Fake Perplexity extension on Chrome Web Store tracked searches

A malicious Chrome extension posing as a popular research assistant has been discovered on the Chrome Web Store, intercepting search traffic and collecting browsing information from unsuspecting users. The fake “Perplexity AI” extension, available for download with the ID “flkebkiofojicogddingbdmcmkpbplcd”, is a convincing imitation of the legitimate Perplexity AI answer engine. Its true purpose, however, … Read more

Silent Swap Crypto Clipper Uses Fake Google Notes Extension to Replace Wallet Addresses

A new and insidious form of cryptocurrency theft has been uncovered, with hackers exploiting a seemingly innocuous Google Chrome extension to swap wallet addresses and steal digital funds. The “Silent Swap Crypto Clipper” malware targets individuals who use Google Notes, a popular note-taking browser extension. By masquerading as the legitimate extension, the attackers inject malicious … Read more

Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints

A newly discovered vulnerability in an artificial intelligence (AI) app has been exploited to deploy Monero cryptocurrency miners on exposed endpoints, putting thousands of users at risk. The Langflow Remote Code Execution (RCE) flaw, discovered by a researcher using AI-powered tools, was found in the popular Langflow app used for video editing and processing. The … Read more

RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS

A New Era of Botnet Malware Emerges with RustDuck Rebuild, Threatening Global Networks A sophisticated botnet malware known as RustDuck has resurfaced, leveraging the programming language Rust to wreak havoc on global networks. The botnet’s primary objective is to hijack routers and servers, exploiting them for distributed denial-of-service (DDoS) attacks that can cripple online infrastructure. … Read more

Microsoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak Data

Microsoft’s warning that poisoned MCP tool descriptions can make AI agents leak sensitive data has sent shockwaves through the cybersecurity community, highlighting the growing threat of AI-powered attacks on software vulnerabilities. The issue affects organizations worldwide that rely on Microsoft products and services, including cloud-based platforms, operating systems, and applications. At the heart of this … Read more

Fake Perplexity extension on Chrome Web Store tracked searches

A malicious extension has been discovered on the Chrome Web Store, masquerading as a legitimate tool from the popular Perplexity AI answer engine. The extension, called “Search for perplexity ai,” intercepts search traffic and collects browsing information, potentially exposing users to further exploitation. Microsoft Threat Intelligence researchers have shed light on the fake extension’s inner … Read more

What the Numbers Say About FIFA 2026 Cyber Risk

As the world gears up for the highly anticipated FIFA 2026 tournament, cybersecurity experts are sounding the alarm about a new and concerning threat: software vulnerabilities discovered by AI models. It’s not just gamers who should be worried – companies that provide services to the tournament, sponsors, and even fans could be at risk of … Read more

282 iOS AI Apps Leak API Keys and Open AI Proxy Access in Network Traffic Study

A disturbing trend has been uncovered in the world of iOS apps, with research revealing that numerous artificial intelligence-powered applications are leaking sensitive API keys and opening up access to AI proxy services through network traffic. The findings, published by a team of researchers, have left many wondering how these vulnerabilities were missed in the … Read more

GuardFall Exposes Open-Source AI Coding Agents to Decades-Old Shell Injection Risks

A critical vulnerability has been exposed in GuardFall, an open-source artificial intelligence (AI) coding agent designed to identify and remediate software vulnerabilities. The flaw allows attackers to inject malicious code into systems, exploiting a decades-old weakness known as shell injection. This security lapse affects not only users of the tool but also organizations that rely … Read more

Silent Swap Crypto Clipper Uses Fake Google Notes Extension to Replace Wallet Addresses

A Sophisticated Attack on Cryptocurrency Wallets: Silent Swap Crypto Clipper Exposed A new and insidious threat has emerged, targeting cryptocurrency holders with a seemingly innocuous Google Chrome extension that’s actually a stealthy wallet address changer. Dubbed “Silent Swap Crypto Clipper,” this malicious tool is disguised as a legitimate note-taking app, allowing attackers to quietly swap … Read more