Researchers found malicious VS Code extensions and Go, npm, and Rust packages stealing developer data via hidden payloads and exfiltration.

Two malicious extensions on Microsoft's Visual Studio Code Marketplace infect developers' machines with information-stealing ...

Malicious Chrome and Edge extensions that once looked harmless have quietly turned into a sprawling spyware operation, ...

Chrome 143 fixes 13 security vulnerabilities, including four high-severity flaws, in a December desktop update rolling out to ...

ShadyPanda spent seven years uploading trusted Chrome and Edge extensions, later weaponizing them for tracking, hijacking, and remote code execution. Learn how the campaign unfolded.

According to researchers at cybersecurity firm Koi, a China-based hacking syndicate known as ShadyPanda is actively ...

A threat group dubbed ShadyPanda exploited traditional extension processes in browser marketplaces by uploading legitimate extensions and then quietly weaponization them with malicious updates, ...

The list shows just how important extensions are becoming to Chrome. Instead of simply letting you browse, Google is aiming to make Chrome your hub for everything online. You can find these extensions ...

Millions of users have been affected by a spyware campaign that has hijacked popular browser extensions. Here’s how it works and how to stay safe.

In 2025, Chrome behaves more like an AI-powered operating system, with extensions driving most of the upgrades.

Despite pressure from platforms that increasingly optimise for Chromium-first rendering behaviours, Mozilla’s browser has continued refining its core engine to remain competitive on speed and ...

A browser extension attack that went undetected for years has affected millions of Google Chrome and Microsoft Edge users.