108 Google Chrome Extensions Are Stealing User Data, Over 20,000 Users Affected

Collectively, the extensions amassed about 20,000 installs in the Chrome Web Store. All 108 extensions route stolen ...
InfoWorld

Malicious pgserve, automagik developer tools found in npm registry

Fake packages aim to steal data, credentials, and secrets, and to infect every package created using them, in what could be ...
XDA Developers on MSN

GNOME extensions are basically required, but they're a ticking time bomb for Linux desktops

The unpredictable nature of GNOME extensions, lacking a standard rulebook, often leads to instability and crashes.
DataBreachToday

Flurry of Supply-Chain Software Library Attacks

As supply-chain attacks against widely-used, open-source software repositories continue, experts are urging developers to not ...

Bitwarden CLI npm package compromised to steal developer credentials

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.
The Hacker News

108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users

According to Socket, the extensions (complete list here) are published under five distinct publisher identities – Yana ...
InfoWorld

HTMX 4.0: Hypermedia finds a new gear

The ingenious engine of web dev simplicity goes all-in with the Fetch API, native streaming, Idiomorph DOM merging, and more.

LinkedIn scanning users’ browser extensions sparks controversy and two lawsuits

LinkedIn is facing two lawsuits over its practice of scanning users’ browsers to determine which extensions they’re running. Two class action complaints were filed by different law firms on behalf of ...
Indianapolis Business Journal

EPA grants permit for proposed carbon storage project in Indiana

Denver-based Vault 44.01 and Cardinal Ethanol plan to jointly develop the One Carbon Partnership CCS project about 95 miles ...
Android

Why Your AI Girlfriend is a Privacy Time Bomb: 150M Users at Risk

“A new 2026 study reveals that AI companion apps with 150M installs are a privacy disaster. More than half expose intimate chat histories due to critical flaws like hardcoded credentials and script ...
The Hacker News

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Malicious KICS Docker tags and VS Code versions 1.17.0, 1.19.0 enabled data exfiltration, risking exposed infrastructure ...