On December 26, 2024, Cyberhaven disclosed a significant supply chain attack targeting Chrome browser extensions. The attackers leveraged phishing emails to deceive extension developers into authorizing a malicious OAuth application. This application granted the attackers permissions to publish compromised versions of legitimate Chrome extensions on the Chrome Web Store. The campaign, which began in mid-November … Continue reading Supply Chain Attack Targets Chrome Extensions to Deliver Malicious Code