teufelswerkOct 16

Der KI-Assistent im Browser soll dir eigentlich den Arbeits-Alltag erleichtern. Aber, mit nur einem Klick kann er auch zu einer Insider-Bedrohung werden.

#kiagent #ki #comet #perplexity #datensicherheit #datenschutz #cybersecurity #cometjacking

https://teufelswerk.net/cometjacking-angreifer-koennen-den-comet-ki-browser-von-perplexity-dazu-bringen-daten-zu-stehlen/

CometJacking: Angreifer können den Comet-KI-Browser von Perplexity dazu bringen, Daten zu stehlen

Kürzlich wurde eine neue Angriffsmethode namens „CometJacking“ aufgedeckt, die sich gezielt gegen den KI-Browser Comet von Perplexity richtet. CometJacking nutzt URL-Parameter, um dem Comet-KI-Browser von Perplexity versteckte Anweisungen zu übermitteln, die Zugriff auf sensible Daten aus verbundenen Diensten wie E-Mail oder Kalender gewähren.

teufelswerk | IT-Sicherheit & Cybersecurity
AI SparkupOct 12

CometJacking: 링크 하나로 AI 브라우저가 당신의 Gmail을 훔친다

Perplexity의 AI 브라우저 Comet에서 발견된 CometJacking 취약점. 링크 하나로 Gmail과 캘린더를 탈취하는 새로운 AI 시대 보안 위협을 분석합니다.

https://aisparkup.com/posts/5480

TechNaduOct 6

🚨 Threat Alert: One click can turn AI browsers against you.
CometJacking abuses Perplexity’s Comet AI browser, using prompt injection via malicious URLs to exfiltrate Gmail, Calendar, and connector data.
Key takeaways:
- No credentials stolen; browser already has access
- Base64 obfuscation bypasses protection checks
- Enterprises must monitor AI browser agent memory and prompt execution

Stay ahead of AI-native browser threats.

#CometJacking #CometAI #CyberSecurity #PromptInjection #InsiderThreat #LayerX #DataSecurity #EmailSecurity #CalendarSecurity #Infosec #ThreatIntel #AI

teufelswerkOct 6

Cybersicherheitsforscher haben Details eines neuen Angriffs namens CometJacking veröffentlicht, der auf den KI-Browser/-Assistent Comet von Perplexity abzielt. Dabei werden bösartige Eingabeaufforderungen in einen scheinbar harmlosen Link eingebettet, um sensible Daten, auch von verbundenen Diensten wie E-Mail, Kalender u.ä. abzugreifen. Perplexity hat allerdings die Ergebnisse als „ohne Auswirkungen auf die Sicherheit“ eingestuft... 👇

https://thehackernews.com/2025/10/cometjacking-one-click-can-turn.html

#cometjacking #perplexity #comet #cometbrowser #datenschutz #datensicherheit #ki #ai #kiassistent #cybersicherheit

CometJacking: One Click Can Turn Perplexity’s Comet AI Browser Into a Data Thief

A single malicious URL can hijack Comet AI browser, exfiltrating emails, calendar, and user memory via encoded payloads.

The Hacker News
CyberVeille.chOct 6
📢 CometJacking : des paramètres d’URL détournés pour piloter le navigateur Comet de Perplexity et accéder à des données sensibles
📝 ...
📖 cyberveille : https://cyberveille.ch/posts/2025-10-03-cometjacking-des-parametres-durl-detournes-pour-piloter-le-navigateur-comet-de-perplexity-et-acceder-a-des-donnees-sensibles/
🌐 source : https://www.bleepingcomputer.com/news/security/commetjacking-attack-tricks-comet-browser-into-stealing-emails/
#CometJacking #Exposition_de_données #Cyberveille
CometJacking : des paramètres d’URL détournés pour piloter le navigateur Comet de Perplexity et accéder à des données sensibles

Selon BleepingComputer, une nouvelle attaque baptisée « CometJacking » abuse des paramètres d’URL pour injecter des instructions cachées dans le navigateur Comet de Perplexity. L’attaque consiste à utiliser des paramètres d’URL afin de transmettre au navigateur Comet de Perplexity des instructions cachées qui ne sont pas visibles pour l’utilisateur. Ces instructions permettraient d’atteindre des données sensibles provenant de services connectés, notamment des boîtes e‑mail et des calendriers. TTPs observés: Exploitation de paramètres d’URL pour insérer des instructions cachées. Accès à des données de services connectés (e-mail, calendrier) via le navigateur Comet. Type d’article et objectif: article de presse spécialisé visant à informer sur une nouvelle technique d’attaque ciblant les intégrations du navigateur Comet.

CyberVeille
SOC GoulashOct 4

Morning, cyber pros! A bit light on news today, but we've got some crucial updates on a Discord data breach, a significant surge in scanning activity targeting Palo Alto Networks, and a clever new AI browser attack technique called CometJacking. Let's dive in:

Discord Data Breach via Third-Party Provider ⚠️

- Hackers compromised a third-party customer service provider used by Discord, leading to the theft of identifiable user data.
- Stolen information includes real names, usernames, email addresses, IP addresses, messages to support, and for a small number, government-issued IDs and partial billing details.
- A ransom demand was made, and experts suggest the leaked data could be invaluable for investigating crypto-related hacks and scams due to scammers' frequent use of Discord.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/hackers-steal-identifiable-discord-user-data-in-third-party-breach/

Palo Alto Networks Portals See Massive Scanning Surge 🛡️

- GreyNoise has reported a nearly 500% increase in scanning activity targeting Palo Alto Networks login portals, with over 1,300 unique IP addresses involved.
- This surge, described as targeted and structured, mirrors recent scanning on Cisco ASA devices, which preceded the disclosure of actively exploited zero-days.
- The trend suggests a potential impending vulnerability disclosure or active exploitation, urging defenders to be on high alert for Palo Alto Networks environments.

📰 The Hacker News | https://thehackernews.com/2025/10/scanning-activity-on-palo-alto-networks.html

CometJacking: Hijacking AI Browsers for Data Theft 🧠

- Researchers have detailed "CometJacking," a new prompt injection attack targeting Perplexity's Comet AI browser, which can siphon sensitive data from connected services like email and calendar.
- The attack uses a single, weaponised URL containing a malicious, obfuscated prompt that bypasses data exfiltration checks and instructs the AI agent to steal data.
- This highlights how AI-native tools introduce novel security risks, turning trusted co-pilots into insider threats and underscores the need for security-by-design in AI browser memory and prompt access.

📰 The Hacker News | https://thehackernews.com/2025/10/cometjacking-one-click-can-turn.html

#CyberSecurity #ThreatIntelligence #DataBreach #Discord #PaloAltoNetworks #Vulnerability #AI #CometJacking #PromptInjection #InfoSec #CyberAttack #IncidentResponse

Hackers steal identifiable Discord user data in third-party breach

Hackers stole partial payment information and personally identifying data associated with some Discord users after compromising a third-party customer service provider.

BleepingComputer