108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users

Blog

Byadmblake April 14, 2026

Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-and-control (C2) infrastructure with the goal of collecting user data and enabling browser-level abuse by injecting ads and arbitrary JavaScript code into every web page visited. According to Socket, the extensions are…

Blog

How Hackers Make Salesforce More Secure in the Agentic AI Era

Post Content

Read More How Hackers Make Salesforce More Secure in the Agentic AI Era
Blog

TA446 Deploys Leaked DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign

Proofpoint has disclosed details of a targeted email campaign in which threat actors with ties to Russia are leveraging the recently disclosed DarkSword exploit kit to target iOS devices. The activity has been attributed with high confidence to the Russian state-sponsored threat group known as TA446, which is also tracked by the broader cybersecurity community…

Read More TA446 Deploys Leaked DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign
Blog

AI Agents Are Becoming Privilege Escalation Paths

AI agents have quickly moved from experimental tools to core components of daily workflows across security, engineering, IT, and operations. What began as individual productivity aids, like personal code assistants, chatbots, and copilots, has evolved into shared, organization-wide agents embedded in critical processes. These agents can orchestrate workflows across multiple systems, for example:

Read More AI Agents Are Becoming Privilege Escalation Paths
Blog

Critical React Flaw Triggers Calls for Immediate Action

The vulnerability, which was assigned two CVEs with maximum CVSS scores of 10, may affect more than a third of cloud service providers.

Read More Critical React Flaw Triggers Calls for Immediate Action
Blog

CERT-UA Discovers LAMEHUG Malware Linked to APT28, Using LLM for Phishing Campaign

The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a phishing campaign that’s designed to deliver a malware codenamed LAMEHUG. “An obvious feature of LAMEHUG is the use of LLM (large language model), used to generate commands based on their textual representation (description),” CERT-UA said in a Thursday advisory. The activity has…

Read More CERT-UA Discovers LAMEHUG Malware Linked to APT28, Using LLM for Phishing Campaign
Blog

10 Critical Network Pentest Findings IT Teams Overlook

After conducting over 10,000 automated internal network penetration tests last year, vPenTest has uncovered a troubling reality that many businesses still have critical security gaps that attackers can easily exploit. Organizations often assume that firewalls, endpoint protection, and SIEMs are enough to keep them secure. But how effective are these defenses when put to the…

Read More 10 Critical Network Pentest Findings IT Teams Overlook

Related