Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.

GlassWorm campaign used 72 malicious Open VSX extensions and infected 151 GitHub repositories, enabling stealth supply-chain attacks on developers.

One IDE to rule them all. You won't want to use anything else.

A compromised Chrome extension with 7,000 users was updated to deploy malware, strip security headers, and steal cryptocurrency wallet seed phrases.

A Chrome vulnerability allowed malicious extensions to hijack the browser’s Gemini Live assistant to spy on users and ...

This plugin discovers projects based on package.json files across VSCode workspaces. Before using it, add @biomejs/biome as a dependency in your project's package.json and install the package using ...

A "coordinated developer-targeting campaign" is using malicious repositories disguised as legitimate Next.js projects and technical assessments to trick victims into executing them and establish ...

Most web archivers require you to log in separately or can't access pages behind authentication. This extension runs inside your existing Chrome session, so it can ...

With more than 37 million combined downloads, the extensions expose users to tracking and personal information theft. Security researchers have discovered more than 300 Chrome extensions that leak ...