A fake Perplexity extension in Chrome completely redirected user inputs and search queries to an attacker-controlled server before forwarding the requests.
A widely distributed YouTube ad blocker extension with over 10 million downloads can be abused through server-side configuration to execute arbitrary malicious code without evidence of active abuse to date.
A widely distributed YouTube ad blocker extension can inject arbitrary JavaScript code into any website through its architecture, posing significant security risks for networks using this extension.
A widely used YouTube ad blocker extension possesses the capability to execute arbitrary JavaScript code, presenting a significant security risk to its large user base.
Leaked GitHub tokens at Novo Nordisk demonstrate that secrets management must be properly addressed as an identity problem, not merely as a tooling challenge.
Klue Battlecards is the third compromised Salesforce-integrated app through which customer data has been stolen; victims include cybersecurity firm Huntress.
Despite its 2026 fork, the European Euro-Office Consortium failed to achieve independence from Russian OnlyOffice code and continued integrating its changes instead of developing its own.
