HotHardware

Researcher Claims TikTok Could Be Secretly Tracking Your Keystrokes

We wrote last week about research showing that Meta takes advantage of the in-app browser feature on mobile devices to inject JavaScript into web pages viewed in the Facebook, Instagram, and Messenger ...
Bleeping Computer

New tool checks if a mobile app's browser is a privacy risk

A new online tool named 'InAppBrowser' lets you analyze the behavior of in-app browsers embedded within mobile apps and determine if they inject privacy-threatening JavaScript into websites you visit.
CSOonline

Rogue MCP servers can take over Cursor’s built-in browser

A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser — and potentially leverage the IDE’s privileges to perform system tasks.
DMR News

OpenAI Warns Prompt Injection Attacks Will Persist As Atlas AI Browser Expands

OpenAI says prompt injection attacks remain an unsolved and enduring security risk for AI agents operating on the open web, ...