Tag: browser
-
Malicious EditThisCookie Extension Attacking Chrome Users to Steal Data
by
in SecurityNewsThe popular cookie management extension EditThisCookie has been the target of a malicious impersonation. Originally a trusted tool for Chrome users, EditThisCookie allowed users to manage cookie data in their browsers. However, after significant scrutiny, the legitimate version has been removed from the Chrome Web Store, leaving users vulnerable to a fake extension that has…
-
Privacy Roundup: Week 1 of Year 2025
by
in SecurityNews
Tags: access, ai, android, apple, authentication, botnet, breach, browser, business, captcha, chrome, compliance, cve, cybersecurity, data, data-breach, detection, email, encryption, exploit, finance, firmware, flaw, google, group, hacker, healthcare, HIPAA, infrastructure, injection, Internet, law, leak, login, malware, open-source, password, phishing, privacy, router, service, software, threat, tool, update, virus, vulnerabilityThis is a news item roundup of privacy or privacy-related news items for 29 DEC 2024 – 4 JAN 2024. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things overlap; for…
-
Google Chrome is making it easier to share specific parts of long PDFs
by
in SecurityNewsGoogle is adding the Text Fragment feature to its PDF reader to make it easier to share specific parts of long PDFs. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/google/google-chrome-is-making-it-easier-to-share-specific-parts-of-long-pdfs/
-
36 Chrome Extensions Compromised in Supply Chain Attack
by
in SecurityNewsDevelopers Listed as Public Contact Points Targeted in Phishing Campaign. A supply chain attack that subverted legitimate Google Chrome browser extensions to inject data-stealing malware is more widespread than security researchers first suspected. So far researchers have identified 36 subverted extensions collectively used by 2.6 million people. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/36-chrome-extensions-compromised-in-supply-chain-attack-a-27207
-
Schädliche Versionen von zahlreichen Chrome-Erweiterungen in Umlauf
by
in SecurityNewsÜber die Weihnachtstage verschafften sich die Täter Zugriff auf diverse Chrome-Extensions in einigen Fällen sogar schon deutlich früher. First seen on heise.de Jump to article: www.heise.de/news/Nach-Phishing-Angriff-Schaedliche-Erweiterungen-in-Chrome-Web-Store-geschleust-10224745.html
-
LegionLoader Abusing Chrome Extensions To Deliver Infostealer Malware
LegionLoader, a C/C++ downloader malware, first seen in 2019, delivers payloads like malicious Chrome extensions, which can manipulate emails, track browsing, and even transform infected browsers into proxies for attackers, enabling them to browse the web with the victim’s credentials. It has been observed distributing various stealers through Chrome extensions since August 2024, including LummaC2,…
-
Chrome Extension Compromises Highlight Software Supply Challenges
by
in SecurityNewsThe Christmas Eve compromise of data-security firm Cyberhaven’s Chrome extension spotlights the challenges in shoring up third-party software supply chains. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/chrome-extension-compromises-highlight-software-supply-challenges
-
Time to check if you ran any of these 33 malicious Chrome extensions
by
in SecurityNewsTwo separate campaigns have been stealing credentials and browsing history for months. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/01/dozens-of-backdoored-chrome-extensions-discovered-on-2-6-million-devices/
-
Dozens of Chrome extensions hacked in threat campaign
by
in SecurityNewsAlthough data security vendor Cyberhaven disclosed that its Chrome extension was compromised on Dec. 24, additional research suggests the broader campaign could be months older. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366617636/Dozens-of-Chrome-extensions-hacked-in-threat-campaign
-
Millionen Nutzer gefährdet: Schadcode in 36 Chrome-Extensions eingeschleust
Bei den betroffenen Chrome-Erweiterungen handelt es sich um KI-Tools, Passwortmanager, VPNs und mehr. Zusammen kommen sie auf 2,6 Millionen Nutzer. First seen on golem.de Jump to article: www.golem.de/news/millionen-nutzer-gefaehrdet-schadcode-in-36-chrome-extensions-eingeschleust-2501-192093.html
-
35+ Chrome Extensions Compromised: 2.5 Million Users at Risk
by
in SecurityNewsIn a detailed report from Team Axon”, led by Alon Klayman and Uri Kornitzer”, researchers have revealed on a sophisticated First seen on securityonline.info Jump to article: securityonline.info/35-chrome-extensions-compromised-2-5-million-users-at-risk/
-
Hackers target dozens of VPN and AI extensions for Google Chrome to compromise data
by
in SecurityNewsAs of Wednesday, a total of 36 Chrome extensions injected with data-stealing code have been detected, mostly related to artificial intelligence tools and virtual private networks.]]> First seen on therecord.media Jump to article: therecord.media/hackers-target-vpn-ai-extensions-google-chrome-malicious-updates
-
More details on widespread Chrome extension compromise emerge
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/more-details-on-widespread-chrome-extension-compromise-emerge
-
Dozens of Chrome Extensions Hacked, Exposing Millions of Users to Data Theft
by
in SecurityNewsA new attack campaign has targeted known Chrome browser extensions, leading to at least 35 extensions being compromised and exposing over 2.6 million users to data exposure and credential theft.The attack targeted publishers of browser extensions on the Chrome Web Store via a phishing campaign and used their access permissions to insert malicious code into…
-
Exposing the Rogue Cyberheaven Compromised Chrome VPN Extensions Ecosystem An Analysis
Here we go. It appears that the individuals behind the successful compromise of the Cyberheaven VPN Chrome extensions are currently busy or at least have several other upcoming and in the works campaigns targeting several other vendors of Chrome VPN extensions. The first example is hxxp://censortracker.pro which apparently aims to target the legitimate (hxxp://censortracker.org). Relate…
-
Chrome extensions compromised in Christmas Day supply chain attack
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/chrome-extensions-compromised-in-christmas-day-supply-chain-attack
-
New details reveal how hackers hijacked 35 Google Chrome extensions
by
in SecurityNewsNew details have emerged about a phishing campaign targeting Chrome browser extension developers that led to the compromise of at least thirty-five extensions to inject data-stealing code, including those from cybersecurity firm Cyberhaven. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-details-reveal-how-hackers-hijacked-35-google-chrome-extensions/
-
Hacking campaign compromised at least 16 Chrome browser extensions
by
in SecurityNewsThreat actors compromised at least 16 Chrome browser extensions leading to the exposure of data from over 600,000 users. A supply chain attack compromised 16 Chrome browser extensions, exposing over 600,000 users. Threat actors targeted the publishers of the extensions on the Chrome Web Store via phishing messages, then once obtained access to their account…
-
Cyberhaven Chrome Extension Hack Linked to Widening Supply Chain Campaign
by
in SecurityNewsThe recent compromise of Cyberhaven’s Chrome extension appears to be part of a broad campaign that started over a year ago. The post Cyberhaven Chrome Extension Hack Linked to Widening Supply Chain Campaign appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cyberhaven-chrome-extension-hack-linked-to-widening-supply-chain-campaign/
-
News alert: SquareX exposes OAuth attack on Chrome extensions, days before a major breach
Palo Alto, Calif., Dec. 30, 2024, CyberNewswire, SquareX, an industry-first Browser Detection and Response (BDR) solution, leads the way in browser security. About a week ago, SquareX reported large-scale attacks targeting Chrome Extension developers aimed at taking over… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/news-alert-squarex-exposes-oauth-attack-on-chrome-extensions-days-before-a-major-breach/
-
16 Chrome Extensions Hacked in Large-Scale Credential Theft Scheme
by
in SecurityNewsSUMMARY A sophisticated attack campaign has compromised at least 16 Chrome browser extensions, exposing over 600,000 users to… First seen on hackread.com Jump to article: hackread.com/16-chrome-extensions-hacked-credential-theft-scheme/
-
Cyberhaven Hacked Chrome Extension With 400,000 users Compromised
by
in SecurityNewsCyberhaven, a prominent cybersecurity company, disclosed that its Chrome extension With 400,000+ users was targeted in a malicious cyberattack on Christmas Eve 2024, as part of a broader campaign affecting multiple Chrome extension developers. CEO Howard Ting announced the incident in a detailed transparency report, outlining the attack’s scope and the company’s response. The breach…
-
16 Chrome Extensions Hacked, Exposing Over 600,000 Users to Data Theft
by
in SecurityNewsA new attack campaign has targeted known Chrome browser extensions, leading to at least 16 extensions being compromised and exposing over 600,000 users to data exposure and credential theft.The attack targeted publishers of browser extensions on the Chrome Web Store via a phishing campaign and used their access permissions to insert malicious code into legitimate…
-
Cyber firm’s Chrome extension hijacked to steal user passwords
The data-loss startup says it was targeted as part of a “wider campaign to target Chrome extension developers.” First seen on techcrunch.com Jump to article: techcrunch.com/2024/12/27/cyberhaven-says-it-was-hacked-to-publish-a-malicious-update-to-its-chrome-extension/
-
Cyberhaven says it was hacked to publish a malicious update to its Chrome extension
The data-loss startup says it was targeted as part of a “wider campaign to target Chrome extension developers.” First seen on techcrunch.com Jump to article: techcrunch.com/2024/12/27/cyberhaven-says-it-was-hacked-to-publish-a-malicious-update-to-its-chrome-extension/
-
Cybersecurity firm’s Chrome extension hijacked to steal users’ data
by
in SecurityNewsAt least five Chrome extensions were compromised in a coordinated attack where a threat actor injected code that steals sensitive information from users. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cybersecurity-firms-chrome-extension-hijacked-to-steal-users-data/
-
Cyber startup employee hacked to distribute malicious Chrome extension
by
in SecurityNewsCybersecurity startup Cyberhaven, which specializes in insider threats, said it is investigating a hack of a single administrative account that spread a malicious version of its Google Chrome browser extension.]]> First seen on therecord.media Jump to article: therecord.media/cyberhaven-hack-google-chrome-extension
-
Cyberhaven Chrome Extension Compromised in Targeted Attack
by
in SecurityNewsOn December 24, 2024, at approximately 5:24 PM UTC, Cyberhaven experienced a sophisticated and targeted attack. According to an official statement from the company, the attacker successfully gained access to... First seen on securityonline.info Jump to article: securityonline.info/cyberhaven-chrome-extension-compromised-in-targeted-attack/