Daily Security Briefing 030

October 4, 2025 | Read Online

CometJacking exploits, Palo Alto portals under heavy scan attack, Discord breach steals user data

Executive Summary

Cybersecurity threats are escalating with new and sophisticated attack methods emerging. The CometJacking vulnerability exposes AI browser users to prompt injection attacks that can siphon sensitive information through a single click. Additionally, Palo Alto Networks portals have seen an unprecedented surge in scanning activity, indicating targeted reconnaissance likely preparing for more advanced intrusions. Data breaches continue to pose risks, highlighted by a recent incident where hackers accessed Discord support tickets and compromised user identities. Meanwhile, AI development updates from OpenAI and new commercial AI browsers suggest growing integration of AI into everyday tools, raising fresh security and privacy considerations.

Top Articles

CometJacking: One Click Can Turn Perplexity’s Comet AI Browser Into a Data Thief
Researchers revealed CometJacking, a novel attack targeting Perplexity’s Comet AI browser via malicious prompt injection in seemingly harmless links. This method enables attackers to extract sensitive data, including from connected email and calendar services, with just one click. The stealthy nature of the exploit raises concerns about the security of agentic AI interfaces.
The Hacker News

Massive Surge in Scans Targeting Palo Alto Networks Login Portals
Threat intelligence firm GreyNoise observed a 500% spike in scanning activity directed at Palo Alto Networks login portals on October 3rd, marking the highest level in three months. This surge appears highly structured and targeted, likely indicating preparations for credential theft or exploitation attempts. The activity underscores an ongoing focus by attackers on critical network infrastructure.
The Hacker News | BleepingComputer

Discord Discloses Data Breach After Hackers Steal Support Tickets
Discord confirmed a breach involving a third-party customer service vendor, resulting in theft of partial payment data and personally identifiable information, including government-issued IDs from affected users. The incident demonstrates growing risks linked to third-party integrations and the challenge of safeguarding customer support data.
BleepingComputer

Leaked Apple iPad Pro M5 Benchmark Shows Massive Improvements
A leaked benchmark of Apple’s rumored M5 chip for the iPad Pro reveals performance levels approaching those of desktop CPUs. This advancement suggests significant leaps in mobile computing power, potentially impacting security-related applications and encryption performance on mobile devices.
BleepingComputer

OpenAI Expands AI Capabilities and Reach with New Product Updates
OpenAI introduced the GPT Codex Alpha offering early access to advanced coding AI models, alongside plans to roll out a lower-cost ChatGPT “Go” subscription in multiple new countries. Additionally, leaks indicate direct messages support in ChatGPT social features and enhanced emotional support capabilities in GPT-5. These developments reflect OpenAI’s commitment to diversifying AI applications, with implications for user privacy and security protocols.
BleepingComputer | BleepingComputer | BleepingComputer | BleepingComputer

Opera Introduces AI Browser Subscription at $19.90 per Month
Opera launched Opera Neon, a new AI-centric browser designed to manage tabs and browsing activities using artificial intelligence. The service is subscription-based at $19.90 per month, signaling new monetization approaches in AI-enhanced browsing experiences, which could raise questions about user data handling and privacy protections.
BleepingComputer

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.