If a Chrome extension promises to remove security pop-ups and generate MFA codes, that should make you pause. However, thirty-three people did not pause. Recently, security researchers uncovered a malicious Chrome extension called CL Suite by @CLMasters, ID jkphinfhmfkckkcnifhjiplhfoiefffl. It was uploaded to the Chrome Web Store on March 1, 2025. At the time of […]
Cyberattacks usually start with phishing emails or weak passwords. This one did not. Security researchers recently uncovered malicious browser extensions stealing ChatGPT session tokens. These extensions looked harmless. Some were even available in official extension stores. Once installed, they quietly took over active ChatGPT sessions without triggering alerts. No fake login page. No stolen password. […]
Not surprising when Trouble Ensues Last summer, the interim head of a major U.S. cybersecurity agency uploaded sensitive government contracting documents into the public version of ChatGPT. These files were marked “For Official Use Only”, meaning they were sensitive (but not secret or top secret). When placed into the public LLM, they may be used […]
And How to Fix Them Let me make an educated guess. You moved to Google Workspace because it was supposed to make things easier. Maybe surprisingly, it did! Score one for Google! However, maybe that utility was disrupted one day by someone forwarded 3,000 customer emails to their personal email on their last day of […]
Remember Heartbleed? That security nightmare from a few years back that made everyone panic about their passwords? Well, meet its distant cousin: MongoBleed. And if you’re running MongoDB anywhere in your organization, you need to know about this one. What Actually Happened? In mid-December 2025, security researchers discovered a flaw in MongoDB (a popular database […]
Remember 2020? We scanned QR codes for everything. Restaurant menus. Parking meters. That awkward moment at a wedding when someone wanted you to scan a code instead of signing a guestbook. We got comfortable. Maybe too comfortable. QR Codes Threats: A Brief History CyberHoot wrote about this threat way back in 2019. Others, like ProofPoint, […]
Phishing emails used to be easy to spot. Bad grammar. Weird links. Obvious scams. Those days are over. According to The Hacker News, a new generation of AI-powered phishing kits is making attacks smarter, faster, and much harder to resist. These tools automate phishing campaigns that once required highly skilled attackers weeks to plan and […]
Cybercriminals always follow Internet eyeballs. Not literally, but figuratively. And today’s eyeballs are shifting. While Google Search still dominates, 20-26% of Americans have switched to AI tools like ChatGPT, Claude, and Perplexity for information gathering, a number that’s growing monthly. Scammers are following this migration, moving their game from traditional SEO poisoning in Google results […]
Active Attacks on Messaging Apps The Cybersecurity and Infrastructure Security Agency (CISA) recently issued an urgent alert that should stop every organization in its tracks. Multiple threat groups are actively deploying commercial-grade spyware targeting popular messaging apps on iOS and Android devices. Their objective is clear: steal private conversations, track movements, and extract sensitive data […]
The world of work has changed enormously since COVID-19. Gone are the days when IT admins sat behind a corporate firewall with a neat row of local servers in a server room. Today, teams work from coffee shops, client sites, and home offices while critical systems live most often in the cloud. Even developers now […]
