top of page
ALL POSTS
ClaudeBleed: Hackers Exploit Chrome Extension Vulnerability to Hijack Claude and Steal Data
Key Findings LayerX researchers discovered ClaudeBleed, a critical vulnerability in Claude's Chrome extension that allows any other browser extension to take full control of the AI assistant The flaw stems from improper message source verification, allowing malicious scripts to issue commands to Claude without user knowledge or consent Attackers can extract files from Google Drive, read private emails, send messages on behalf of users, and access GitHub repositories Anthropic
May 83 min read
82 Chrome Extensions Caught Selling User Data to Third Parties, Affecting Millions
Key Findings LayerX Security identified 82 Chrome extensions explicitly reserving the right to sell user data to third parties At least 6.5 million users are affected across confirmed cases 75 of the 82 extensions remain active on the Chrome Web Store with only 7 removed Data collection practices are disclosed in privacy policies but largely unnoticed by users 29 extensions operate as sales intelligence tools capturing internal corporate browsing activity Background Most peop
Apr 282 min read
GlassWorm Malware Leverages Solana Blockchain for Command Delivery and Data Exfiltration
Key Findings GlassWorm campaign evolved to deliver multi-stage malware framework with data theft and remote access capabilities Operators use Solana blockchain transactions as dead drop resolvers to hide command-and-control infrastructure Malware includes hardware wallet phishing targeting Ledger and Trezor devices with fake recovery phrase prompts Chrome extension masquerading as "Google Docs Offline" steals browser data, cookies, and monitors cryptocurrency exchange session
Mar 253 min read
Trust Wallet Urges Users to Update Chrome Extension After $7M Breach
Key Findings Trust Wallet confirmed a security incident involving its Chrome extension version 2.68 that resulted in approximately $7 million in losses. The malicious code in the compromised extension version prompted users to share their wallet mnemonic phrases, which were then used to drain funds. Trust Wallet is advising all users to urgently update to version 2.69 of the extension to mitigate the issue. The company stated it will ensure all affected users are refunded, wi
Dec 27, 20252 min read
bottom of page
