Malicious browser extensions hit 4.3M users

Malicious Chrome and Edge extensions collected browsing history, keystrokes and personal data from millions of users before ...

Google turns Chrome into a native AI browser with Gemini-powered tools

Google is rolling out a massive upgrade to Chrome on desktop, integrating Gemini AI and native AI Mode tools directly into ...
The Hacker News

Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data

Researchers found malicious VS Code extensions and Go, npm, and Rust packages stealing developer data via hidden payloads and exfiltration.

Malicious VSCode extensions on Microsoft's registry drop infostealers

Two malicious extensions on Microsoft's Visual Studio Code Marketplace infect developers' machines with information-stealing ...

How to spot a ‘sleeper’ browser extension that’s actually malware

Browser extensions can turn bad. As Koi Security outlines, ShadyPanda started out as an affiliate scam, with 145 extensions ...
Visual Studio Magazine

Threat Actors Keep Weaponizing VS Code Extensions

Threat actors are still abusing Visual Studio Code extensions as an entry point, with the latest fake Prettier incident ...
Morning Overview on MSN

Chrome and Edge extensions went rogue and hit 4M+ devices

Malicious Chrome and Edge extensions that once looked harmless have quietly turned into a sprawling spyware operation, ...

Google Rolls Out Chrome 143 Update for Billions Worldwide

Chrome 143 fixes 13 security vulnerabilities, including four high-severity flaws, in a December desktop update rolling out to ...
Security Boulevard

ShadyPanda Takes its Time to Weaponize Legitimate Extensions

ShadyPanda spent seven years uploading trusted Chrome and Edge extensions, later weaponizing them for tracking, hijacking, and remote code execution. Learn how the campaign unfolded.