The Hacker News

108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users

According to Socket, the extensions (complete list here) are published under five distinct publisher identities – Yana ...

108 Google Chrome Extensions Are Stealing User Data, Over 20,000 Users Affected

Collectively, the extensions amassed about 20,000 installs in the Chrome Web Store. All 108 extensions route stolen ...

LinkedIn scanning users’ browser extensions sparks controversy and two lawsuits

LinkedIn is facing two lawsuits over its practice of scanning users’ browsers to determine which extensions they’re running.
XDA Developers on MSN

I keep finding vibe coded apps that leak user data, and I'm not even looking for it

Vibe coding platforms are powerful, but users often don't know what they created.
PCMag UK on MSN

LinkedIn Faces Spying Allegations Over Browser Extension Scanning

A German group claims LinkedIn is 'illegally searching' users' computers. But the Microsoft-owned site says it collects data on users' browser extensions to prevent potential web scraping.

New "BrowserGate" report claims LinkedIn secretly scans user browsers

LinkedIn calls it a smear campaign, but does not deny scanning people's browsers for extensions.
The Hacker News

Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution

Antigravity Strict Mode bypass disclosed Jan 7, 2026, patched Feb 28, enables arbitrary code execution via fd -X flag.

Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway.

Microsoft assigned CVE-2026-21520 to a Copilot Studio prompt injection vulnerability and patched it in January — but in ...
CSO Online

Hackers exploit a critical Flowise flaw affecting thousands of AI workflows

The design flaw in Flowise’s Custom MCP node has allowed attackers to execute arbitrary JavaScript through unvalidated ...