A Chrome browser extension with 6 million users, as well as seven other Chrome and Edge extensions, for months have been silently collecting data from every AI chatbot conversion, packaging it, and then selling it to third parties like advertisers and data brokers, according to Koi Security.

The post Google Chrome Extension is Intercepting Millions of Users’ AI Chats appeared first on Security Boulevard.

Researchers with Google Threat Intelligence Group have detected five China-nexus threat groups exploiting the maximum-security React2Shell security flaw to drop a number of malicious payloads, from backdoors to downloaders to tunnelers.

The post Google Finds Five China-Nexus Groups Exploiting React2Shell Flaw appeared first on Security Boulevard.

A data breach of credit reporting and ID verification services firm 700Credit affected 5.6 million people, allowing hackers to steal personal information of customers of the firm's client companies. 700Credit executives said the breach happened after bad actors compromised the system of a partner company.

The post Hackers Steal Personal Data in 700Credit Breach Affecting 5.6 Million appeared first on Security Boulevard.

In a nod to the evolving threat landscape that comes with cloud computing and AI and the growing supply chain threats, Microsoft is broadening its bug bounty program to reward researchers who uncover threats to its users that come from third-party code, like commercial and open source software,

The post Microsoft Expands its Bug Bounty Program to Include Third-Party Code appeared first on Security Boulevard.

As they work to fend off the rapidly expanding number of attempts by threat actors to exploit the dangerous React2Shell vulnerability, security teams are learning of two new flaws in React Server Components that could lead to denial-of-service attacks or the exposure of source code.

The post React Fixes Two New RSC Flaws as Security Teams Deal with React2Shell appeared first on Security Boulevard.

Bad actors that include nation-state groups to financially-motivated cybercriminals from across the globe are targeting the maximum-severity but easily exploitable React2Shell flaw, with threat researchers see everything from probes and backdoors to botnets and cryptominers.

The post Attackers Worldwide are Zeroing In on React2Shell Vulnerability appeared first on Security Boulevard.