Malicious Google Chrome extensions hijack accounts

Malicious Chrome extensions steal login data by impersonating Workday, NetSuite and SAP SuccessFactors platforms, cybersecurity researchers say.
SecurityWeek

Malicious Chrome Extension Crashes Browser in ClickFix Variant ‘CrashFix’

ClickFix variant CrashFix relies on a malicious Chrome extension to crash the browser and trick victims into installing the ...
Security Boulevard

LayerX Discovers Malicious Chrome Extensions Stealing ChatGPT Accounts

The threat of malicious Chrome browser extensions raises its ugly head again, this time against ChatGPT users, LayerX says.
Threat Post

Thousands of Malicious npm Packages Threaten Web Apps

Attackers increasingly are using malicious JavaScript packages to steal data, engage in cryptojacking and unleash botnets, offering a wide supply-chain attack surface for threat actors. More than ...
Krebs on Security

Calendar Meeting Links Used to Spread Mac Malware

Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the target’s calendar at Calendly, a popular application for scheduling appointments and ...
Bleeping Computer

Malicious Microsoft VSCode extensions target devs, crypto community

Malicious Visual Studio Code extensions were discovered on the VSCode marketplace that download heavily obfuscated PowerShell payloads to target developers and cryptocurrency projects in supply chain ...
Bleeping Computer

Malicious ‘Lolip0p’ PyPi packages install info-stealing malware

A threat actor has uploaded to the PyPI (Python Package Index) repository three malicious packages that carry code to drop info-stealing malware on developers' systems. The malicious packages, ...
Ars Technica

Backdoor found in widely used Linux utility targets encrypted SSH connections

Researchers have found a malicious backdoor in a compression tool that made its way into widely used Linux distributions, including those from Red Hat and Debian. Because the backdoor was discovered ...