-
Zoom Stealer browser extensions harvest corporate meeting intelligence
A newly discovered campaign, which researchers call Zoom Stealer, is affecting 2.2 million Chrome, Firefox, and Microsoft Edge users through 18 extensions that collect online meeting-related data like URLs, IDs, topics, descriptions, and embedded passwords.
- December 30, 2025
- 10:41 AM
0
-
Trust Wallet says 2,596 wallets drained in $7 million crypto theft attack
Trust Wallet says attackers who compromised its browser extension right before Christmas have drained approximately $7 million from nearly 3,000 cryptocurrency wallet addresses.
- December 29, 2025
- 11:43 AM
1
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
GhostPoster attacks hide malicious JavaScript in Firefox addon logos
A new campaign dubbed 'GhostPoster' is hiding JavaScript code in the image logo of malicious Firefox extensions counting more than 50,000 downloads, to monitor browser activity and plant a backdoor.
- December 16, 2025
- 05:17 PM
- 2
-
Malicious VSCode Marketplace extensions hid trojan in fake PNG file
A stealthy campaign with 19 extensions on the VSCode Marketplace has been active since February, targeting developers with malware hidden inside dependency folders.
- December 11, 2025
- 03:54 PM
- 0
-
Malicious VSCode extensions on Microsoft's registry drop infostealers
Two malicious extensions on Microsoft's Visual Studio Code Marketplace infect developers' machines with information-stealing malware that can take screenshots, steal credentials, and hijack browser sessions.
- December 08, 2025
- 05:30 PM
- 0
-
ShadyPanda browser extensions amass 4.3M installs in malicious campaign
A long-running malware operation known as "ShadyPanda" has amassed over 4.3 million installations of seemingly legitimate Chrome and Edge browser extensions that evolved into malware.
- December 01, 2025
- 10:01 AM
- 0
-
GlassWorm malware returns on OpenVSX with 3 new VSCode extensions
The GlassWorm malware campaign, which impacted the OpenVSX and Visual Studio Code marketplaces last month, has returned with three new VSCode extensions that have already been downloaded over 10,000 times.
- November 08, 2025
- 11:17 AM
- 0
-
AI-Slop ransomware test sneaks on to VS Code marketplace
A malicious extension with basic ransomware capabilities seemingly created with the help of AI, has been published on Microsoft's official VS Code marketplace.
- November 06, 2025
- 04:52 PM
- 0
-
The Top 3 Browser Sandbox Threats That Slip Past Modern Security Tools
Attackers exploit web browsers' built-in behaviors to steal credentials, abuse extensions, and move laterall, slipping past traditional defenses. Learn from Keep Aware how browser-layer visibility and policy enforcement stop these hidden threats in real time.
- November 04, 2025
- 10:02 AM
- 0
-
Fake Solidity VSCode extension on Open VSX backdoors developers
A remote access trojan dubbed SleepyDuck, and disguised as the well-known Solidity extension in the Open VSX open-source registry, uses an Ethereum smart contract to establish a communication channel with the attacker.
- November 03, 2025
- 03:50 PM
- 0
-
Mozilla: New Firefox extensions must disclose data collection practices
Starting next month, Mozilla will require Firefox extension developers to disclose whether their add-ons collect or share user data with third parties.
- October 24, 2025
- 09:17 AM
- 1
-
Self-spreading GlassWorm malware hits OpenVSX, VS Code registries
A new and ongoing supply-chain attack is targeting developers on the OpenVSX and Microsoft Visual Studio marketplaces with self-spreading malware called GlassWorm that has been installed an estimated 35,800 times.
- October 20, 2025
- 12:13 PM
- 0
-
Malicious crypto-stealing VSCode extensions resurface on OpenVSX
A threat actor called TigerJack is constantly targeting developers with malicious extensions published on Microsoft's Visual Code (VSCode) marketplace and OpenVSX registry to steal cryptocurrency and plant backdoors.
- October 14, 2025
- 05:35 PM
- 0
-
Microsoft Edge to block malicious sideloaded extensions
Microsoft is planning to introduce a new Edge security feature that will protect users against malicious extensions sideloaded into the web browser.
- September 26, 2025
- 11:39 AM
- 1
-
Mozilla now lets Firefox add-on devs roll back bad updates
Mozilla has announced a new feature that enables Firefox extension developers to roll back to previously approved versions, allowing them to quickly address critical bugs and issues.
- September 22, 2025
- 11:53 AM
- 0
-
Wave of 150 crypto-draining extensions hits Firefox add-on store
A malicious campaign dubbed 'GreedyBear' has snuck onto the Mozilla add-ons store, targeting Firefox users with 150 malicious extensions and stealing an estimated $1,000,000 from unsuspecting victims.
- August 07, 2025
- 10:00 AM
- 0
-
Mozilla warns of phishing attacks targeting add-on developers
Mozilla has warned browser extension developers of an active phishing campaign targeting accounts on its official AMO (addons.mozilla.org) repository.
- August 04, 2025
- 06:00 AM
- 0
-
Malicious VSCode extension in Cursor IDE led to $500K crypto theft
A fake extension for the Cursor AI IDE code editor infected devices with remote access tools and infostealers, which, in one case, led to the theft of $500,000 in cryptocurrency from a Russian crypto developer.
- July 14, 2025
- 08:26 AM
- 1
-
Dozens of fake wallet add-ons flood Firefox store to drain crypto
More than 40 fake extensions in Firefox's official add-ons store are impersonating popular cryptocurrency wallets from trusted providers to steal wallet credentials and sensitive data.
- July 02, 2025
- 09:16 AM
- 0
-
Mozilla launches new system to detect Firefox crypto drainer add-ons
Mozilla has developed a new security feature for its add-on portal that helps block Firefox malicious extensions that drain cryptocurrency wallets.
- June 03, 2025
- 10:29 AM
- 3
1
