PCMag

Wikipedia Forced to Lock Down Edits Over JavaScript That Could Delete Pages

The nonprofit that oversees Wikipedia briefly enforced a 'read-only' mode on Thursday morning as users spotted code designed ...

Wikipedia hit by self-propagating JavaScript worm that vandalized pages

The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages ...
Microsoft

Malicious AI Assistant Extensions Harvest LLM Chat Histories

Malicious AI browser extensions collected LLM chat histories and browsing data from platforms such as ChatGPT and DeepSeek.
WinBuzzer

Chrome Gemini Flaw Let Rogue Extensions Hijack AI Panel

A high-severity Chrome vulnerability has allowed malicious extensions to exploit the Gemini panel and gain elevated access to ...

Chrome Extension Hijacked to Deliver Malware, Steal Crypto Wallets

A compromised Chrome extension with 7,000 users was updated to deploy malware, strip security headers, and steal cryptocurrency wallet seed phrases.

Cincinnati Bengals won't franchise tag Trey Hendrickson, per reports

Hendrickson and the Bengals went through some contract dramatics last offseason. This time around, things will be different.
The Hacker News

New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel

Chrome CVE-2026-0628 let malicious extensions hijack Gemini panel for privilege escalation, local file access, and ...
SecurityWeek

Vulnerability Allowed Hijacking Chrome’s Gemini Live AI Assistant

A Chrome vulnerability allowed malicious extensions to hijack the browser’s Gemini Live assistant to spy on users and ...

This high-severity Chrome Gemini vulnerability lets malicious extensions spy on your PC

A bug in Google Chrome's Gemini AI feature could expose your data or allow attackers to monitor you. Here's how to stay ...

QuickLens Chrome extension steals crypto, shows ClickFix attack

A Chrome extension named "QuickLens - Search Screen with Google Lens" has been removed from the Chrome Web Store after it was ...
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

300,000+ Chrome users installed these malicious extensions posing as AI assistants — delete them right now

Unsuspecting Chrome users put their browsing data at risk by installing these 30 extensions which promised quick access to AI but were really after their passwords, emails and other data.