Until last month, attackers could've stolen info from Perplexity Comet users just by sending a calendar invite

AI browsing agent left local files open for the taking If you wanted to steal local files from someone using Perplexity's ...
Morningstar

Zenity Labs Discloses PleaseFix Vulnerability Family in Perplexity Comet and Other Agentic Browsers

Vulnerabilities allow zero-click agent hijacking, local file exfiltration and credential theft within agent-authorized workflows, including 1Password Zenity Labs ...
NextBigFuture

Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers

SquareX released critical research exposing a hidden API in Comet that allows extensions in the AI Browser to execute local commands and gain full control over users’ devices. The research reveals ...
Hosted on MSN

Researchers flag Comet browser flaws that could enable hijacks

Security researchers are warning that design flaws in the Comet web browser could let attackers quietly take over user sessions, inject malicious content, and potentially pivot into broader account ...
MarketWatch

Zenity Labs Discloses PleaseFix Vulnerability Family in Perplexity Comet and Other Agentic Browsers

Zenity Labs today disclosed PleaseFix, a family of critical vulnerabilities affecting agentic browsers, including Perplexity Comet, that allow attackers to silently ...

Zenity Labs Discloses PleaseFix Vulnerability Family in Perplexity Comet and Other Agentic Browsers

Vulnerabilities allow zero-click agent hijacking, local file exfiltration and credential theft within agent-authorized workflows, including 1PasswordNEW YORK--(BUSINESS ...