Find notable cyber news and cases, enriched with sources, timelines, and signals.

AI Sidebar Spoofing against Atlas and Comet

Technical Analysis
First reported
Last updated
Happening score
H score 23
1 unique sources, 1 articles

Summary

Hide ▲

Researchers demonstrated AI Sidebar Spoofing against OpenAI Atlas and Perplexity Comet, showing that a fake sidebar overlay can steer users toward phishing, OAuth abuse, and even a reverse shell command. The attack matters because it exploits the browser’s trusted AI interface rather than a server-side flaw. It turns a browser extension plus injected JavaScript into a high-risk social-engineering channel.

Related Happenings

FROST browser SSD timing side channel via OPFS

Technical Analysis
H score16 First: 09.06.2026 12:50 Last: 09.06.2026 12:50 Sources 1

About this happening: **FROST** turns **browser storage timing** into a **remote SSD side channel** that can identify which **sites** a user visits and which **apps** they open. The technique runs insi...

Enterprise browser users face a rising shadow AI, credential abuse, and browser-native attack trend

Trend
H score22 First: 05.06.2026 17:00 Last: 05.06.2026 17:00 Sources 1

About this happening: **Enterprise users** are showing a sharp rise in **shadow AI**, **credential abuse**, and **browser-native attack exposure**, increasing risk at the browser layer. The trend matte...

Browser-layer visibility guidance for browser-native threats

Defensive Guidance
H score22 First: 05.06.2026 17:00 Last: 05.06.2026 17:00 Sources 1

About this happening: **Security teams** are being pushed to treat **browser sessions** as the primary detection surface for **phishing**, **credential theft**, and **ClickFix**. **Browser-native attac...

Brave Software launches paid Brave Origin browser

Commercial Activity
H score0 First: 05.06.2026 00:37 Last: 05.06.2026 00:37 Sources 1

About this happening: Brave Software launched **Brave Origin**, a paid browser variant that removes **cryptocurrency**, **AI**, rewards, and other monetization features while keeping **Brave Shields**....

BrowserOS WebPromptTrap patch release (0.32.0)

Security Patch Release
H score11 First: 29.05.2026 21:07 Last: 29.05.2026 21:07 Sources 1

About this happening: **BrowserOS** patched **WebPromptTrap** in **version 0.32.0**, closing an indirect prompt-injection flaw that could trick users into approving an **authorization step** inside the...

Timeline

  1. 23.10.2025 17:09 2 articles · 8mo ago

    AI Sidebar Spoofing against Atlas and Comet

    Initial Disclosure

    SquareX first demonstrated that a malicious extension can draw a fake AI sidebar over the real one in **Comet**. The same overlay behavior was then confirmed on **Atlas**, where it can steer users into unsafe actions across sites.

    Show sources