The Hacker News

ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into Spyware

ShadyPanda abused browser extensions for seven years, turning 4.3M installs into a multi-phase surveillance and hijacking ...
Visual Studio Magazine

Threat Actors Keep Weaponizing VS Code Extensions

Threat actors are still abusing Visual Studio Code extensions as an entry point, with the latest fake Prettier incident ...
SecurityWeek

Chrome, Edge Extensions Caught Tracking Users, Creating Backdoors

A threat actor has published over a hundred malicious extensions that can track and profile Chrome and Microsoft Edge users ...

How to Spot a ‘Sleeper’ Browser Extension That’s Actually Malware

Malicious extensions occasionally find their way into the Chrome Web Store (and similar libraries in other browsers) by posing as legitimate add-ons. Some of them only morph into malware after gaining ...