VulnHub

Real-time Cybersecurity News

SquareX and Perplexity Quarrel Over Alleged Comet Browser Vulnerability

SecurityWeek
Vulnerability

Overview

SquareX has alleged a vulnerability in the Comet browser that allows for the execution of local commands through a hidden API, while Perplexity disputes these claims, labeling the research as fake. This disagreement highlights potential security concerns regarding the Comet browser and the credibility of vulnerability disclosures in the cybersecurity community.

Key Takeaways

  • Affected Systems: Comet browser
  • Timeline: Not specified

Original Article Summary

SquareX claims to have found a way to abuse a hidden Comet API to execute local commands, but Perplexity says the research is fake. The post SquareX and Perplexity Quarrel Over Alleged Comet Browser Vulnerability appeared first on SecurityWeek.

Impact

Comet browser

Exploitation Status

The exploitation status is currently unknown. Monitor vendor advisories and security bulletins for updates.

Timeline

Not specified

Remediation

Not specified

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Vulnerability.

Read Original Article

Related Coverage

California probes xAI over Grok's explicit deepfakes

SCM feed for Latest

California Attorney General Rob Bonta is investigating Elon Musk's xAI due to concerns that the Grok AI tool has been used to create and share explicit deepfake images featuring real individuals without their consent. This investigation comes amid growing scrutiny over the ethical implications of AI technologies and their potential to harm individuals by misusing their likenesses. The unauthorized generation of sexualized images raises significant privacy and consent issues, affecting victims who may be unaware that their images are being manipulated and distributed. The outcome of this investigation could set important precedents for how AI tools are regulated and how individuals' rights are protected in the digital age.

Jan 15, 2026

Predator spyware facilitates intelligence gathering from thwarted intrusions

SCM feed for Latest

Recent reports reveal that Intellexa's Predator spyware has advanced self-diagnostic features that allow it to learn from past failed attack attempts. This capability enhances the spyware's effectiveness, making it a significant tool for intelligence gathering. The sophistication of Predator raises concerns about its potential use in cyber espionage, as it can adapt and refine its tactics based on previous intrusions. This is particularly alarming for individuals and organizations that may be targeted, as the spyware can improve its chances of success in future attempts. The implications of such technology are serious, as it could lead to more sophisticated attacks on sensitive information and systems.

Jan 15, 2026

Trump’s cyber chief pick tells lawmakers he’ll assess efficacy of Cybercom-NSA dual-hat role, if confirmed

CyberScoop

In a recent hearing, President Trump's nominee for the position of cybersecurity chief, Rudd, discussed his plans to evaluate the effectiveness of the dual role held by Cyber Command and the National Security Agency (NSA). If confirmed, Rudd aims to provide an objective assessment of how this dual-hat structure impacts cybersecurity operations and national defense strategies. He acknowledged that this topic has been a point of discussion and will continue to be relevant. Rudd's insights could influence future policies regarding cybersecurity governance and operational efficiency within these critical agencies. This assessment is particularly timely given the increasing complexity of cyber threats facing the U.S.

Jan 15, 2026

Grubhub confirms hackers stole data in recent security breach

BleepingComputer

Grubhub has confirmed that it recently experienced a data breach, allowing hackers access to its systems. According to reports, the attackers are now demanding a ransom, which adds a layer of urgency to the situation. The breach affects customer data, although specific details about what information was accessed have not been disclosed. This incident raises concerns about the security measures in place at Grubhub and the potential risk to users' personal information. As food delivery services become increasingly popular, breaches like this can undermine customer trust and highlight the need for better cybersecurity practices across the industry.

Jan 15, 2026

Predator Spyware Sample Indicates 'Vendor-Controlled' C2

darkreading

Researchers have uncovered how Intellexa, the company behind the Predator spyware, adapts its tactics based on failed deployments and unsuccessful attacks. By analyzing these setbacks, Intellexa aims to refine its commercial spyware, making future operations more effective. This raises concerns for privacy advocates and targets who may be vulnerable to such sophisticated surveillance tools. The findings suggest that Predator could be continuously evolving, increasing the risk for individuals and organizations that may be targeted. As spyware technology becomes more advanced, the implications for personal and national security are significant.

Jan 15, 2026

A ransomware attack disrupted operations at South Korean conglomerate Kyowon

Security Affairs

Kyowon Group, a major South Korean conglomerate, has confirmed that it was hit by a ransomware attack that significantly disrupted its operations. This incident may have also compromised customer data, raising concerns about the safety of personal information for millions of users across its various subsidiaries. Kyowon is involved in diverse sectors including education, publishing, media, and technology, making the potential impact of this breach far-reaching. The company is currently working to assess the damage and restore its systems, but the attack underscores the vulnerabilities that large organizations face in today’s digital landscape. This incident serves as a reminder for companies to bolster their cybersecurity measures to protect sensitive data from similar attacks.

Jan 15, 2026