Add-ons with 37M installs leak visited URLs to 30+ recipients, researcher says They know where you've been and they're going to share it. A security researcher has identified 287 Chrome extensions ...

The AgreeTo add-in for Outlook has been hijacked and turned into a phishing kit that stole more than 4,000 Microsoft account credentials.

A surge in LummaStealer infections has been observed, driven by social engineering campaigns leveraging the ClickFix technique to deliver the CastleLoader malware.

A zero-click flaw in Anthropic’s Claude Desktop Extensions allows attackers to trigger remote code execution via Google ...