The China-based cyber-threat group has been using malicious extensions on the Google Chrome and Microsoft Edge marketplaces ...

On November 17, 2025, a critical security flaw in Google Chrome’s V8 JavaScript engine sent shockwaves through the digital world. Hackers began exploiting the vulnerability before Google could release ...

A threat actor has published over a hundred malicious extensions that can track and profile Chrome and Microsoft Edge users ...

CERT-In has issued a security alert for Google Chrome users, urging immediate updates for Windows, macOS, and Linux due to severe vulnerabilities identified as CVE-2025-13223 and CVE-2025-13224. , ...

A seven-year malicious browser extension campaign infected 4.3 million Google Chrome and Microsoft Edge users with malware, including backdoors and spyware sending people's data to servers in China.

According to researchers at cybersecurity firm Koi, a China-based hacking syndicate known as ShadyPanda is actively ...

Seventh Chrome 0-day this year Google pushed an emergency patch on Monday for a high-severity Chrome bug that attackers have already found and exploited in the wild.… The vulnerability, tracked as CVE ...

Socket’s Threat Research Team has outlined all the details.

North Korean actors deployed 197 new npm packages delivering evolved OtterCookie and GolangGhost malware through fake ...

A threat group dubbed ShadyPanda exploited traditional extension processes in browser marketplaces by uploading legitimate extensions and then quietly weaponization them with malicious updates, ...

ShadyPanda spent seven years uploading trusted Chrome and Edge extensions, later weaponizing them for tracking, hijacking, and remote code execution. Learn how the campaign unfolded.

ShadyPanda abused browser extensions for seven years, turning 4.3M installs into a multi-phase surveillance and hijacking ...