Fetching from the wire…
Public story · 2026-03-11 · source-backed
Zenity Labs disclosed a family of critical vulnerabilities in Perplexity Comet and other agentic browsers. Two exploit paths via indirect prompt injection: (1) zero-click compromise via calendar invites granting file system access; (2) agent privilege assumption enabling 1Password vault theft. PleaseFix evolves the ClickFix social engineering technique — tricks agents instead of humans. Zenity Labs
Each link below shares sources, entities, or timing with this story.
Zenity Labs released PleaseFix / Shared entities / Same source / Shared topic / What happened next
Linked by a graph relationship (Zenity Labs released PleaseFix); both cover Perplexity Comet, PleaseFix, Zenity Labs, Zero; cite the same source (Zenity Labs).
Linked by a graph relationship (Zenity Labs released PleaseFix); both cover PleaseFix, Zero; cite the same source (Zenity Labs).
Zenity Labs released PleaseFix / Shared entity: Zenity Labs / Same source / What happened next
Linked by a graph relationship (Zenity Labs released PleaseFix); both cover Zenity Labs; cite the same source (Zenity Labs).
Shared entity: Zero / Shared topic / Earlier coverage
Both cover Zero; overlapping topics (access, calendar, compromise, zero-click); earlier Zero coverage from 2026-03-01.
Shared entity: Zero / Shared topic / What happened next / Tension
Both cover Zero; overlapping topics (access, agent); picks up the Zero thread on 2026-03-18.
Shared entity: Zero / Shared topic / Earlier coverage / Tension
Both cover Zero; overlapping topics (agent, agentic); earlier Zero coverage from 2026-03-08.
Both cover Zero; overlapping topics (agent, critical); earlier Zero coverage from 2026-02-17.
Shared entity: Zero / Shared topic / Earlier coverage
Both cover Zero; overlapping topics (agent, disclosed, zero-click); earlier Zero coverage from 2026-03-01.