The Hacker News

Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover

Magento flaw allows unauthenticated file uploads up to 2.4.9-alpha2, enabling RCE or takeover, exposing stores to attack risk ...

My most useful Chrome extension was stealing my data for years

An extension I used almost every day was bought by a new owner and loaded up with spyware. It happened in 2024, but Google ...

Popular Chrome extension "Save Image as Type" was hijacked, impacting over 1 million users

Google delisted the image conversion tool earlier this month, but not before it had likely been modifying thousands of users' ...

LeakNet ransomware uses ClickFix, Deno runtime in stealthy attacks

The LeakNet ransomware gang is now using the ClickFix technique for initial access into corporate environments and deploys a ...
The Hacker News

ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers

ClickFix campaigns spread MacSync macOS infostealer via malicious Terminal commands since Nov 2025, targeting AI tool users ...
XDA Developers on MSN

Google kept featuring this Chrome extension for months after it turned malicious

How can an extension change hands with no oversight?