Google delisted the image conversion tool earlier this month, but not before it had likely been modifying thousands of users' ...

You won't have to switch to a browser as often.

Ransomware criminals exploited CVE-2026-20131, a maximum-severity bug in Cisco Secure Firewall Management Center software, as a zero-day vulnerability more than a month before Cisco patched the hole, ...

An extension I used almost every day was bought by a new owner and loaded up with spyware. It happened in 2024, but Google only removed it this week.

A new exploit kit for iOS devices and delivery framework dubbed "Darksword" has been used to steal a wide range of personal information, including data from cryptocurrency wallet app.

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

The infamous GlassWorm malware has infected dozens more Open VSX software packages, according to new research.

How can an extension change hands with no oversight?

The campaign, observed in February 2026, has been assessed to share overlaps with a prior campaign mounted by Laundry Bear, a group tracked by Microsoft as Void Blizzard.

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...

DRILLAPP JavaScript backdoor targets Ukraine in Feb 2026, abusing Edge debugging features to spy via camera, microphone, and ...

This story was originally published by Mountain State Spotlight. Get stories like this delivered to your email inbox once a week; sign up for the free newsletter at mountainstatespotlight.org/newslett ...