Your developers are already running AI locally: Why on-device inference is the CISO’s new blind spot

Shadow AI 2.0 isn’t a hypothetical future, it’s a predictable consequence of fast hardware, easy distribution, and developer ...
The Hacker News

108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users

According to Socket, the extensions (complete list here) are published under five distinct publisher identities – Yana ...
CSO Online

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

A single unauthenticated connection gives attackers a full shell; credential theft observed in under three minutes on honeypot servers.
Security Boulevard

This fake Windows support website delivers password-stealing malware

A convincing Microsoft lookalike tricks users into downloading malware that steals passwords, payments, and account access.

LinkedIn scanning users’ browser extensions sparks controversy and two lawsuits

LinkedIn is facing two lawsuits over its practice of scanning users’ browsers to determine which extensions they’re running.
The Hacker News

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

PM This week in cybersecurity: botnets, RCE flaws, AI-driven attacks, stealers, and more. Fast, no-fluff roundup.
PCMag on MSN

LinkedIn Hit With Class-Action Lawsuits Over Browser-Extension Scanning

LinkedIn says it scans extensions to prevent invasive web scraping and calls the California lawsuits 'a house of cards built ...