#data-theft

A vulnerability in Anthropic’s Claude Chrome extension allows other browser extensions to inject prompts and fully control AI actions without proper identity checks. Attackers can exploit the flaw to access private data, manipulate cloud files, and trigger unauthorised actions through trusted extension messaging channels.

Source: LayerX

Stealerium spreads via multi-lure phishing campaigns using ClickFix, HTA, and PowerShell loaders, exfiltrating credentials, files, clipboard data, and webcam feeds via Telegram.

Source: LevelBlue SpiderLabs

Teaser: Google DeepMind shows web-based “AI Agent Traps” can manipulate autonomous agents into stealing data, performing unauthorised transactions, and spreading misinformation.

Source: SecurityWeek | Google DeepMind

The Silent Ransom Group is conducting IT impersonation campaigns using phishing calls, remote access tools, and even in-person device access to steal sensitive data from US law firms. The group relies on legitimate administration tools to exfiltrate data without deploying ransomware encryption.

Source: FBI IC3

A coordinated campaign of 108 Chrome extensions silently siphoned logins, Telegram sessions, and browsing data from thousands of users using shared command infrastructure.

Source: Socket Threat Research Team

Ransomware is increasingly targeting virtualised environments and small victims, with data-theft-only models rising while average ransoms drop, according to Google Threat Intelligence.

Source: Google Threat Intelligence Group

A massive crypto heist has hit Balancer, where attackers exploited a code flaw to steal more than $100 million in digital assets, triggering emergency shutdowns across several linked platforms.

Source: Recorded Future News

The World Leaks group has rolled out RustyRocket malware, stealthily exfiltrating data on Windows and Linux via encrypted tunnels and covert persistent access.

Source: Infosecurity Magazine