Recent research from Graz University of Technology has unveiled a new attack vector known as FROST, which enables malicious websites to discern user behavior by monitoring SSD timing through JavaScript. This method does not require native code, browser extensions, or permission prompts, making it a stealthy and easily deployable technique. By simply opening a malicious webpage and leaving it active, the attack exploits background drive contention to infer which sites and applications are being accessed by the user, potentially compromising user privacy on a broad scale.
For businesses, the FROST attack underscores the necessity of enhancing browser security measures and user education regarding potential online threats. Companies must be vigilant in implementing robust cybersecurity practices, including regular software updates and user awareness training, to mitigate risks associated with such novel tracking methods. The implications for the cybersecurity landscape are profound, as this attack exemplifies the evolving tactics used by cybercriminals to harvest sensitive information. As reliance on web applications and SSDs increases, understanding and countering these types of attacks will be critical for maintaining user trust and safeguarding digital assets.
---
*Originally reported by [The Hacker News](https://thehackernews.com/2026/06/new-frost-attack-lets-websites-track.html)*