2, and 7.0 branches.

As a necessary, temporary step, you should immediately disable the device’s management access from the public internet. Furthermore, organisations must check their system logs for any unauthorised administrator accounts, such as “Testpoint” or “trader,” which hackers have been observed creating since early October.

Fortinet Issues Fixes as FortiWeb Takeover Flaw Sees Active Attacks

Palo Alto, California, 19th November 2025, CyberNewsWire

**Palo Alto, California, November 19th, 2025, CyberNewsWire**

SquareX released critical research exposing a hidden API in Comet that allows extensions in the AI Browser to execute local commands and gain full control over users’ devices. The research reveals that Comet has implemented a MCP API (chrome.perplexity.mcp.addStdioServer) that allows its embedded extensions to execute arbitrary local commands on users’ devices, capabilities that traditional browsers explicitly prohibit. Concerningly, there is limited official documentation on the MCP API. Existing documentation only covers the intent of the feature, without disclosing that Comet’s embedded extensions have persistent access to the API and the ability to launch local apps arbitrarily without user permission, creating a massive breach of user trust and transparency. 

> “For decades, browser vendors have adhered to strict security controls that prevent browsers, and especially extensions, from directly controlling the underlying device,” explains Kabilan Sakthivel, Researcher at SquareX. “Traditional browsers require native messaging APIs with explicit registry entries and user consent for any local system access. In their ambition to make the browser more powerful, Comet has bypassed all of these safeguards with a hidden API that most users don’t even know exists. This erosion of user trust fundamentally reverses the clock on decades of browser security principles established by vendors like Chrome, Safari, and Firefox.”

Currently, the API is found in the Agentic extension, and it can be triggered by the perplexity.ai page, creating a covert channel for Comet to access local data and launch arbitrary commands/apps without any user control. While there is no evidence that Perplexity is currently misusing the MCP API, the question is not if but when Perplexity will be compromised. A single XSS vulnerability, a successful phishing attack against a Perplexity employee, or an insider threat would instantly grant attackers unprecedented control via the browser over every Comet user’s device. This creates catastrophic third-party risk where users have resigned their device security to Perplexity’s security posture, with no easy way to assess or mitigate the risk.

In SquareX’s attack demo, the research team used extension stomping to disguise a malicious extension as the embedded Analytics Extension by spoofing its extension ID. Once sideloaded, the malicious Analytics Extension injects a script into the perplexity.ai page, which in turn invokes the Agentic Extension which finally uses the MCP to execute WannaCry on the victim’s device. While the demonstration leveraged extension stomping, other techniques such as XSS, MitM network attacks that exploits the perplexity.ai or the embedded extensions can also lead to the same result. 

More worryingly, as both extensions are critical to Comet’s agentic functionality, Perplexity has hidden them from Comet extension dashboard, preventing users from disabling them even if they are compromised. These embedded extensions become a “hidden IT” that security teams nor users have zero visibility over. Furthermore, due to the lack of documentation, there is no way to know whether or when Comet might expand access to other “trusted” sites.

While other AI Browsers also have embedded extensions, we have only found the MCP API in Comet for now. We have disclosed the attack to Perplexity, but have not heard a response. 

Similar to the OS and search engine, owning the platform where the majority of modern work occurs has always been the grand ambition for many tech companies. With AI, there is now the opportunity to make browsers more powerful than ever before. Yet, in the race to win the next browser war, many AI Browser companies are shipping features so quickly that it has come at the cost of proper documentation and security measures. 

> The MCP API exploits serve as an early warning to the third-party risks that poor implementation of AI Browsers can expose users to. “The early implementation of device control APIs in AI browsers is extremely dangerous,” Vivek Ramachandran, Founder of SquareX emphasizes. “We’re essentially seeing browser vendors grant themselves, and potentially third parties, the kind of system-level access that would require explicit user consent and security review in any traditional browser. Users deserve to know when software has this level of control over their devices.”

Without demand for accountability from users and the security community, other AI browsers will race to implement similar, or more invasive, capabilities to remain competitive. SquareX is calling on AI browser vendors to mandate disclosure for all APIs, undergo third-party security audits, and provide users with controls to disable embedded extensions. This isn’t just about one API in one browser. If the industry doesn’t establish boundaries now, we’re setting a precedent where AI browsers can bypass decades of security principles under the banner of innovation. 

**Demo Video:** https://youtu.be/qJl4XllT-9M 

For more information, users can refer to the technical blog.

**About SquareX**

SquareX‘s browser extension turns any browser on any device into an enterprise-grade secure browser, including AI Browsers. SquareX’s industry-first Browser Detection and Response (BDR) solution empowers organizations to proactively defend against browser-native threats including rogue AI agents, Last Mile Reassembly Attacks, malicious extensions and identity attacks. Unlike dedicated enterprise browsers, SquareX seamlessly integrates with users’ existing consumer browsers, delivering security without compromising user experience. Users can find out more about SquareX’s research-led innovation at www.sqrx.com.

**Contact**

**Head of PR**  
**Junice Liew**  
**SquareX**  
**junice@sqrx.com**

Source

HackRead