At least one Chrome user
April 14, 2026
•[ malicious extensions, credential theft, session hijacking ]
A coordinated campaign used 108 malicious Chrome extensions published under five developer identities to route stolen credentials, user identities, browsing data, Google account information, and Telegram Web session data to shared command-and-control infrastructure. The extensions collectively had about 20,000 Chrome Web Store installs and could inject ads or arbitrary JavaScript into visited pages and open arbitrary URLs through browser-level abuse.
At least one TikTok Business account
March 24, 2026
•[ phishing, adversary-in-the-middle, credential theft ]
Threat actors used adversary-in-the-middle phishing pages impersonating TikTok for Business and Google Careers to capture credentials and session cookies and hijack at least one TikTok Business account while bypassing 2FA.
