Malicious GhostPoster browser extensions found with 840,000 installs

Another set of 17 malicious extensions linked to the GhostPoster campaign has been discovered in Chrome, Firefox, and Edge ...
SiliconANGLE

INKY warns of new QR code phishing tactic using embedded JavaScript

A new report out today from cybersecurity company INKY Technology Corp. is sounding the alarm over a new wave of phishing threats that use QR codes in increasingly dangerous and deceptive ways, ...

Malicious Zoom stealer extensions can leak your private meeting details — how to stay safe

Chrome, Edge and Firefox users are under attack by a new malware that uses malicious browser extensions to steal meeting info.
Dark Reading

A Twist On The Cyber Kill Chain: Defending Against A JavaScript Malware Attack

Understanding how malware attacks work is vital to defend against them. To ease this process, threat analysts have developed models that map the stages of cybersecurity attacks, allowing defenders to ...
CSOonline

Rogue MCP servers can take over Cursor’s built-in browser

A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser — and potentially leverage the IDE’s privileges to perform system tasks.