Attacks on popular AI brands exploit rapid employee trust in new productivity tools and create a governance blind spot in browser extension management.
A fake Perplexity extension in Chrome completely redirected user inputs and search queries to an attacker-controlled server before forwarding the requests.
2.6 million Microsoft Edge users were exposed to malware in 119 hidden browser add-ons – a failure of marketplace validation processes with direct implications for enterprise-wide endpoint controls.
Microsoft removed a steganography-based adware network (StegoAd) consisting of 119 extensions that had been active since at least 2021 and concealed malware payloads in images and fonts.
A new ClickFix campaign automates malware downloads on macOS entirely through terminal commands, with Atomic macOS Stealer stealing passwords, browser data, and cryptocurrency wallet holdings.
The Mistic backdoor is being deployed by ransomware access broker KongTuke in targeted attacks against insurance companies, educational institutions, and IT firms.
Attackers deploy a Golang-based sniffer on 430,000 compromised FortiGate firewalls to harvest 110 million credentials, transforming critical security devices into reconnaissance instruments.
