Malicious Chrome and Edge extensions collected browsing history, keystrokes and personal data from millions of users before ...

More than a hundred browser extensions spread across Google Chrome and Microsoft Edge browsers turned malicious after five ...

Anything users typed into ChatGPT, Anthropic Claude, Microsoft Copilot, DeepSeek, Google Gemini, Grok, Meta AI, and ...

According to researchers at cybersecurity firm Koi, a China-based hacking syndicate known as ShadyPanda is actively ...

Security researchers found a popular Chrome extension secretly copying and storing AI chats, raising major privacy concerns.

Malicious extensions occasionally find their way into the Chrome Web Store (and similar libraries in other browsers) by posing as legitimate add-ons. Some of them only morph into malware after gaining ...

Learn how the ShadyPanda campaign turned trusted browser extensions into spyware and the steps security teams can take to reduce extension risk.

ShadyPanda spent seven years uploading trusted Chrome and Edge extensions, later weaponizing them for tracking, hijacking, and remote code execution. Learn how the campaign unfolded.

ShadyPanda campaign turned 145 Chrome/Edge extensions malicious after years of normal use Updates added affiliate fraud, cookie theft, search hijacking, and remote code execution 4.3M devices at risk; ...

Urban VPN Proxy, which claims to protect users' privacy, collects data from conversations with ChatGPT, Claude, Gemini, ...

The China-based cyber-threat group has been using malicious extensions on the Google Chrome and Microsoft Edge marketplaces ...