CSO Online

Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...

Popular Chrome extension "Save Image as Type" was hijacked, impacting over 1 million users

Google delisted the image conversion tool earlier this month, but not before it had likely been modifying thousands of users' browsers for several weeks. The group ...
MUO on MSN

This open-source tool turns any web page into a desktop app, and I can’t stop using it

PWAs feel unfinished once you see how clean this is.
XDA Developers on MSN

Google kept featuring this Chrome extension for months after it turned malicious

How can an extension change hands with no oversight?
WinBuzzer

GitHub: Glassworm Hides Malware in Invisible Unicode Across 151+ Repos

The Glassworm campaign has compromised over 151 GitHub repositories and npm packages using invisible Unicode payloads that ...