Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Browser extension risk reduction guidance for credential theft and SaaS compromise

Defensive Guidance
First reported
Last updated
Happening score
H score 16
1 unique sources, 1 articles

Summary

Hide ▲

A new browser-extension hardening playbook recommends allow lists, permission audits, monitoring, and staged updates to cut credential theft and SaaS compromise risk. It treats browser add-ons as part of the organization's identity and cloud attack surface, not just endpoint software. The guidance matters because silent extension updates can turn a trusted add-on into a stealthy access path without users noticing.

Related Happenings

108 Malicious Google Chrome extensions sharing a C2 backend

Malware Activity
First: 14.04.2026 11:35 Last: 14.04.2026 11:35 Sources 1

About this happening: **108 malicious Google Chrome extensions** were found to use the same **C2 infrastructure** to steal credentials, sessions, and browsing data while injecting ads and arbitrary Jav...

Open Happening

Legitimate-looking Chrome extension prompt-poaching campaign

Campaign
First: 25.03.2026 13:00 Last: 25.03.2026 13:00 Sources 1

About this happening: A recurring **Chrome extension** campaign is stealing **AI conversations** from users, exposing prompts, answers, and other sensitive content to attacker-controlled servers. The a...

Open Happening

ShieldGuard browser-extension data-harvesting malware

Malware Activity
First: 18.03.2026 16:15 Last: 18.03.2026 16:15 Sources 1

About this happening: A malicious **ShieldGuard** browser extension was dismantled after it was found harvesting sensitive data from **crypto users**, putting wallet and account information at risk. Th...

Open Happening

QuickLens and ShotBird malicious Chrome extension update chain

Malware Activity
First: 09.03.2026 12:28 Last: 09.03.2026 12:28 Sources 1

About this happening: The **QuickLens** and **ShotBird** Chrome extensions have become **malicious after ownership transfer**, turning trusted add-ons into a delivery path for code injection and data t...

Open Happening

Enterprise browser users AI adoption and browser-risk trends

Target Trend
First: 05.03.2026 17:01 Last: 05.03.2026 17:01 Sources 1

About this happening: Enterprise browser sessions are seeing **mainstream AI tool use**, widening the security blind spot around **employee work sessions** and increasing the risk of **sensitive data e...

Open Happening

Timeline

  1. 15.12.2025 13:55 2 articles · 5mo ago

    Browser-extension hardening guidance after ShadyPanda disclosure

    Technical Analysis Update

    Security guidance dated December 15, 2025 recommends enforcing browser extension allow lists, auditing permissions on a recurring schedule, monitoring installs and silent updates, and staging extension rollouts to reduce the risk that trusted Chrome and Edge browser extensions are turned into spyware or backdoor tools that steal session cookies, tokens, credentials, and SaaS access.

    Show sources
    Open in new tab