Mastodawn

🚨 Threat Alert: One click can turn AI browsers against you.
CometJacking abuses Perplexity’s Comet AI browser, using prompt injection via malicious URLs to exfiltrate Gmail, Calendar, and connector data.
Key takeaways:
- No credentials stolen; browser already has access
- Base64 obfuscation bypasses protection checks
- Enterprises must monitor AI browser agent memory and prompt execution

Stay ahead of AI-native browser threats.

#CometJacking #CometAI #CyberSecurity #PromptInjection #InsiderThreat #LayerX #DataSecurity #EmailSecurity #CalendarSecurity #Infosec #ThreatIntel #AI

The DefendOps Diaries Oct 5

A routine calendar invite just became a hacker’s Trojan horse—malicious code hidden in what looked like a regular event gave attackers a backdoor into sensitive data. Could your everyday digital tools be the new threat vector?

https://thedefendopsdiaries.com/weaponized-calendar-invites-the-zimbra-zero-day-exploit-and-its-implications/

#zimbra
#zeroday
#calendarsecurity
#cyberthreats
#infosec

Weaponized Calendar Invites: The Zimbra Zero-Day Exploit and Its Implications

Explore how attackers exploited a Zimbra zero-day via weaponized calendar invites, the impact on organizations, and essential mitigation steps.

The DefendOps Diaries