Find notable cyber news and cases, enriched with sources, timelines, and signals.

Browser extension risk reduction guidance for credential theft and SaaS compromise

Defensive Guidance
First reported
Last updated
Happening score
H score 20
1 unique sources, 1 articles

Summary

Hide ▲

A new browser-extension hardening playbook recommends allow lists, permission audits, monitoring, and staged updates to cut credential theft and SaaS compromise risk. It treats browser add-ons as part of the organization's identity and cloud attack surface, not just endpoint software. The guidance matters because silent extension updates can turn a trusted add-on into a stealthy access path without users noticing.

Related Happenings

Silent Swap browser-extension clipboard clipper

Malware Activity
H score36 First: 30.06.2026 18:40 Last: 30.06.2026 18:40 Sources 1

About this happening: The **Silent Swap** malware activity now **installs malicious Chromium extensions** that intercept copied wallet addresses and **reroute cryptocurrency transfers** to attacker-con...

Search for perplexity ai malicious Chrome extension

Malware Activity
H score29 First: 29.06.2026 21:40 Last: 29.06.2026 21:40 Sources 1

About this happening: A malicious **Chrome extension** named **Search for perplexity ai** impersonated **Perplexity AI** while **intercepting search traffic** and collecting **browsing information** th...

StegoAd malicious Edge extension operation

Malware Activity
H score19 First: 29.06.2026 11:32 Last: 29.06.2026 11:32 Sources 1

About this happening: The **StegoAd** operation was removed from the **Edge Add-ons store** after hiding payloads in images and fonts, stealing credentials, and driving **ad fraud** across installs tha...

Dormant remote-controlled JavaScript injection path in Adblock for YouTube Chrome extension

Technical Analysis
H score23 First: 25.06.2026 17:12 Last: 25.06.2026 17:12 Sources 1

About this happening: A **Chrome extension** with **10 million+ installs** was found to carry a **dormant script-injection path**, raising the risk of **arbitrary JavaScript execution** across visited...

108 Malicious Google Chrome extensions sharing a C2 backend

Malware Activity
H score11 First: 14.04.2026 11:35 Last: 14.04.2026 11:35 Sources 1

About this happening: **108 malicious Google Chrome extensions** were found to use the same **C2 infrastructure** to steal credentials, sessions, and browsing data while injecting ads and arbitrary Jav...

Timeline

  1. 15.12.2025 13:55 2 articles · 6mo ago

    Browser-extension hardening guidance after ShadyPanda disclosure

    Technical Analysis Update

    Security guidance dated December 15, 2025 recommends enforcing browser extension allow lists, auditing permissions on a recurring schedule, monitoring installs and silent updates, and staging extension rollouts to reduce the risk that trusted Chrome and Edge browser extensions are turned into spyware or backdoor tools that steal session cookies, tokens, credentials, and SaaS access.

    Show sources