hijacked
-
Blog
Hijacked Microsoft Stream classic domain “spams” SharePoint sites
The legacy domain for Microsoft Stream was hijacked to show a fake Amazon site promoting a Thailand casino, causing all SharePoint sites with old embedded videos to display it as spam. Microsoft Stream is an enterprise video streaming service that allows organizations to upload and share videos in Microsoft 365 apps, such as Teams and SharePoint. Video content hosted on…
Read More » -
Blog
New details reveal how hackers hijacked 35 Google Chrome extensions
New details have emerged about a phishing campaign targeting Chrome browser extension developers that led to the compromise of at least thirty-five extensions to inject data-stealing code, including those from cybersecurity firm Cyberhaven. Although initial reports focused on Cyberhaven’s security-focused extension, subsequent investigations revealed that the same code had been injected into at least 35 extensions collectively used by roughly…
Read More » -
Blog
Hackers hijacked legitimate Chrome extensions to try to steal data
A cyberattack campaign inserted malicious code into multiple Chrome browser extensions as far back as mid-December, Reuters reported yesterday. The code appeared designed to steal browser cookies and authentication sessions, targeting “specific social media advertising and AI platforms,” according to a blog post from Cyberhaven, one of the companies that was targeted. Cyberhaven blames a phishing email for the attack,…
Read More » -
Blog
Cybersecurity firm’s Chrome extension hijacked to steal users’ data
At least five Chrome extensions were compromised in a coordinated attack where a threat actor injected code that steals sensitive information from users. One attack was disclosed by Cyberhaven, a data loss prevention company that alerted its customers of a breach on December 24 after a successful phishing attack on an administrator account for the Google Chrome store. Among Cyberhaven’s customers are Snowflake,…
Read More » -
Blog
Ultralytics AI model hijacked to infect thousands with cryptominer
The popular Ultralytics YOLO11 AI model was compromised in a supply chain attack to deploy cryptominers on devices running versions 8.3.41 and 8.3.42 from the Python Package Index (PyPI) Ultralytics is a software development company specializing in computer vision and artificial intelligence (AI), specifically in object detection and image processing. It’s best known for its “YOLO” (You Only Look Once)…
Read More »