AI-powered browser extensions are quietly infiltrating enterprise environments, often escaping detection and carrying significant security risks. Learn how these tools have become a new, dangerous attack vector—and what organizations must do to regain control.
A wave of malicious AI browser extensions has compromised nearly a million users, exposing sensitive enterprise data by harvesting chat content and browsing history. Discover how attackers exploited browser trust and what organizations must do to defend against this growing threat.
A global wave of malicious AI-themed browser extensions infiltrated over 20,000 organizations, stealing private chat data and posing a major compliance risk, according to Microsoft’s latest alert.
A sweeping attack using fake AI Chrome extensions exploited over 260,000 users, targeting Gmail and enterprise data by leveraging remote frames and broad browser permissions. Learn how the campaign worked, why it’s different, and how to protect yourself.
A wave of malicious Chrome extensions posing as AI tools have secretly harvested data from over 260,000 users by injecting remote iframes and scraping emails, exposing deep flaws in browser security.
A cluster of 16 browser extensions, posing as ChatGPT enhancers, have been exposed for stealing users’ session tokens and private data. This campaign highlights the rising cybersecurity risks as third-party AI tools proliferate.
Two AI-powered Visual Studio Code extensions with over 1.5 million installs covertly exfiltrated developer source code to servers in China. Learn how these trusted tools became a major supply chain attack.
#AI Extensions | #Data Exfiltration | #Cybersecurity Threats
Two fake AI Chrome extensions, disguised as productivity tools, secretly stole private conversations and browsing data from 900,000 users—revealing the risks lurking in even trusted browser stores.
Over a million Chrome users unknowingly installed fake AI chat extensions that spied on their private and business conversations. The malicious add-ons, disguised with professional interfaces and even a Google Featured badge, used advanced techniques to steal sensitive data and send it to external servers every 30 minutes.