You won't have to switch to a browser as often.

Ransomware criminals exploited CVE-2026-20131, a maximum-severity bug in Cisco Secure Firewall Management Center software, as a zero-day vulnerability more than a month before Cisco patched the hole, ...

An extension I used almost every day was bought by a new owner and loaded up with spyware. It happened in 2024, but Google ...

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

Do you use the Chrome extension "Save image as Type?" If so, you are one of more than one million users who woke up this morning to find out that Google has disabled the extension in your Chrome web ...

How can an extension change hands with no oversight?

The campaign, observed in February 2026, has been assessed to share overlaps with a prior campaign mounted by Laundry Bear, a group tracked by Microsoft as Void Blizzard.

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...

DRILLAPP JavaScript backdoor targets Ukraine in Feb 2026, abusing Edge debugging features to spy via camera, microphone, and ...

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.

This story was originally published by Mountain State Spotlight. Get stories like this delivered to your email inbox once a week; sign up for the free newsletter at mountainstatespotlight.org/newslett ...

New ClickFix variant maps WebDAV drive to run trojanized WorkFlowy app, enabling stealth C2 beacon and payload delivery.