Every tap, click, and swipe we make online shapes our digital lives, but it also opens doors—some we never meant to unlock. Extensions we trust, assistants we rely on, and even the codes we scan are turning into tools for attackers. The line between convenience and vulnerability has never been thinner.
This week, we dive into the hidden risks, surprising loopholes, and the clever tricks cybercriminals are using to outsmart the systems we depend on.
Stay with us as we unpack what’s happening behind the screen and how you can stay one step ahead.
Dozens of Google Chrome Extensions Caught Stealing Sensitive Data — The challenges with securing the software supply chain reared once again after about three dozen extensions were found surreptitiously siphoning sensitive data from roughly 2.6 million devices for several months as part of two related campaigns. The compromises came to light after data loss prevention service Cyberhaven revealed that its browser extension was updated to include malicious code responsible for stealing credentials for Facebook and OpenAI ChatGPT and other data. The attack was made possible through a spear-phishing email sent to one of the company’s employees, urging them to take immediate action for failing to comply with Google Chrome Web Store policies. A link in the email led to a Google consent screen requesting access permission for an OAuth application named Privacy Policy Extension. Once granted access, the rogue application gave the attacker the ability to push a malicious version of Cyberhaven’s Chrome extension to the Chrome Web Store. Since then, it has emerged that several other extensions have been targeted in a similar manner. One of these extensions, named Reader Mode, is also said to have been targeted along with a few others as part of a related data-gathering activity that started no later than April 2023. The malicious code, which appears to be part of a monetization library, is designed to log every website visited on the browser. The development is another sign that browser add-ons are a weak link in the security chain.
The past two years have been as explosive for generative AI as they were for Taylor Swift. This guide will help you take practical steps to identify and mitigate GenAI risks so you can ensure safe and compliant use in your org.
Your favorite software might be hiding serious security cracks—don’t wait for trouble to find you. Update now and stay one step ahead of the threats!
This week’s list includes — CVE-2024-43405 (ProjectDiscovery Nuclei), CVE-2024-54152 (Angular Expressions), CVE-2024-12912, CVE-2024-13062 (ASUS router AiCloud), CVE-2024-12828 (Webmin CGI), CVE-2024-56040, CVE-2024-56041 (VibeThemes VibeBP), CVE-2024-56042, CVE-2024-56043, CVE-2024-56044, CVE-2024-56045, CVE-2024-56046 (VibeThemes WPLMS), CVE-2024-56249 (Webdeclic WPMasterToolKit), CVE-2024-56198 (path-sanitizer npm package), CVE-2024-55078 (WukongCRM), and CVE-2024-12583 (Dynamics 365 Integration plugin).
Upgrade Your Network Security — Take your network security to the next level with powerful, free tools designed to keep threats at bay. Use PfSense for enterprise-grade firewall protection and pair it with Suricata or Snort for real-time threat detection. Detect rogue devices with WiFiGuard and suspicious Wi-Fi activity with Kismet. Secure your communication with ZeroTier for private networking and encrypt DNS queries using DNSCrypt-Proxy or NextDNS to block malicious domains.
Plant decoys using Canarytokens to catch intruders, monitor activity with Wireshark, and safeguard SSH with Fail2Ban against brute-force attacks. Strengthen Wi-Fi with WPA3 and 802.11w Management Frame Protection, and track your network’s health in real-time using Netdata. These free tools give you enterprise-level defense at no cost—your network’s secret weapon.
That’s a wrap for this week! If there’s one thing we’ve learned, it’s that staying safe online isn’t just about tech—it’s about the choices we make every day. Whether it’s ignoring a shady email, keeping your apps updated, or thinking twice before clicking “yes,” small steps can make a big difference.
The digital world moves fast, but with a little care and attention, we can stay ahead. Keep asking questions, stay alert, and remember—we’re all in this together. See you next week with more updates to keep you informed and ready.