Find notable cyber news and cases, enriched with sources, timelines, and signals.

Coordinated Chrome-extension campaign for enterprise account takeover

Campaign
First reported
Last updated
Happening score
H score 44
1 unique sources, 1 articles

Summary

Hide ▲

A coordinated Chrome-extension campaign has been uncovered that steals authentication cookies, blocks security administration pages, and enables complete account takeover across enterprise-platform users. The malicious add-ons impersonate Workday, NetSuite, and SuccessFactors tools to blend into normal business workflows. The operation matters because it can preserve access while preventing defenders from using standard remediation pages. Copies also remained available outside the main browser store, extending the reach of the campaign.

Related Happenings

Silent Swap browser-extension clipboard clipper

Malware Activity
H score36 First: 30.06.2026 18:40 Last: 30.06.2026 18:40 Sources 1

About this happening: The **Silent Swap** malware activity now **installs malicious Chromium extensions** that intercept copied wallet addresses and **reroute cryptocurrency transfers** to attacker-con...

Dormant remote-controlled JavaScript injection path in Adblock for YouTube Chrome extension

Technical Analysis
H score23 First: 25.06.2026 17:12 Last: 25.06.2026 17:12 Sources 1

About this happening: A **Chrome extension** with **10 million+ installs** was found to carry a **dormant script-injection path**, raising the risk of **arbitrary JavaScript execution** across visited...

Google Chrome DBSC rolls out session-cookie theft protection for all users

Security Tool/Service
H score10 First: 29.05.2026 15:08 Last: 29.05.2026 15:08 Sources 1

About this happening: Google's **Chrome Device Bound Session Credentials (DBSC)** is now **generally available** and rolling out to **all users**, reducing the risk of **account takeovers** from stolen...

Chrome Web Store malicious extensions coordinated campaign using shared C2

Campaign
H score38 First: 14.04.2026 23:33 Last: 14.04.2026 23:33 Sources 1

About this happening: A coordinated **Chrome Web Store** extension operation is stealing **Google OAuth2 Bearer tokens**, deploying **backdoors**, and running **ad fraud** across more than **100 malici...

108 Malicious Chrome extension campaign

Campaign
H score37 First: 14.04.2026 14:30 Last: 14.04.2026 14:30 Sources 1

About this happening: A **large-scale campaign** of **108 malicious Chrome extensions** exposed roughly **20,000 users** to **session hijacking** and data theft through a shared **C2 infrastructure**.

Timeline

  1. 16.01.2026 16:09 2 articles · 5mo ago

    Researchers disclose five malicious Chrome extensions

    Initial Disclosure

    Security researchers identified five malicious Google Chrome extensions impersonating Workday, NetSuite, and SuccessFactors tools to steal authentication cookies, block administrative pages, and enable session hijacking for victim accounts; most of the add-ons had been removed from the Chrome Web Store, while Software Access remained available and copies also appeared on third-party download sites such as Softonic.

    Show sources