The Hacker News

Browser Extensions Are the New AI Consumption Channel That No One Is Talking About

AI browser extensions increase enterprise risk with 60% higher vulnerabilities, bypassing DLP controls and exposing sensitive ...

"ClickFix" attacks on macOS now also via Script Editor

An ongoing malware campaign is using Apple's Script Editor instead of the Terminal to inject the Atomic Stealer data thief onto Macs.

LinkedIn scanning users’ browser extensions sparks controversy and two lawsuits

LinkedIn is facing two lawsuits over its practice of scanning users’ browsers to determine which extensions they’re running. Two class action complaints were filed by different law firms on behalf of ...
Bleeping Computer

LinkedIn secretly scans for 6,000+ Chrome extensions, collects data

A new report dubbed "BrowserGate" warns that Microsoft's LinkedIn is using hidden JavaScript scripts on its website to scan visitors' browsers for installed extensions and collect device data.

How A Roblox Cheat Download Triggered A $2 Million Hack At Vercel

How A Roblox Cheat Triggered A $2 Million Breach At Vercel. Why The Vercel Incident Changes The Economics Of Enterprise AI ...
Computer Weekly

April Patch Tuesday brings zero-days in Defender, SharePoint Server

The latest monthly Patch Tuesday update from Microsoft landed earlier on 14 April, including two notable zero-day flaws amid ...
SecurityWeek

100 Chrome Extensions Steal User Data, Create Backdoor

Over 100 Chrome extensions sharing C&C infrastructure were seen stealing user data, injecting ads, and containing a backdoor.
CSO Online

Malicious pgserve, automagik developer tools found in npm registry

Fake packages aim to steal data, credentials, and secrets, and to infect every package created using them, in what could be ...
Newsshooter

Lightcraft Technology Spark Story

Lightcraft Technology's upcoming Spark Story is a rapid virtual shot system designed to help filmmakers start workshopping ...
Communications of the ACM

Subscription Bombing: Email under Attack

Email subscription bombing (also known as subscription flooding or email spam bombing) is an attack technique that overwhelms ...

Hundreds of orgs compromised daily in Microsoft device code phishing attacks

Hundreds of organizations have been compromised daily by a Microsoft device-code phishing campaign that uses AI and automation at nearly every stage of the attack chain to ultimately snoop through ...