A malicious extension campaign hit 4.3M users. See how ShadyPanda worked and the steps you should take to protect your browser and data.

Google’s new Developer Assistant lets advertisers and developers use plain language to generate, run, and export Google Ads ...

Researchers found malicious VS Code extensions and Go, npm, and Rust packages stealing developer data via hidden payloads and exfiltration.

Two malicious extensions on Microsoft's Visual Studio Code Marketplace infect developers' machines with information-stealing ...

Browser extensions can turn bad. As Koi Security outlines, ShadyPanda started out as an affiliate scam, with 145 extensions ...

Malicious Chrome and Edge extensions that once looked harmless have quietly turned into a sprawling spyware operation, ...

Chrome 143 fixes 13 security vulnerabilities, including four high-severity flaws, in a December desktop update rolling out to ...

ShadyPanda spent seven years uploading trusted Chrome and Edge extensions, later weaponizing them for tracking, hijacking, and remote code execution. Learn how the campaign unfolded.

According to researchers at cybersecurity firm Koi, a China-based hacking syndicate known as ShadyPanda is actively ...

A threat group dubbed ShadyPanda exploited traditional extension processes in browser marketplaces by uploading legitimate extensions and then quietly weaponization them with malicious updates, ...

The list shows just how important extensions are becoming to Chrome. Instead of simply letting you browse, Google is aiming to make Chrome your hub for everything online. You can find these extensions ...

Millions of users have been affected by a spyware campaign that has hijacked popular browser extensions. Here’s how it works and how to stay safe.