You won't have to switch to a browser as often.

Ransomware criminals exploited CVE-2026-20131, a maximum-severity bug in Cisco Secure Firewall Management Center software, as a zero-day vulnerability more than a month before Cisco patched the hole, ...

An extension I used almost every day was bought by a new owner and loaded up with spyware. It happened in 2024, but Google only removed it this week.

A new exploit kit for iOS devices and delivery framework dubbed "Darksword" has been used to steal a wide range of personal information, including data from cryptocurrency wallet app.

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

The infamous GlassWorm malware has infected dozens more Open VSX software packages, according to new research.

Do you use the Chrome extension "Save image as Type?" If so, you are one of more than one million users who woke up this morning to find out that Google has disabled the extension in your Chrome web ...

How can an extension change hands with no oversight?

The campaign, observed in February 2026, has been assessed to share overlaps with a prior campaign mounted by Laundry Bear, a group tracked by Microsoft as Void Blizzard.

DRILLAPP JavaScript backdoor targets Ukraine in Feb 2026, abusing Edge debugging features to spy via camera, microphone, and ...

This story was originally published by Mountain State Spotlight. Get stories like this delivered to your email inbox once a week; sign up for the free newsletter at mountainstatespotlight.org/newslett ...

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...