The Hacker News

108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users

According to Socket, the extensions (complete list here) are published under five distinct publisher identities – Yana ...
HealthcareInfoSecurity

Grafana AI Bug Leaks Data With Zero-Click Exploit

A Grafana AI flaw enables zero-click data exfiltration by hiding malicious prompts in URLs, said a Noma Security report.

LinkedIn scanning users’ browser extensions sparks controversy and two lawsuits

LinkedIn is facing two lawsuits over its practice of scanning users’ browsers to determine which extensions they’re running.

Pixel phones are becoming safer via Google's Rust code injection

The post Pixel phones are becoming safer via Google's Rust code injection appeared first on Android Headlines.
CSO Online

Hackers exploit a critical Flowise flaw affecting thousands of AI workflows

The design flaw in Flowise’s Custom MCP node has allowed attackers to execute arbitrary JavaScript through unvalidated ...

GrafanaGhost: The AI That Leaked Everything Without Being Hacked

A newly disclosed vulnerability reveals how AI assistants can become invisible channels for data exfiltration — and why ...

108 malicious Chrome extensions found stealing data and injecting ads into every page you visit

Security researchers have uncovered a new coordinated campaign which uses malicious extensions to steal user data and hijack browsing sessions.