Modern browsers have come a long way from rendering marked-up text to being used as a runtime for client applications. Many of the modern APIs require explicit user consent (e.g. when accessing Bluetooth, USB devices, location or local files) while others are allowed by default. As security researchers we are always interested in the worst-case … Continue reading Abusing Modern Browser Features for Phishing