Blog

Security insights, vulnerability roundups, and updates from the Agent Breach team.

Security email updates

One digest email when we publish new security articles (TL;DR plus links to read more). Unsubscribe anytime from the message footer. See our Privacy Policy.

Fake Perplexity Chrome Extension Logged Searches and Address Bar Input

A malicious Chrome extension impersonating the Perplexity AI search engine intercepted user searches and address bar input, routing all queries through attacker-controlled servers. Microsoft discovered the threat, which Google subsequently removed from the Chrome Web Store following responsible disclosure.

Read more

Apple Patches 30+ Flaws Including AI-Discovered WebKit Vulnerabilities

Apple released security updates addressing over 30 vulnerabilities across iOS, macOS, and Safari, including four WebKit bugs identified through AI-assisted security tools. The patches underscore the growing role of machine learning in vulnerability discovery and the importance of timely patching across Apple's ecosystem.

Read more

Cellebrite Tools Used Against Activist Despite Russia Sales Ban

Citizen Lab researchers discovered that Russian authorities deployed Cellebrite's UFED forensic software against a jailed opposition activist's iPhone months after the company claimed to halt sales to Russia. The finding raises questions about enforcement of export restrictions and the real-world impact of corporate compliance measures.

Read more

DirtyClone Linux Kernel Flaw Enables Local Root Privilege Escalation

A new Linux kernel vulnerability tracked as CVE-2026-43503 allows local attackers to escalate privileges to root by corrupting file-backed memory through cloned network packets. JFrog Security Research released the first public exploit demonstration, highlighting the severity of this DirtyFrag-family flaw.

Read more