We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Analysis Featured News Technology

Hackers injected malicious code into several Chrome extensions in recent attack

  • December 30, 2024
  • 2 minute read
  • 3,250 Views
post-img

Hackers were reportedly able to modify several Chrome extensions with malicious code this month after gaining access to admin accounts through a phishing campaign. The cybersecurity company Cyberhaven shared in a blog post this weekend that its Chrome extension was compromised on December 24 in an attack that appeared to be “targeting logins to specific social media advertising and AI platforms.” A few other extensions were hit as well, going back to mid-December. According to Nudge Security’s Jaime Blasco, that includes ParrotTalks, Uvoice and VPNCity.

Cyberhaven notified its customers on December 26 in an email seen by TechCrunch, which advised them to revoke and rotate their passwords and other credentials. The company’s initial investigation of the incident found that the malicious extension targeted Facebook Ads users, with a goal of stealing data such as access tokens, user IDs and other account information, along with cookies. The code also added a mouse click listener. “After successfully sending all the data to the [Command & Control] server, the Facebook user ID is saved to browser storage,” Cyberhaven said in its analysis. “That user ID is then used in mouse click events to help attackers with 2FA on their side if that was needed.”

Cyberhaven said it first detected the breach on December 25 and was able to remove the malicious version of the extension within an hour. It’s since pushed out a clean version.

Previous Article

Oil Prices Rebound Amid Tensions and Worries of...

February 21, 2023
Next Article

Gold price today: Gold rises on tariff pause

April 10, 2025

Related Post

Risk Warning: Trading in commodity futures, options, foreign exchange and spread betting is a high-risk activity and may result in substantial losses. Leverage, which is commonly associated with these financial instruments, can work in your favor or against you, leading to significant financial losses. Before engaging in any trading activities, it is important to carefully consider your financial condition, investment objectives, experience level, and risk tolerance. We recommend seeking independent financial advice and thoroughly understanding all the risks involved before making a decision.
Disclaimer: The Company provides no investment advice of any kind, nor gives advice or offers any opinion or recommendation with respect to the nature, potential value or suitability of any particular securities transaction or investment strategy. Any opinions, news, research, analyses, prices or other information contained on this website is provided as general market commentary. Market Information provided within the website is not intended as investment advice. The content on this website is subject to change at any time without notice, and is provided for the sole purpose of assisting traders to make independent investment decisions. We do not guarantee accuracy nor accept liability for any loss or damage which may arise directly or indirectly from the content or from your inability to access the website. Links to third-party sites are provided for your convenience. Such sites are beyond our control and may not follow the same privacy, security, or accessibility standards as ours. ForexFlash neither endorses nor guarantees offerings of the third party providers, nor bears responsibility for the security, content or availability of third-party sites, their partners or advertisers.



Track all markets on TradingView