Hundreds of popular add‑ons used encrypted, URL‑sized payloads to send search queries, referrers, and timestamps to outside servers, in some cases tied to data brokers and unknown operators.

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...

Security experts have uncovered a number of dangerous extensions for the Chrome browser. A total of 30 extensions belonging ...

Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions that are advertised as artificial intelligence (AI)-powered coding assistants, but also harbor ...

Using Browser Extensions to Translate or Download Videos? Better Check They're Not One of These 17 Malicious Add-Ons Cybersecurity firm LayerX uncovers 17 malicious extensions that can enable click ...

A fresh variant of the ClickFix attack relies on a malicious Chrome extension to display a security warning and lure victims into executing unwanted commands to install malware, Huntress reports.

Cybersecurity researchers have disclosed details of an ongoing campaign dubbed KongTuke that used a malicious Google Chrome extension masquerading as an ad blocker to deliberately crash the web ...

Another set of 17 malicious extensions linked to the GhostPoster campaign has been discovered in Chrome, Firefox, and Edge stores, where they accumulated a total of 840,000 installations. The ...