ALL POSTS

Key Findings 287 different Chrome browser extensions are actively stealing the web histories of roughly 37.4 million people These extensions, often disguised as "harmless tools" like ad blockers or search assistants, are feeding user data to a network of global corporations and data brokers The research team identified many of these tools sending user data in plain text and using "obfuscation" techniques to hide their tracks, scrambling history into codes before sending it of

Key Findings A malicious Microsoft Visual Studio Code (VS Code) extension named "ClawdBot Agent - AI Coding Assistant" has been discovered on the official Extension Marketplace. The extension claims to be a free artificial intelligence (AI) coding assistant for the popular open-source project Moltbot, but it stealthily drops a malicious payload on compromised hosts. The extension was published by a user named "clawdbot" on January 27, 2026 and has since been taken down by Mic

Key Findings: Two malicious Google Chrome extensions named "Phantom Shuttle" have been discovered secretly stealing user credentials from over 170 websites. The extensions are advertised as a "multi-location network speed test plug-in" for developers and foreign trade personnel. The extensions execute complete traffic interception, operate as man-in-the-middle proxies, and continuously exfiltrate user data to a command-and-control server. Once users make a subscription paymen

Background Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities. The extension, named "susvsex," was uploaded on November 5, 2025, by a user named "suspublisher18." The extension was designed to automatically activate itself on any event, including installing or when launching VS Code, and invoke a function named "zipUploadAndEncrypt." Extension Functionality The "zipUploadAndEncrypt" function creates a Z