CyberSum logo
Back

AI Browser Flaw 'CometJacking' Steals Sensitive Data

Cyber Security News by CyberSum.net
2 sources
A new attack method called CometJacking targets agentic AI browsers by embedding malicious prompts within a single URL. When a user clicks the crafted link, it secretly instructs the AI agent to access and collect sensitive data from connected services like email and calendars. The attack bypasses built-in security protections by obfuscating the stolen data using simple encoding before exfiltrating it to an attacker-controlled server. This prompt injection technique effectively turns the trusted AI assistant into an insider threat, capable of siphoning information without requiring credentials or further user interaction. Despite researchers demonstrating the risk, the AI browser's developer reportedly dismissed the findings as having no security impact.

Also Read

Disputed Notepad++ Flaw: Is CVE-2025-56383 a Threat?

A recently disclosed DLL hijacking vulnerability in the popular Notepad++ editor, tracked as CVE-2025-56383, has been detailed with a proof-of-concept exploit. The flaw allows an attacker to replace a plugin's DLL file with a malicious version, leading to arbitrary code execution when the application starts. However, the legitimacy of this vulnerability is heavily disputed within the security community and by the application's developers. Critics argue that exploiting the flaw requires an attacker to already have write access to the protected application directory, a level of privilege that would allow them to compromise the system in other ways. Due to this prerequisite, the development team does not consider it a true vulnerability and has no plans to issue a patch.

By Cyber Security News by CyberSum.net