29 Chrome Extensions Steal ChatGPT Tokens, Hijack Affiliate Links
Security researchers discover 29 malicious Chrome extensions stealing ChatGPT...
#CyberSecurity #AI https://t.co/QvtndHhxvj
Security researchers discover 29 malicious Chrome extensions stealing ChatGPT...
#CyberSecurity #AI https://t.co/QvtndHhxvj
0
3
6
2.2K
1
Hackers Use Fake Roblox Mods to Target Kids and Breach Companies
Cybercriminals are exploiting fake Roblox game modifications to target childr...
#CyberSecurity https://t.co/LWZnVHLACE
Cybercriminals are exploiting fake Roblox game modifications to target childr...
#CyberSecurity https://t.co/LWZnVHLACE
0
2
5
952
0
UK warning: pro-Russian hacktivist DDoS activity is ongoing and now a strategic risk for online services and critical operators.
Based on the latest NCSC alert, disruption is the goal, not data theft.
Full breakdown: https://t.co/3RptpHZxae
#CyberSecurity #DDoS #NCSC #UK
Based on the latest NCSC alert, disruption is the goal, not data theft.
Full breakdown: https://t.co/3RptpHZxae
#CyberSecurity #DDoS #NCSC #UK
1
3
6
2.4K
0
Google is testing a new “Skills” layer for Gemini in Chrome, including a chrome://skills page where users can define named instructions for repeatable tasks.
It’s a clear shift from “AI helper” to agentic browser automation, with big implications for control, safety, and
It’s a clear shift from “AI helper” to agentic browser automation, with big implications for control, safety, and
0
4
5
1.1K
0
CIRO says a phishing attack (Aug 2025) led to a data breach impacting ~750,000 Canadian investors.
Exposed data may include DOB, phone numbers, income, SIN, government IDs, account numbers & statements , but no passwords/PINs. What to do + details
👇
https://t.co/0u6O5lzy8m
Exposed data may include DOB, phone numbers, income, SIN, government IDs, account numbers & statements , but no passwords/PINs. What to do + details
👇
https://t.co/0u6O5lzy8m
0
3
5
378
0
Cisco has patched a Cisco AsyncOS zero-day tracked as CVE-2025-20393 - a serious issue that could allow root-level RCE under the right conditions.
If you run Cisco email/web security appliances:
- Patch ASAP (validate AsyncOS build versions)
- Review admin access + exposed
If you run Cisco email/web security appliances:
- Patch ASAP (validate AsyncOS build versions)
- Review admin access + exposed
1
4
5
1.2K
0
SHADOW#REACTOR is a nasty Remcos RAT delivery chain that’s more about the loader framework than the payload.
It uses text-only stagers + PowerShell reconstruction, then hands off execution to MSBuild.exe (LOLBin) to blend in and shrink detection windows. Watch for wscript.exe ->
It uses text-only stagers + PowerShell reconstruction, then hands off execution to MSBuild.exe (LOLBin) to blend in and shrink detection windows. Watch for wscript.exe ->
0
4
5
789
0
🚨 Fortinet FortiSIEM RCE (CVE-2025-64155)
A critical flaw in FortiSIEM (reported in phMonitor) can allow unauthenticated remote code execution, putting monitoring stacks and the networks behind them at serious risk.
✅ What to do now:
Patch/upgrade FortiSIEM immediately
A critical flaw in FortiSIEM (reported in phMonitor) can allow unauthenticated remote code execution, putting monitoring stacks and the networks behind them at serious risk.
✅ What to do now:
Patch/upgrade FortiSIEM immediately
0
4
5
508
0
🚨 Node.js security alert (CVE-2025-59466)
A flaw tied to async_hooks can trigger an unrecoverable crash (DoS) in certain scenarios. If you run Node.js in prod (APIs, workers, serverless), this is worth a fast triage.
✅ Impact breakdown
✅ Who’s at risk
🔗
A flaw tied to async_hooks can trigger an unrecoverable crash (DoS) in certain scenarios. If you run Node.js in prod (APIs, workers, serverless), this is worth a fast triage.
✅ Impact breakdown
✅ Who’s at risk
🔗
0
4
5
253
0
New threat to crypto ops teams: a malicious Chrome extension targeting MEXC users can steal API keys and turn them into real-world losses by enabling unauthorized withdrawals.
If you use exchange APIs:
- Audit browser extensions on admin/trading workstations
- Rotate API keys
If you use exchange APIs:
- Audit browser extensions on admin/trading workstations
- Rotate API keys
1
4
5
933
0
🚨 CRITICAL: One click on a Telegram proxy link can expose your real IP address.
Even if you decline to add the proxy, the connection test reveals your location to attackers.
Affects Android & iOS clients.
If your threat model includes state surveillance or stalking, this is
Even if you decline to add the proxy, the connection test reveals your location to attackers.
Affects Android & iOS clients.
If your threat model includes state surveillance or stalking, this is
0
6
6
1.3K
0
A new “Discord breach” claim says HawkSec is auctioning a 78,541,207-file dataset. The details look more like mass scraping of public servers than a platform compromise, but the risk is still real: indexing enables profiling, harassment, and targeted phishing.
What to watch and
What to watch and
0
4
5
362
0
ENISA is facing scrutiny after researchers found broken and seemingly fabricated citations in official EU cybersecurity reports. ENISA has since revised the Threat Landscape document and edited links, but the bigger lesson is clear: citation integrity is part of the trust chain
0
5
6
460
0
🚨 CRITICAL: Chinese-linked hackers exploited ESXi zero-days for VM escape.
Attack chain: 1. SonicWall VPN compromise
2. Pivot to VMware environment
3. Deploy VSOCK backdoor on hypervisor
4. Control from any guest VM
Patch velocity matters.
Hypervisor security is
Attack chain: 1. SonicWall VPN compromise
2. Pivot to VMware environment
3. Deploy VSOCK backdoor on hypervisor
4. Control from any guest VM
Patch velocity matters.
Hypervisor security is
0
3
6
511
0
🚨 Instagram denies a breach, but users are still at risk.
A flood of password reset emails + a 17M-record dataset circulating = the perfect phishing setup.
Two separate incidents. One dangerous outcome.
Enable 2FA now. Don't click links in security emails.
Read more:
A flood of password reset emails + a 17M-record dataset circulating = the perfect phishing setup.
Two separate incidents. One dangerous outcome.
Enable 2FA now. Don't click links in security emails.
Read more:
0
4
6
728
0
XRat is not “just another RAT”. It’s a delivery chain built for stealth and persistence, abusing Korean Webhard ecosystems, fake game installers, and QuasarRAT tradecraft, with ETW-related evasion techniques in the mix.
If you manage endpoints, this is the takeaway:
- Treat
If you manage endpoints, this is the takeaway:
- Treat
0
4
6
374
0
BreachForums just suffered a database leak exposing 324,000 accounts, including metadata that can fuel attribution, phishing, and OPSEC failures. We break down what was exposed, why it matters beyond the underground, and what defenders should watch next.
https://t.co/obvF7CgsF4
https://t.co/obvF7CgsF4
0
5
7
1.4K
0
🚨 Trend Micro fixed a critical RCE in Apex Central (CVE-2025-69258) impacting build 7190. If you run Apex Central on-prem, treat this as an emergency patching item. Management consoles are high-value targets.
What to do now:
• Identify affected Apex Central instances (build
What to do now:
• Identify affected Apex Central instances (build
1
3
6
211
0
FBI warning: Kimsuky is using QR-code “quishing” to steal credentials + session tokens and bypass MFA. Full technical breakdown + defenses:
https://t.co/XjAoSFF2dk
#CyberSecurity #ThreatIntel #Phishing
https://t.co/XjAoSFF2dk
#CyberSecurity #ThreatIntel #Phishing
0
3
6
393
0
Hackers are now mapping the AI perimeter.
GreyNoise tracked large-scale probing for misconfigured LLM proxies that could expose access to paid models (OpenAI-style, Gemini endpoints, etc.). Even “harmless” prompts can be reconnaissance.
If you run an AI gateway / proxy: lock it
GreyNoise tracked large-scale probing for misconfigured LLM proxies that could expose access to paid models (OpenAI-style, Gemini endpoints, etc.). Even “harmless” prompts can be reconnaissance.
If you run an AI gateway / proxy: lock it
0
4
7
1.0K
0
IT consultant specializing in cloud infrastructure and Microsoft 365 modernization, focusing on Zero Trust architecture - https://t.co/2IR5qJjnwm
106 Followers
18 Contributions
IT & Cybersecurity experts. PowerShell scripts, Intune deployment, network security. Practical tutorials, vulnerability analysis, IT best practices. ☁️ ⚙️
144 Followers
2 Contributions
10.5K
Total Members
+ 0
24h Growth
+ 4
7d Growth
Date Members Change
Feb 10, 2026 10.5K +0
Feb 9, 2026 10.5K +1
Feb 8, 2026 10.5K +1
Feb 7, 2026 10.5K +0
Feb 6, 2026 10.5K +1
Feb 5, 2026 10.5K +1
Feb 4, 2026 10.5K -1
Feb 3, 2026 10.5K +1
Feb 2, 2026 10.5K +0
Feb 1, 2026 10.5K +1
Jan 31, 2026 10.5K -1
Jan 30, 2026 10.5K +0
Jan 29, 2026 10.5K +0
Jan 28, 2026 10.5K —
No reviews yet
Be the first to share your experience!
Share Your Experience
Sign in with X to leave a review and help others discover great communities
Login with XLoading...
Join the cyber security community that's always on the lookout for new threats and solutions. We're all in this together, and we're here to help each other.
Community Rules
Be kind and respectful.
Keep posts on topic.
Explore and share.