Exploits

Perplexity Quietly Disables Hidden Comet API After Researchers Show It Enables Local Command Execution

SquareX says a concealed device-control interface let Comet’s built-in extensions bypass sandboxing until a silent post-report update disabled it.