It’s getting hard to tell which AI labs. are actually trying to make money. We created a rating system to help sort it out.

Yann LeCun's new venture, AMI Labs, has drawn intense attention since the AI scientist left Meta to found it.

United States missile manufacturing is failing to keep pace with the tempo of modern warfare, raising concerns about how quickly the military can replace precision weapons in a high-intensity conflict. To examine where the bottlenecks lie and how they affect readiness, Defence Blog sought comment from John Borrego, Senior Vice President of Aerospace and Defense […]

Unlike traditional attacks that rely on exploits, this succeeds through social engineering combined with abuse of Windows' own security architecture.

The post Hackers Disable Windows Security With New Malware Attack appeared first on TechRepublic.

Unlike traditional attacks that rely on exploits, this succeeds through social engineering combined with abuse of Windows' own security architecture.

The post Hackers Disable Windows Security With New Malware Attack appeared first on TechRepublic.

A three-person clean energy team in Seattle is chasing China in pursuit of an increasingly popular alternative to traditional lithium-ion batteries. Emerald Battery Labs, a startup working out of the University of Washington, recently raised just under $1.1 million in a pre-seed round to continue scaling its sodium-ion battery technology.

The burgeoning energy storage option avoids the use of lithium, which is highly sought, difficult to extract and has limited U.S. production. Sodium, by comparison, is much cheaper and comes from the same element that’s in table salt. The sodium-ion batteries also last longer and present fewer fire concerns.

Battery demand is rising rapidly as these systems pair with renewable, intermittent sources like sun and wind; enhance hydro dam capacity; provide backup power for data centers; power drones and defense devices; and work with EV charging stations to reduce grid strain during peak demand.

“As battery chemistries evolve, as technology evolves, people are going to find new ways to use energy storage technology,” said David Bell, Emerald’s co-founder and chief product officer.

Growing interest

A recent Sightline Climate survey of investors and entrepreneurs in climate tech selected sodium-ion batteries as a top-pick for a 2026 breakthrough technology, coming in just behind the use of AI for clean tech materials discovery.

But there’s already a clear leader in the space.

“China, with its powerful EV industry, has led the early push” into sodium-powered batteries, according to MIT Technology Review.

Chinese auto and battery makers Contemporary Amperex Technology Co. Ltd., or CATL, and BYD are in hot pursuit of the technology, MIT reports. CATL claims to have a sodium-ion battery line operating at scale, while BYD is building its own massive production facility.

U.S. competitors include Peak Energy, Nanode Battery Technologies and Unigrid.

While this alternative chemistry offers numerous benefits, there’s an important trade off: it’s less energy dense — meaning sodium-ion batteries need to be larger than competing technologies to deliver the same amount of power.

Emerald’s path forward

Emerald is operating out of the UW’s CoMotion Labs and using the university’s Clean Energy Testbeds for fabrication work. The startup is scaling production and looking for partners to pilot test its products.

It plans to hire additional employees in the coming year. Emerald’s investors include Seattle-based E8, a network of angel investors that backs clean-tech companies; E8 members who directly invested; and an undisclosed family venture office.

Emerald’s founders bring deep battery experience:

• Bell led product management and customer programs at Group14, which is manufacturing next generation silicon-anode materials for lithium-ion batteries, and worked at Ionic Materials.
• Kjell Schroder, CEO and chief technologist, held leadership roles at Form Energy, Ionic and EnPower.
• Aric Stocks, chief operating officer, is a trained materials engineer and former global business development leader at Group14.

New layoffs at Meta will impact 331 workers in the Seattle area and Washington state, according to a filing from the state Employment Security Department.

The company is cutting employees at four facilities located in Seattle and on the Eastside, as well as approximately 97 employees who work remotely in Washington. The layoffs are part of broader reductions in the company’s Reality Labs division, first announced last week, that impacted 1,500 jobs companywide.

The heaviest hit facility is the Reality Labs office in Redmond, followed by the Spring District office in Bellevue, according to the Worker Adjustment and Retraining Notification (WARN) filing.

Meta’s Horizon OS software engineering team, working out of a Meta office on Dexter Avenue North in Seattle, was the hardest hit single group with 20 jobs cut. Horizon OS is the extended reality operating system developed to power Meta Quest virtual reality and mixed reality headsets.

Layoffs are expected to take effect on March 20.

With about 15,000 employees, Reality Labs currently represents about 19% of Meta’s total global workforce of roughly 78,000.

The company employs thousands of people across multiple offices in the Seattle region, one of its largest engineering hubs outside Menlo Park, Calif. Last October, the Facebook parent laid off more than 100 employees in Washington state as part of a broader round of cuts within its artificial intelligence division.

The Reality Labs cuts come at a time when the company is reportedly shifting priorities away from the metaverse to build next-generation artificial intelligence.

Varonis found a “Reprompt” attack that let a single link hijack Microsoft Copilot Personal sessions and exfiltrate data; Microsoft patched it in January 2026.

The post How ‘Reprompt’ Attack Let Hackers Steal Data From Microsoft Copilot appeared first on TechRepublic.

Varonis found a “Reprompt” attack that let a single link hijack Microsoft Copilot Personal sessions and exfiltrate data; Microsoft patched it in January 2026.

The post How ‘Reprompt’ Attack Let Hackers Steal Data From Microsoft Copilot appeared first on TechRepublic.

AI companies are clustering around healthcare and fast.  In just the past week, OpenAI bought health startup Torch, Anthropic launched Claude for healthcare, and Sam Altman-backed MergeLabs closed a $250 million seed round at an $850 million valuation. The money and products are pouring into health and voice AI, but so are concerns about hallucination risks, inaccurate medical information, and […]

Claude Code has become one of the hottest AI tools in recent months — and software engineers in Seattle are taking notice.

More than 150 techies packed the house at a Claude Code meetup event in Seattle on Thursday evening, eager to trade use cases and share how they’re using Anthropic’s fast-growing technology.

Claude Code is a specialized AI tool that acts like a supercharged pair-programmer for software developers. Interest in Claude Code has surged alongside improvements to Anthropic’s underlying models that let Claude handle longer, more complex workflows.

“The biggest thing is closing the feedback loop — it can take actions on its own and look at the results of those actions, and then take the next action,” explained Carly Rector, a product engineer at Pioneer Square Labs, the Seattle startup studio that organized Thursday’s event at Thinkspace.

Software development has emerged as the first profession to be thoroughly reshaped by large language models, as AI systems move beyond answering questions to actively doing the work. Last summer GeekWire reported on a similar event in Seattle focused on Cursor, another AI coding tool that developers described as a major productivity booster.

Claude Code is “one of a new generation of AI coding tools that represent a sudden capability leap in AI in the past month or so,” wrote Ethan Mollick, a Wharton professor and AI researcher, in a Jan. 7 blog post.

Mollick notes that these tools are better at self-correcting their own errors and now have “agentic harness” that helps them work around long-standing AI limitations, including context-window constraints that affect how much information models can remember.

On stage at Thursday’s event, Rector demoed an app that automatically fixed front-end bugs by having Claude Code control a browser. Johnny Leung, a software engineer at Stripe, said Claude Code has changed how he thinks about being a developer. “It’s kind of evolving the mentality from just writing code to becoming like an architect, almost like a product manager,” he said on stage during his demo.

R. Conner Howell, a software engineer in Seattle, showed how Claude Code can act as a personal cycling coach, querying performance data from databases and generating custom training plans — an example of the tool’s impact extending beyond traditional software development.

Earlier this week Anthropic — which is reportedly raising another $10 billion at a $350 billion valuation — released Claude Cowork, essentially Claude Code’s non-developer cousin that is built for everyday knowledge work instead of just programming. Anthropic on Friday expanded access to Cowork.

AI coding tools are energizing longtime software developers like Damon Cortesi, who co-founded Seattle startup Simply Measured in 2010 and is now an engineer at Airbnb. He said Thursday’s event was the first tech meetup he’s attended in more than five years.

“There’s no limit to what I can think about and put out there and actually make real,” he said.

In a post titled “How Claude Reset the AI Race,” New York Magazine columnist John Herrman noted the growing concern around coding automation and job displacement. “If you work in software development, the future feels incredibly uncertain,” he wrote.

Anthropic, which opened an office in Seattle in 2024, said it used Claude Code to build Claude Cowork itself. However, analysts at William Blair issued a report this week expressing skepticism that other businesses will simply start building their own software with these new AI tools.

“Vibe coding and AI code generation certainly make it easier to build software, but the technical barriers to coding have not been the drivers of software moats for some time,” they wrote. “For the most successful and scaled software companies, determining what to build next and how it should function within a broader system is fundamentally more important and more challenging than the technical act of building and coding it.”

For now, Claude Code is being rapidly adopted. The tool reached a $1 billion run rate six months after launch in May. OpenAI’s Codex and Google’s Antigravity offer similar capabilities.

“We’re excited to see all the cool things you do with Claude Code,” Caleb John, a Seattle entrepreneur working at Pioneer Square Labs, told the crowd. “It’s really a new era of software development.”

Editor’s note: This story has been updated to reflect that the report cited was from William Blair.

Merge Labs is a “research lab” dedicated to “bridging biological and artificial intelligence to maximize human ability.” OpenAI wrote the largest check in Merge Labs' $250 million seed round at an $850 million valuation.

Ripple announced Wednesday that it has received a preliminary Electronic Money Institution (EMI) license from Luxembourg’s Commission de Surveillance du Secteur Financier (CSSF). This follows on the heels of a similar license and Crypto asset Registration given by the UK’s Financial Conduct Authority (FCA) last Friday.

EU Regulatory Progress

In its press release, Ripple emphasized that these new licenses contribute to its extensive portfolio, now exceeding 75 regulatory approvals worldwide, positioning Ripple as one of the most licensed cryptocurrency companies globally. 

Monica Long, President of Ripple, remarked on the significance of the European Union’s evolving stance regarding digital assets: 

The EU was among the first major jurisdictions to introduce comprehensive digital assets regulation, which provides the certainty that financial institutions need to transition from pilot programs to large-scale commercial operations. 

By expanding its licensing capabilities and refining its payment solutions, the crypto giant aims to facilitate the movement of value and unlock what it describes as “trillions of dollars in dormant capital,” pushing legacy financial systems into a digital era.

Cassie Craddock, Managing Director for the UK and Europe at Ripple, echoed this sentiment, praising Luxembourg’s progressive regulatory environment toward digital assets stating: 

Thanks to the CSSF’s sophisticated supervisory approach, Luxembourg is establishing itself as a hub for financial innovation by delivering the harmonized framework and legal certainty that our industry requires.

She highlighted that this preliminary approval is a crucial milestone, enabling Ripple to offer essential blockchain infrastructure to clients throughout the European Union. 

The preliminary approval, which arrives in the form of a ‘Green Light Letter’ from the CSSF, represents a vital step towards Ripple securing its full EMI authorization, contingent upon meeting specific conditions.

Ripple Highlights UK As Key Market

In its recent announcement regarding the UK, Ripple underscored the importance of the country in its broader global strategy, noting that London houses its largest office outside the United States since 2016. 

Notably, the company has demonstrated its commitment to the UK market through ongoing investments, which include a growing workforce and support for the local blockchain and developer ecosystem. 

Additionally, Ripple has contributed significantly to UK-based blockchain developers and startups, as well as committing over £5 million to UK universities through its flagship University Blockchain Research Initiative (UBRI) program.

In a statement addressing these developments, Stuart Alderoty, Chief Legal Officer at Ripple, expressed pride in the progress made with the EMI license and Cryptoasset Registration from the FCA: 

This is yet another major step forward, and it signals positive momentum for the UK’s digital assets industry, underscoring Ripple’s licensing achievements globally. 

At the time of writing, XRP was trading at $2.1485, up slightly more than 3% in the past 24 hours as the broader crypto market has recovered since the start of the year. 

Featured image from DALL-E, chart from TradingView.com 

The publication noted that Reality Labs had roughly 15,000 employees, and the job cuts could impact over 1,000 people.

Meta’s VR gaming push is shrinking, and you’ll feel it. Reality Labs layoffs and the closure of the studios behind Resident Evil 4 and Deadpool point to fewer big exclusives for Quest owners.

The post Meta’s VR gaming push is shrinking, and you’ll feel it appeared first on Digital Trends.

Coinme, a Seattle-based cryptocurrency startup that got its start more than a decade ago with a network of bitcoin ATMs, has agreed to be acquired by blockchain payments company Polygon Labs.

Polygon said it also plans to acquire wallet provider Sequence as part of a combined acquisition valued at more than $250 million.

Coinme CEO and co-founder Neil Bergquist told GeekWire that Coinme’s portion of the deal was in the nine-figure range.

Founded in 2014, Coinme lets people buy crypto with cash at kiosks and says it runs the largest crypto cash network in the U.S. through partnerships with MoneyGram and Coinstar. The company holds money‑transmitter licenses and compliance infrastructure that allow it to operate in 48 U.S. states. Last year, the company surpassed $1 billion in transaction volume and became profitable for the first time.

The acquisition effectively plugs Coinme’s U.S. licenses, compliance stack, and cash‑to‑crypto distribution network into Polygon’s global blockchain payments rails. It gives the Seattle startup a new home inside a larger push to make stablecoin payments a standard part of the broader financial system.

The acquisition comes less than a month after Coinme was hit with a cease-and-desist order from Washington state regulators. The Washington state Department of Financial Institutions had ordered Coinme to stop transmitting money for customers, alleging the startup improperly claimed more than $8 million in customer funds as its own income.

On Dec. 30, Coinme said it reached an agreement with regulators to pause the temporary cease-and-desist order, clearing the way for the company to resume operations in the state. The company had called the original charges an accounting dispute over a discontinued voucher product.

Bergquist said the acquisition deal with Polygon was brokered before the cease-and-desist order.

The acquisition is expected to close in the second quarter of 2026. Coinme will continue operating its regulated exchange, wallet, and crypto-as-a-service platform while contributing its licensing, compliance and payments infrastructure to Polygon Labs’ Open Money Stack.

“As a wholly owned subsidiary of Polygon, Coinme will remain true to who we are, with the same team and mission, now with the resources and reach to take it even further,” Bergquist said in a statement to GeekWire. “We’ll keep doing what we do best: making digital assets accessible to everyone, now at an even greater scale.”

Polygon, which raised a $450 million round in 2022 from investors including Sequoia Capital and SoftBank, said it supports millions of transactions daily for large banks, enterprises, and consumer apps.

In a LinkedIn post, Bergquist said a “shared vision and the need to build faster” led to the deal with Polygon.

“Coinme has tackled the regulatory requirements and crypto infrastructure, but the customer application layer must catch up,” he wrote. “Combined with clear federal regulatory support for stablecoins, including the GENIUS Act, consumers want an alternative to dollars trapped in bank accounts, and they want it now.”

Coinme raised more than $40 million, including a $10 million round in 2021. Investors include Pantera Capital; Digital Currency Group; Coinstar; Circle; and MoneyGram. The company has 53 employees.

“A big THANK YOU to Seattle-area Angels,” Bergquist wrote in his post. “You’re the reason we have a vibrant startup ecosystem (and the reason Coinme exists).”

The company said it took only five months to go from $200 million to $330 million in annual recurring revenue.

Meta is planning to lay off around 10% of the employees in its Reality Labs division, The New York Times reported Monday.

The division — which employs roughly 15,000 people — has a strong presence in the Seattle area and is responsible for the company’s “metaverse” technologies that work in conjunction with augmented and virtual reality, including for products such as VR headsets and a VR-based social network.

Update: The Wall Street Journal reported Wednesday that 1,500 employees were let go.

The Times cited people with knowledge of the layoff discussions, which the newspaper said come at a time when the company is shifting priorities to build next-generation artificial intelligence.

A Meta spokesperson declined to comment when reached by GeekWire.

Business Insider reported that Meta CTO Andrew Bosworth, the head of Reality Labs, called an all-hands meeting for Wednesday. Sources told BI that employees were strongly encouraged to attend in person.

Reality Labs currently represents about 19% of Meta’s total global workforce of roughly 78,000.

Meta employs thousands of people across multiple offices in the Seattle region, one of its largest engineering hubs outside Menlo Park, Calif. Last October, the company laid off more than 100 employees in Washington state as part of a broader round of cuts within its artificial intelligence division.

Meta CEO Mark Zuckerberg visited a Reality Labs facility in Redmond in 2022 to demonstrate how wearables such as wristbands can control devices with small muscle movements.

The Washington State Department of Labor & Industries cited Meta in November 2022 for alleged safety violations in a cleanroom at Meta’s “Matrix” facility in Redmond. The specially designed space was engineered to filter pollutants such as dust, airborne microbes, and aerosol particles. In January 2024 the state ordered the room shut down.

Browser extensions have become essential parts of how we browse, bank, work, and shop online. From password managers to ad blockers, these tools can significantly improve your digital life when chosen wisely. Chief among these are browser plug-ins, which extend its functionality. Almost all popular browsers support these extensions, unfortunately, making them one of the most commonly used malware attack vectors.

In this guide, you will learn about the advantages and security risks of browser extensions, the role that permissions play in ensuring your privacy when using these extensions, and some best practices when using them.

Browser extensions and their malicious counterparts

Browser extensions are small software programs that enhance your web browser by adding new functionality or modifying existing ones. Think of them as helpful extra tools that can block ads, manage passwords, check prices while shopping, or customize how websites look and behave. Legitimate extensions make your browsing experience more efficient and enjoyable.

Cybercriminals, however, have taken advantage of their popularity by creating malicious versions disguised as useful tools that secretly operate with harmful intentions. Some of these malicious browser extensions access and modify web pages, monitor your browsing activity, and interact with websites on your behalf.

While legitimate extensions request only the minimum permissions necessary for their stated purpose, malicious extensions often request more permissions than they need to access your browsing data and history.

Core tactics of malicious browser extensions

Malicious browser extensions typically operate through specific methods that can significantly impact your daily online activities, from casual browsing to important financial transactions, including:

• Permission abuse occurs when an extension requests far more access than it needs to operate. For example, a weather extension that claims to show local forecasts might request permission to track the websites you visit, allowing it to monitor everything you do online and capture sensitive information such as passwords and credit card numbers without your knowledge.
• Ad injection is where malicious extensions insert unwanted advertisements into web pages you’re viewing, appearing as pop-ups, banner ads, or even replacing legitimate advertisements with malicious ones. These injected ads disrupt your browsing experience, can lead to scam websites, or attempt to trick you into downloading additional malware.
• Data theft is one of the most serious threats posed by malicious extensions. These programs can silently capture everything you type, including usernames, passwords, credit card information, and personal details, exposing your personal information to cybercriminals. When you log into your online banking or online shopping account, the malicious extension might record your login credentials and account information.
• Traffic redirection involves redirecting your legitimate web traffic to scam websites designed to steal your information or trick you into making fraudulent purchases. This is particularly dangerous when you’re trying to access your bank’s website or other financial services, but are redirected to a convincing fake site that could capture your login credentials.
• Drive-by downloads can be triggered by these ill-intentioned browser extensions when you visit specific websites, click on seemingly innocent links or files, or even during routine browsing activities. The links and files are disguised as legitimate software updates, media files, or useful applications that, in fact, could infect your device with ransomware, keyloggers, or other types of malware.
• Cryptocurrency mining extensions secretly use your computer’s processing power to mine cryptocurrency for the extension creator, running resource-intensive calculations in the background without your knowledge or consent. This unauthorized mining activity causes your device to run more slowly, drain your laptop battery faster, consume more electricity, generate excess heat, and potentially shorten your hardware’s lifespan.

The impact of malicious browser extensions

If not caught, malicious extensions can disrupt your daily life and compromise your personal security.

Malicious extensions violate your privacy when they monitor your online behavior and track the websites you view, build a profile of your habits and preferences, and even obtain your home address and other personal details. These details can be used for identity theft, social engineering attacks, or sold to data brokers, ultimately compromising your privacy and potentially affecting your real-world safety and financial security.

When it comes to online shopping, some malicious extensions could pressure you into hasty purchase decisions, intercept your checkout process, and capture your payment information. Once cybercriminals have your shopping account credentials, they can impersonate you to make unauthorized purchases.

Similar incidents could happen with your banking and financial accounts. Malicious browser extensions can steal your login credentials, account numbers, transaction details, and eventually your money. Some cybercriminals have gone as far as opening new accounts and applying for loans using your stolen information.

The most insidious aspect of malicious browser extensions is their ability to operate silently in the background while maintaining the appearance of legitimate functionality. A malicious extension might continue providing its advertised service—such as weather updates or price comparisons—while simultaneously conducting harmful activities, making them effective at avoiding detection.

On top of the higher electricity bills, degraded device performance and browsing experience, and wasted network bandwidth, malicious extensions violate your values by turning your device into an unwitting money-making tool for cybercriminals while you bear the operational costs. Furthermore, malicious extensions could potentially expose you to additional malware or scams, and involve you in fraudulent advertising schemes.

Their impact extends beyond your own device and could affect your entire household. On the shared networks and devices, malicious extensions can spread and compromise other users.

Guidelines to stay safe with browser extensions

Chrome extensions can absolutely be safe to use when you approach them with the right knowledge and precautions. The vast majority of extensions on the official Chrome Web Store undergo Google’s review process and are built by legitimate, reputable developers who aim to enhance your browsing experience and follow security best practices.

Additionally, the Chrome Web Store’s rating system and user reviews provide valuable insights into an extension’s reliability and performance. When you stick to well-established extensions with thousands of positive reviews and regular updates, you’re generally in safe territory.

However, the extension ecosystem does present a few security challenges. The primary risks come from two main areas: permission abuse and post-installation behavior changes. When you install an extension, you give it permission to access various aspects of your browsing data and your device. Some extensions may request more permissions than they actually need, creating potential privacy and security vulnerabilities. Even more concerning, some extensions start with benign functionality but later receive updates that introduce malicious features or get sold to malicious actors who update them with data-harvesting capabilities, turning a once-safe extension into a potential threat.

To help you navigate these challenges safely, here’s a practical risk assessment framework you can use before installing any Chrome extension. This systematic approach takes just a few minutes but can save you from potential headaches down the road.

Step 1: Evaluate the source’s reputation

Start by examining who created the extension. Look for extensions developed by well-known companies or developers with established track records. Check the developer’s website and other extensions they’ve created. Extensions from companies like Google, Microsoft, or other recognized tech firms generally carry lower risk profiles. For individual developers, look for those who maintain a professional online presence and have created multiple successful extensions.

Step 2: Analyze user reviews and ratings

Don’t just glance at the overall star rating. Read the actual reviews, look for patterns in user feedback, and pay special attention to recent comments that might indicate changes in the extension’s behavior. Be wary of extensions with suspiciously perfect ratings or reviews that seem artificially generated. Legitimate extensions typically have a mix of ratings with detailed, specific feedback from real users.

Step 3: Examine permission requests carefully

This is perhaps the most critical step in your assessment. When you click “Add to Chrome,” pay close attention to the permission dialog that appears. Question if the requested permissions make sense for the tool’s functionality and be particularly cautious of extensions requesting broad permissions such as “Read and change all your data on the websites you visit.”

Step 4: Check installation numbers and update history

Extensions with millions of users and regular updates are generally safer bets than those with just a few hundred installations. However, don’t let high installation numbers alone convince you. Look for extensions that receive regular updates, which indicates active maintenance and ongoing security attention from developers.

Step 5: Research recent security issues

Before installing, do a quick web search for the extension name with terms like “security,” “malware,” or “removed.” This will reveal any recent security incidents or concerns that other users have reported. Security researchers and tech blogs often publish warnings about problematic extensions, information that can be invaluable in your decision-making process.

Ongoing browser security

The security landscape changes constantly, and extensions that are safe today might develop problems in the future. This is why ongoing vigilance is just as important as your initial assessment.

• Install only as needed: Adopt a minimalist approach to installing extensions, as every browser extension you add increases your attack surface. Only install those you absolutely need.
• Regularly audit your installed extensions: Set a reminder to review your extensions every few months, removing any that you no longer use or that haven’t been updated recently. This reduces your attack surface and helps keep your browser running efficiently.
• Be wary of unrealistic benefits: When adding new browser extensions, be cautious of those that promise fantastic functions such as dramatically increasing internet speed or providing access to premium content for free. Extensions that require you to create accounts with suspicious email verification processes or that ask for payment information outside of Google’s official channels should also raise red flags.
• Be cautious of duplicate functions: Be suspicious if the extension is replicating functionality already built into Chrome, as these often exist primarily to harvest user data. Extensions with generic names, poor grammar in their descriptions, or unprofessional-looking icons and screenshots indicate lower development standards and potentially higher security risks.
• Install only from official stores: While not perfect, official browser stores offer significantly more security oversight than third-party sources or direct installation methods. Their layers of security screening include automated malware detection, manual code reviews for popular extensions, continuous monitoring for suspicious behavior, review systems, and developer verification processes.
• Enable automatic updates and smart monitoring: Browser updates often include enhanced extension security and additional protection mechanisms that help detect and prevent malicious extension behavior. In addition, implement a monitoring system to identify extensions that update unusually frequently or at suspicious times, such as during periods you’re less likely to notice behavioral changes.
• Deploy comprehensive protections: Integrate your browser extension security with broader security measures that can monitor extension behavior and detect suspicious activities such as unauthorized data access, unexpected network connections, or attempts to modify system files. These tools use behavioral analysis and machine learning to identify malicious patterns that might not be apparent through manual observation.
• Secure your shopping and banking accounts: Your financial transactions and shopping activities represent high-value targets that need specialized protections. Consider using a dedicated browser for financial activities to isolate your transactions or temporarily disable extensions not related to security or privacy. Enable multi-factor authentication to prevent unauthorized access even if a malicious extension captures your primary login credentials.
• Create a positive security routine: Establish straightforward security routines that include the measures listed above to ensure that your shopping, banking, and general browsing activities remain secure while still allowing you to benefit from the enhanced functionality that well-designed extensions provide.

Thankfully, Google continues to improve its security measures for the Chrome Web Store by implementing stricter review processes for extensions and enhancing its ability to detect and remove malicious extensions after they’ve been published. For additional protection, enable Chrome’s Enhanced Safe Browsing, under the browser’s Privacy and Security section.

Malicious browser extensions also pose similar threats across all major browser ecosystems, with attackers targeting the same vulnerabilities: excessive permissions, post-installation payload updates, and social engineering tactics.

Safari’s extension model, while more restrictive, still allows extensions to access browsing data and modify web content when you grant permissions. Microsoft Edge, built on Chromium, shares Chrome’s extension architecture and therefore inherits many of the same security challenges, though Microsoft has implemented additional screening measures for their Edge Add-ons store. Regardless of which browser you use, the fundamental protection strategies remain consistent.

Action plan if you’ve installed a malicious extension

If you suspect you’ve installed a malicious browser extension by mistake, speed matters in the race to protect your accounts. Follow this clear, step-by-step guide to remove the extension, secure your accounts, and check for any signs of compromise.

1. Immediately disconnect sensitive accounts: Sign out of all banking, shopping, and financial accounts you’ve accessed recently. Malicious extensions can capture session tokens and credentials in real-time, making immediate disconnection critical to prevent unauthorized access.
2. Remove the malicious extension completely: Open your browser settings and navigate to the Extensions or Add-ons section. Locate the suspicious extension and click “Remove” or “Uninstall.” Don’t just disable it. Check for related extensions that may have been installed simultaneously, as malicious extensions often come in bundles.
3. Clear all cookies and site data: Go to your browser’s privacy settings and clear all stored cookies, cached data, and site data to remove persistent tracking mechanisms or stored credentials the malicious extension may have accessed or modified. Pay special attention to clearing data from the past 30 days or since you first noticed suspicious activity.
4. Change all your passwords immediately: Start with your most sensitive accounts—banking, email, and work credentials—followed by all other accounts. Use strong, unique passwords that will make it difficult for the malicious extensions to attempt to access your accounts again. As mentioned earlier, enable multi-factor authentication.
5. Run a comprehensive security scan: Use reputable security software such as McAfee+ to perform full system scans on all devices where you’ve accessed sensitive accounts. Because malicious extensions can download additional malware or leave traces, it is best to schedule follow-up scans over the next few days to catch any delayed payloads.
6. Review all account activity thoroughly: Many malicious extensions operate silently for weeks before executing their primary payload. So keep monitoring your login history, transaction records, and changes in account settings across all your accounts, and look for any unauthorized transactions.
7. Set up account alerts: Set up automated account alerts for all transactions and closely monitor your bank and credit card statements for the next 60-90 days. Place fraud alerts with major credit bureaus if you suspect identity information may have been compromised.

Final thoughts

Browser extensions offer great functionality and convenience, but could introduce cybersecurity risks. With the right combination of smart browsing habits, regular security audits, and comprehensive protection tools, and staying informed, you can safely explore the web, manage your finances online, and shop without worry.

Make it a habit to question your intent to install a new extension, and download only from official browser stores. Review your installed extensions monthly—determine if each one still serves your needs. These practices, combined with keeping your browser and operating system updated, and employing trusted security software, reinforce your defense against evolving online threats. Remember to research any new browser extensions thoroughly before installation, checking developer credentials and reading recent user reviews to identify which browser extensions to avoid.

The post Learn to Identify and Avoid Malicious Browser Extensions appeared first on McAfee Blog.

Jamf security experts have found a new version of MacSync Stealer. Disguised as a zk-call app, it uses official notarization to bypass security and steal your saved passwords.