9to5Mac

Developer creates tool that shows injected JavaScript commands through an in-app browser

A few days ago, developer Felix Krause shared a detailed report on how mobile apps can use their own in-app web browser to track user data. Now Krause is back with a new tool that lets anyone see ...
TechCrunch

TikTok’s in-app browser could be keylogging, privacy analysis warns

‘Beware in-app browsers’ is a good rule of thumb for any privacy conscious mobile app user — given the potential for an app to leverage its hold on user attention to snoop on what you’re looking at ...
CSOonline

Rogue MCP servers can take over Cursor’s built-in browser

A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser — and potentially leverage the IDE’s privileges to perform system tasks.
Threat Post

Browser-in-the-Browser Attack Makes Phishing Nearly Invisible

Can we trust web browsers to protect us, even if they say “https?” Not with the novel BitB attack, which fakes popup SSO windows to phish away credentials for Google, Facebook and Microsoft, et al.