Close Menu
TechZappi

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Google

    September 5, 2025

    TikTok Expands Messaging with Voice Notes and Media Sharing

    August 29, 2025

    Meta Introduces Stricter AI Chatbot Safeguards for Teen Users

    August 29, 2025
    Facebook X (Twitter) Instagram
    Facebook X (Twitter) Instagram Vimeo
    TechZappi
    Subscribe Login
    • Home
    • AI

      Meta Introduces Stricter AI Chatbot Safeguards for Teen Users

      August 29, 2025

      Google Revamps Pixel Buds with AI Upgrades and Smarter Features

      August 21, 2025

      Google Finance Gets AI Boost with Smarter Insights and Live Market Updates

      August 10, 2025

      xAI’s Top Lawyer Resigns After a Year, Citing Family and Vision Differences

      August 7, 2025

      OpenAI Unveils Study Mode in ChatGPT to Encourage Student Engagement

      July 29, 2025
    • Technology
      1. AI
      2. Cybersecurity
      3. Crypto
      4. App
      5. Security
      6. View All

      Meta Introduces Stricter AI Chatbot Safeguards for Teen Users

      August 29, 2025

      Google Revamps Pixel Buds with AI Upgrades and Smarter Features

      August 21, 2025

      Google Finance Gets AI Boost with Smarter Insights and Live Market Updates

      August 10, 2025

      xAI’s Top Lawyer Resigns After a Year, Citing Family and Vision Differences

      August 7, 2025

      FBI Confirms Chinese Hackers Breached Over 200 U.S. Companies

      August 27, 2025

      EA Blocks Over 300,000 Cheating Attempts in Battlefield 6 Beta Launch

      August 11, 2025

      Cybercriminal Uses Voice Scam to Breach Cisco Customer Data

      August 5, 2025

      Minnesota Deploys National Guard After Cyberattack Paralyzes Saint Paul City Systems

      July 30, 2025

      Robinhood Acquires Bitstamp for $200M to Bolster Crypto Presence

      July 18, 2024

      CoinDCX Expands Globally with Acquisition of BitOasis

      July 4, 2024

      IRS Finalizes New Regulations for Crypto Tax Reporting

      July 4, 2024

      EU Privacy Decision Looms for Worldcoin Amid Ongoing Controversy

      June 4, 2024

      TikTok Expands Messaging with Voice Notes and Media Sharing

      August 29, 2025

      Google Photos Now Lets You Edit Pictures with Your Voice or Text

      August 21, 2025

      iOS 26 Beta 6 Brings Fresh Ringtones, Faster App Launches, and UI Refinements

      August 12, 2025

      Openvibe Expands Beyond Social Feeds with New RSS Integration

      August 8, 2025

      Kaspersky to Cease US Operations and Lay Off Employees Following Government Ban

      July 17, 2024

      Data Breach Exposes Millions of mSpy Customers’ Data

      July 12, 2024

      HealthEquity Describes Data Breach as an ‘Isolated Incident’

      July 4, 2024

      Twilio Confirms Hackers Accessed Cell Phone Numbers of Authy Users

      July 4, 2024

      TikTok Expands Messaging with Voice Notes and Media Sharing

      August 29, 2025

      Meta Introduces Stricter AI Chatbot Safeguards for Teen Users

      August 29, 2025

      FBI Confirms Chinese Hackers Breached Over 200 U.S. Companies

      August 27, 2025

      Google Photos Now Lets You Edit Pictures with Your Voice or Text

      August 21, 2025
    • Contact
    TechZappi
    Home»Technology»Cybersecurity»Hackers Hijack Chrome Extension to Steal Passwords and Sessions
    Cybersecurity

    Hackers Hijack Chrome Extension to Steal Passwords and Sessions

    adminBy adminDecember 27, 2024Updated:December 31, 2024No Comments2 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp VKontakte Email
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Cybersecurity startup Cyberhaven has reported a significant breach involving its Chrome browser extension, which was exploited by hackers to steal user credentials and session tokens. The incident, described as a potential supply-chain attack, was disclosed in an email to affected customers.

    The breach occurred when attackers compromised a company account to release a malicious update (version 24.10.4) to Cyberhaven’s Chrome extension on December 25. The update allowed the theft of sensitive user data, including authenticated sessions and cookies, which could be exploited to access accounts without needing passwords or two-factor authentication. Cyberhaven detected the issue later that day, removed the malicious extension from the Chrome Web Store, and released a secure version (24.10.5) shortly after.

    Cyberhaven, which specializes in data-loss prevention and protecting against cyberattacks, has approximately 400,000 corporate users for its browser extension. Its clientele includes major companies such as Motorola, Reddit, Snowflake, law firms, and health insurance providers. However, the company declined to disclose how many customers were affected.

    In the email to customers, Cyberhaven advised users to revoke and reset all passwords and API tokens while reviewing activity logs for suspicious behavior. The email also warned that session tokens and cookies stolen by attackers could bypass standard security measures. However, the company did not specify whether credentials saved in the Chrome browser should also be updated.

    The compromised account used to publish the malicious update was identified as the “single admin account for the Google Chrome Store.” Cyberhaven did not clarify how this account was breached or detail the security policies in place at the time. The company has since initiated a thorough review of its security practices and plans to implement stronger safeguards.

    To investigate the incident, Cyberhaven has enlisted the support of Mandiant, an incident response firm, and is cooperating with federal law enforcement.

    Cyberhaven’s breach appears to be part of a broader campaign targeting Chrome extension developers. Jaime Blasco, co-founder and CTO of Nudge Security, noted that multiple extensions, some with tens of thousands of users, were affected by similar attacks earlier this year. These breaches included extensions related to AI, productivity, and VPNs.

    Blasco suggested that attackers opportunistically targeted extensions based on compromised developer credentials, rather than specifically focusing on Cyberhaven. The identity of the group behind the campaign remains unknown, and other impacted companies have yet to be identified.

    cybersecurity
    Share. Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp Email
    Previous ArticleApp Downloads Decline Slightly in 2024 as Consumer Spending Surges to $127 Billion
    Next Article Nonprofit Challenges OpenAI’s Shift to For-Profit Model
    admin
    • Website

    Related Posts

    TikTok Expands Messaging with Voice Notes and Media Sharing

    August 29, 2025

    Meta Introduces Stricter AI Chatbot Safeguards for Teen Users

    August 29, 2025

    FBI Confirms Chinese Hackers Breached Over 200 U.S. Companies

    August 27, 2025

    Google Photos Now Lets You Edit Pictures with Your Voice or Text

    August 21, 2025
    Leave A Reply Cancel Reply

    Our Picks

    Remember! Bad Habits That Make a Big Impact on Your Lifestyle

    January 13, 2021

    The Right Morning Routine Can Keep You Energized & Happy

    January 13, 2021

    How to Make Perfume Last Longer Than Before

    January 13, 2021

    Stay off Social Media and Still Keep an Online Social Life

    January 13, 2021
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Don't Miss

    Google

    By adminSeptember 5, 20250

    google https://www.google.com/

    TikTok Expands Messaging with Voice Notes and Media Sharing

    August 29, 2025

    Meta Introduces Stricter AI Chatbot Safeguards for Teen Users

    August 29, 2025

    FBI Confirms Chinese Hackers Breached Over 200 U.S. Companies

    August 27, 2025

    Subscribe to Updates

    Get the latest creative news from SmartMag about art & design.

      About Us
      About Us
      Our Picks

      Remember! Bad Habits That Make a Big Impact on Your Lifestyle

      January 13, 2021

      The Right Morning Routine Can Keep You Energized & Happy

      January 13, 2021

      How to Make Perfume Last Longer Than Before

      January 13, 2021
      New Comments
        Facebook X (Twitter) Instagram Pinterest
        • Home
        • Politics
        • Business
        • Technology
        © 2025 TechZappi. All Rights Reserved.

        Type above and press Enter to search. Press Esc to cancel.

        Sign In or Register

        Welcome Back!

        Login to your account below.

        Lost password?