Leaky Chrome extensions with 37M installs caught divulging your browsing history

Hundreds of popular add‑ons used encrypted, URL‑sized payloads to send search queries, referrers, and timestamps to outside servers, in some cases tied to data brokers and unknown operators.
Dark Reading

ClickFix Attacks Abuses DNS Lookup Command to Deliver ModeloRAT

ClickFix campaigns have adapted to the latest defenses with a new technique to trick users into infecting their own machines with malware.

Waymo defends use of remote assistance workers in US robotaxi operations

Alphabet self-driving unit Waymo on Tuesday defended its use of remote assistance personnel in the face of questions from ...
FinanceBuzz on MSN

12 remote entry-level jobs that pay at least $35 an hour

Ready to skip the commute to work? Explore 12 entry-level remote jobs that pay well, boost work-life balance, and don't ...

Fake ad blocker breaks PCs in new malware extension scam

Chrome and Edge users warned about NexShield browser extension scam that causes crashes and tricks users into installing malware through fake security fix commands.

New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS

Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns.
WinBuzzer

Microsoft Blocks Credential Autofill to Fix Windows Hello Flaw

Microsoft has blocked credential autofill on Windows 11 to address CVE-2026-20804, a Windows Hello vulnerability allowing biometric injection attacks.

Arizona woman loses $1.5M to an online scam after simply trying to fix her TV’s closed captioning. How to spot the signs of a scam

Learn the signs to ensure that a minor tech glitch doesn't become a financial disaster.

February’s Patch Tuesday release fixes 59 flaws, including 6 being exploited

IT admins will be busy this month patching Microsoft software and apps, but not nearly as busy as they were in January.