Follow ZDNET: Add us as a favorite source On Google.
ZDNET Highlights
- Nearly half of all cybersecurity incidents involve browser activity.
- Attack vectors include malicious links, credential-harvesting scripts, and content injection.
- Following these key best practices will help you stay safe online.
New research has revealed that web browsers are one of the top targets of today’s cybercriminals, playing a role in nearly half of all security incidents.
according to palo alto network 2026 global incident response reportAn analysis of 750 major cyber incidents recorded in 50 countries last year revealed that overall 48% of cyber crime incidents involved browser activity.
Individuals attempting to connect to the web, including business employees, face cyber threats on a daily basis, and it only takes one successful intrusion or malicious download for serious consequences such as surveillance, data theft, ransomware infection or financial damage.
Too: Are AI Browsers Worth the Security Risk? Why are experts worried?
Palo Alto Networks security researchers have listed some of the most common threats we encounter through our browsers today – phishing and malicious links, credential-harvesting pages, fake websites, and even clickfix, a sneaky early access method that tricks you into accidentally performing malicious actions through fake online instructions or alerts.
As our browsers – these ubiquitous applications for accessing the Internet – have become security minefields, it’s a good time to review some best practices for staying safe online – as well as other measures you can take to reduce the risk of becoming a cyber victim.
Here are 10 things you can do to protect yourself.
1. Keep your browser updated
This may seem like basic advice, but how many times have we all thought, “Oh, I’ll accept the updates later,” and then never did? Still, accepting software updates is your first and most important line of defense against having your browser compromised by intrusions or malware. Accept updates as they become available, as they will almost always include fixes for vulnerabilities and bugs.
2. Check the URL and see the padlock
If a website is HTTP-only rather than HTTPS, the communication between your browser and the website is not secure or encrypted, allowing anyone to read and analyze the traffic and potentially insert themselves via a man-in-the-middle attack.
If you browse these domains, you may be at risk of malware, scams and malware, and you may lose your data if you are performing tasks such as submitting personal information or attempting to make a purchase. While HTTP-only websites are safe enough to browse and view – and some browsers will now try to automatically upgrade HTTP to HTTP when possible – you should never give them any personal information or financial data.
Also: Your home Wi-Fi isn’t as private as it should be – 6 free ways to lock it down
If you’re visiting a new website, look for a lock in your address bar and HTTPS in the website address. On some browsers, you may not see the padlock, and the URLs may be shorter, but you will still be warned when you are visiting an unsafe site.
If your browser supports DNS-over-HTTPS, you should also consider enabling it if available, as it hides your activity from ISPs. This may appear as Secure DNS in your browser settings, such as Google Chrome.
3. Sign up for a password manager
When possible, avoid in-browser password managers and instead opt for a standalone password and credential management service.
Why? Because if your browser is compromised, your entire safe may be affected. What’s more, credential management is often just a bolt-on, while a standalone password manager is just that – and its reputation depends on being secure, encrypted, and protected against the latest threats.
Also: Best Password Managers of 2026: Expert-Tested
4. Use an ad blocker
To reduce tracking and potential pop-ups that may deliver you malware or ClickFix scripts, explore ad blockers to strengthen your browser’s security. They can significantly improve your browsing experience, speed up page loading times and reduce website fingerprinting. We have a guide on the best ad blockers available; one of my current favorites ghosts.
Also: Best Ad Blockers: Clean Up Your Browsing Experience
5. Try Private or Incognito Mode
Most browsers will offer a private or incognito mode. These alternative browser windows are intended to reduce your susceptibility to tracking by not saving logs of your website visits or searches performed in your browser, which can reduce targeted advertising rates and improve your privacy, especially if you are on a shared computer.
They’re a minor improvement, not a security miracle. These windows only prevent data from being saved locally, and they won’t prevent other parties – such as your ISP – from seeing what you’re doing online. Still, you should know that they exist.
6. Switch to an anonymous search engine
A popular search engine alternative to Google or Bing is duckduckgoWhich bills itself as a privacy-first service. DuckDuckGo does not collect user data or track users across the web, nor will it save your search history or sell your activities to marketers, all of which may lead to targeted advertising. Cookie pop-ups and trackers are also blocked by default.
It is popular enough to be expanded into a full browser, and you should consider using it to keep your queries out of the hands of third parties.
Also: If you want online privacy, try this popular Google alternative
An easy change to your existing browser experience is to visit this service and set it as your default search engine. I did this and I recommend you do the same.
7. Install a VPN
A Virtual Private Network (VPN) is software that encrypts your online communications, hides your IP address, and conceals your online activity.
VPNs can be used for a variety of purposes, including unblocking geo-locked content and avoiding ISP-based throttling, but their main benefit is as a privacy tool when browsing the web. Through encryption, VPNs help prevent third-party profiling and spying and this is important if you have to use untrusted public Wi-Fi hotspots.
Also: Best VPN Services 2026: Expert Tested and Recommended
Some of the best VPNs available include NordVPN, ExpressVPN, and Surfshark.
8. Use a more secure browser
To avoid tracking, monitoring, data collection, and security vulnerabilities, switch to a browser known for its strong security.
Secure browsers place utmost emphasis on user security and privacy. They are created by developers who actively try to prevent attempts to track you using methods including default anonymous search engine integration, blocking third-party trackers, strict cookie policies, downgrading unsecured HTTPS connections, using IP-masking server relays, and preventing browser fingerprinting.
Our top picks right now include Brave, Tor, and DuckDuckGo.
Too: Stay anonymous online with these anti-tracking browsers
9. Use Tor to stay hidden
The Tor browser uses the Onion network to hide traffic, re-routing your requests through nodes that hide your IP address and make tracking much more difficult.
Since your traffic is routed through intermediary nodes, it will not be as fast as a normal web browser. Furthermore, its high level of security and anti-tracking technologies means that some websites may not display correctly, especially if they are loaded with scripts.
Also: Why Incognito Mode Isn’t the Most Private Way to Browse the Web (Instead of This)
These issues aside, Tor is a great way to browse the web without exposing yourself or your data. You must use a VPN, download Software, and connect. If you want to visit a specific website, you may need to know its .onion address.
10. Beware of AI browsers
Finally, be wary of any browser focused on AI. AI browsers like Atlas and Comet are powerful and hold great potential, but they have also created a new attack surface for cybercriminals to exploit.
One of the main issues affecting AI browsers right now – and without a clear solution beyond hardening large language models (LLM) – are instant injection attacks. These attacks, whether direct or indirect, force the LLM to act maliciously. For example, an instruction hidden in a web page or URL could make its way into an AI browser chat assistant, causing your data to be exposed or stolen.
Also: I’m Testing the Top AI Browsers – Here’s Which Browsers Really Impressed Me
If you’re using it, keep personal data sharing to a minimum. AI chatbots are useful, but that doesn’t mean they’re safe.
