Malicious Google Chrome extensions have stolen large language model (LLM) conversations and browser data from hundreds of thousands of users. Application security vendor Ox Security detailed a campaign in a recent research blog involving malicious Google Chrome extensions posing as legitimate extensions from a company called AItopia that adds a sidebar on websites that enables chats with popular LLMs like ChatGPT and DeepSeek. Ox researchers found that two extensions were copying the functionality of the legitimate app while also exfiltrating user conversation and browsing data to a command-and-control (C2) server. One, titled "ChatGPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI," had more than 600,000 users and a Google Chrome "Featured" badge, while the other, "AI Sidebar with Deepseek, ChatGPT, Claude and more," had over 300,000. Stay alert, the extensions according to 0x Security have been already removed, I would not be surprised if new ones are already in the store...

👀 View quoted note →

"You'd have to be braindead to believe WhatsApp is secure in 2026. When we analyzed how WhatsApp implemented its "encryption," we found multiple attack vectors" -- Pavel Durov, co-founder of the Telegram messenger. #WhatsApp

Make this viral! View quoted note →

4 in 5 small businesses had cyberscams last year, almost half were AI powered...

DataBreaches.Net

4 in 5 small businesses had cyberscams last year, almost half were AI powered - DataBreaches.Net

Wire Services report: One more reason things cost more today: cybercrime. A survey by the  Identity Theft Resource Center , a San Diego-based edu...

Stay alert!

The Hacker News

Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts

Five fake Chrome extensions impersonate Workday and NetSuite to steal cookies, block admin controls, and hijack sessions for account takeover.

Time to move your residence out of France... View quoted note →

ℹ️ For those that reside outside of USA and think thausing Amazon, Google and Microsoft cloud services or any USA cloud service is secure and private for them: . The US CLOUD Act from 2018, allows the US Government (and therefore their partners) data access regardless of storage location. . Be smart, self host your data, and if you insist in doing it wrong, encrypt your data before you upload anywhere.

CLOUD Act Resources

Season Messenger is listening to its users, read on, PFS will be back and quantum resistent cryptography is being implemented among other features.

Session

Session Protocol V2: PFS, Post-Quantum and the Future of Private Messaging

Announcing Session Protocol V2, which re-implements forward secrecy, utilizes new Post-Quantum Cryptography (PQC), and delivers improved device man...

#session #privacy #messenger

True story, but soon, that won't be an issue, LLMs are going to replace most of us in many areas and FOSS developers will probably be in the early list. I'll give it 5 years tops.

It's FOSS

Open Source Developers Are Exhausted, Unpaid, and Ready to Walk Away

The foundation of modern software is cracking under the weight of burnout.

Not that most of you give two cents about it since most don't care about privacy, but if you are one of those rare special individuals, stay away from ChatGTP #ChatGTP In yet another "Your chatbot may be leaking" moment, researchers have uncovered multiple weaknesses in OpenAI's ChatGPT that could allow an attacker to exfiltrate private information from a user's chat history and stored memories.

LOL! You can't make this shit up View quoted note →

A small number of samples can poison LLMs of any size https://www.anthropic.com/research/small-samples-poison