Malicious VSCode extensions on Microsoft's registry drop infostealers

Two malicious extensions on Microsoft's Visual Studio Code Marketplace infect developers' machines with information-stealing ...
The Hacker News

Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data

Researchers found malicious VS Code extensions and Go, npm, and Rust packages stealing developer data via hidden payloads and exfiltration.

How to Spot a ‘Sleeper’ Browser Extension That’s Actually Malware

Benign add-ons can be weaponized with malicious updates after gaining user trust.

Popular Chrome and Edge extensions go rogue, infecting over 4 million devices with spyware

According to researchers at cybersecurity firm Koi, a China-based hacking syndicate known as ShadyPanda is actively ...
SecurityWeek

Chrome, Edge Extensions Caught Tracking Users, Creating Backdoors

A threat actor has published over a hundred malicious extensions that can track and profile Chrome and Microsoft Edge users ...
Decrypt

Malware Chrome Extension Secretly Siphoned Fees From Solana Traders for Months

Cybersecurity firm Socket warns the extension masks a second transaction instruction that quietly skims SOL from routine ...

Tiiny Host Launches Revolutionary Chrome Extension to Deploy AI-Generated Websites Directly from ChatGPT and Claude

One-Click Publishing Eliminates the Gap Between AI Code Generation and Live Deployment San Francisco, CA – November 26, 2025 ...
Dark Reading

'ShadyPanda' Hackers Weaponize Millions of Browsers

The China-based cyber-threat group has been using malicious extensions on the Google Chrome and Microsoft Edge marketplaces ...

Newly discovered malicious extensions could be lurking in enterprise browsers

Once-trusted Chrome and Edge add-ons have quietly turned into tools for data harvesting, search manipulation, and a ...

Glassworm malware returns in third wave of malicious VS Code packages

The Glassworm campaign, which first emerged on the OpenVSX and Microsoft Visual Studio marketplaces in October, is now in its third wave, with 24 new packages added on the two platforms.