Microsoft disrupted StegoAd, a malicious browser extension campaign affecting up to 2.6 million users. StegoAd used hidden payloads, delayed execution and steganography to evade browser security ...
Microsoft found a fake Perplexity AI Chrome extension that rerouted searches through attacker servers. Here’s what users ...
Researchers say attackers are extending AI-themed social engineering from phishing campaigns to browser extensions.
The campaign spans npm, Packagist, Go, and Chrome, using obfuscated JavaScript loaders and VS Code tasks to deliver malware.
Microsoft warns that MCP tool descriptions can be manipulated to redirect AI agents, exposing sensitive data through trusted ...
Explore the latest news and expert commentary on Application Security, brought to you by the editors of Dark Reading ...
This week’s security news is mostly about weak spots. Browsers, bots, sandboxes, AI systems, and email flows all show the same problem in different ways. Everything looks normal until someone tests a ...