#ExtensionSecurity

Manuel Bissey

@mbissey.bsky.social

1 month ago

Beware! Fake ChatGPT browser extensions are stealing your login credentials If you've installed a browser extension to enhance your ChatGPT experience, you might want to think again.

Fake ChatGPT browser extensions are stealing login credentials — AI hype is being weaponized to hijack accounts. Install less, verify more. 🧩⚠️ #ExtensionSecurity #CredentialTheft

buff.ly/iIQlF5G

@techlife-blog.bsky.social

2 months ago

AI-Powered Code Editors Could Have Become Malware Delivery Machines: Here's What Happened Security researchers discover that popular AI coding tools like Cursor and Windsurf were vulnerable to a sneaky supply chain attack through fake extension recommendations

AI-Powered Code Editors Could Have Become Malware Delivery Machines: Here's What Happened

techlife.blog/posts/vscode...

#VSCode #Cursor #Windsurf #OpenVSX #SupplyChainAttack #ExtensionSecurity #DeveloperTools #Cybersecurity

Manuel Bissey

@mbissey.bsky.social

2 months ago

Two Chrome Extensions Caught Secretly Stealing Credentials from Over 170 Sites Two Chrome Extensions Caught Secretly Stealing Credentials from Over 170 Sites | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and…

Two Chrome extensions were caught secretly collecting user data — privacy threats don’t always look malicious. Scrutinize what you install. 🧩🔍 #BrowserPrivacy #ExtensionSecurity

CyberMaterial

@cybermaterial.bsky.social

2 months ago

GhostPoster Malware Hits Firefox Addons
Read More: buff.ly/XrBjCtk

#Cybersecurity #Malware #BrowserSecurity #Firefox #SupplyChainAttack #AdFraud #Infosec #ExtensionSecurity #ThreatIntel

Checkmarx Zero

@checkmarxzero.bsky.social

3 months ago

And of course, as always, we appreciate the support of Microsoft and OpenVSX, both of whom responded promptly and professionally.

#SupplyChainSecurity #MaliciousPackages #DeveloperSecurity #SoftwareSupplyChain #ExtensionSecurity #VisualStudioCode

Checkmarx Zero

@checkmarxzero.bsky.social

3 months ago

Taking Down More Malicious VSCode Extensions in the 'Prettier' Campaign - Checkmarx As adversaries improve their tactics for getting malicious content into the Visual Studio Code Marketplace and Open VSX, Checkmarx Zero continues to defend the community. Here's the latest…

We took down 6 more malicious #VSCode packages that seem to be an evolved brandjacking attack similar the attack on Prettier we previously took down.

List of extensions and additional info: buff.ly/wxviY9d

#SupplyChainSecurity #DeveloperSecurity #ExtensionSecurity #VisualStudioCode

Manuel Bissey

@mbissey.bsky.social

3 months ago

ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into Spyware ShadyPanda abused browser extensions for seven years, turning 4.3M installs into a multi-phase surveillance and hijacking campaign.

ShadyPanda is hijacking popular browser extensions to spy on users — turning everyday tools into covert surveillance channels. Trust no add-on without validation. 🧩🕵️‍♂️ #ExtensionSecurity #MalwareCampaign

Manuel Bissey

@mbissey.bsky.social

3 months ago

ShadyPanda browser extensions amass 4.3M installs in malicious campaign A long-running malware operation known as "ShadyPanda" has amassed over 4.3 million installations of seemingly legitimate Chrome and Edge browser extensions that evolved into malware.

ShadyPanda extensions racked up 43M installs — turning convenience into mass surveillance. Even “helpful” add-ons can hide hostile code. 🧩⚠️ #ExtensionSecurity #MalwareCampaign