Infostealers are becoming the go-to phishing payload

Phishing has changed. Slowly but surely, cybercriminals are turning to infostealers instead. Traditional phishing hasn't gone away. Far from it. But many attackers are no longer focused solely on tricking victims into entering usernames and passwords on fake login pages. Instead, they are using...

Microsoft Edge (Chromium) < 145.0.3800.58 (CVE-2026-0102)

The version of Microsoft Edge installed on the remote Windows host is prior to 145.0.3800.58. It is, therefore, affected by a vulnerability as referenced in the February 14, 2026 advisory. - Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps,...

CVE-2026-0102

Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata...

Microsoft Edge 安全漏洞

Microsoft Edge is a web browser included with Windows 10 and later versions from Microsoft. There is a security vulnerability in Microsoft Edge, where malicious websites may trigger automatic filling, potentially leading to the leakage of stored automatic filling data...

PT-2026-20271

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description A malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of...

Multiple Password Managers Vulnerable to Clickjacking Attacks

Overview Browser-extension password managers, which autofill sensitive information on websites, can be exposed to various clickjacking attacks. These attacks exploit the trust relationship between a web page and the user-interface elements injected by the extension. Recent studies show that...

EUVD-2018-15923

Malware in sbrugna...

Advanced Browser Data Extraction for Chromium and Gecko Browsers

This post-exploitation module extracts sensitive browser data from both Chromium-based and Gecko-based browsers on the target system. It supports the decryption of passwords and cookies using Windows Data Protection API DPAPI and can extract additional data such as browsing history, keyword searc...

Researchers Expose Mars Stealer Malware Campaign Using Google Ads to Spread

A nascent information stealer called Mars has been observed in campaigns that take advantage of cracked versions of the malware to steal information stored in web browsers and cryptocurrency wallets. "Mars Stealer is being distributed via social engineering techniques, malspam campaigns, maliciou...

CVE-2018-6037

Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page...

Design/Logic Flaw

Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page...

About the security content of Safari 12

About the security content of Safari 12 This document describes the security content of Safari 12. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

About the security content of Safari 11.1

About the security content of Safari 11.1 This document describes the security content of Safari 11.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

chromium-browser: insufficient user gesture requirements in autofill

Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page...