The Hacker News

Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs

Critical vulnerabilities in four widely used VS Code extensions could enable file theft and remote code execution across 125M installs.

Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps

Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into ...

Cloudflare’s New Markdown for AI Bots: What You Need To Know

Cloudflare launched Markdown for Agents, converting HTML pages to markdown automatically when AI crawlers request it through content negotiation.

An FBI ‘Asset’ Helped Run a Dark Web Site That Sold Fentanyl-Laced Drugs for Years

A staffer of the Incognito dark web market was secretly controlled by the FBI—and still allegedly approved the sale of ...
CSO Online

Leaky Chrome extensions with 37M installs caught divulging your browsing history

Hundreds of popular add‑ons used encrypted, URL‑sized payloads to send search queries, referrers, and timestamps to outside servers, in some cases tied to data brokers and unknown operators.