Cyber Security
New Findings Reveal A Surge In Cybersecurity Risks–From Suspicious Browser Extensions To Network Flaws & Data Leaks
By TechDogs Bureau
Updated on Mon, Apr 14, 2025
Share
Our interconnected digital world is evolving rapidly, with an increasing focus on protecting online security. Privacy has moved from a "good to have” to an urgent necessity. Every day, most of us share personal or sensitive information across apps, logins, and websites–often without fully knowing the risks.
We’re not here to stoke your fears but to help raise awareness about the surge in cyber threats.
After all, recent findings serve as a caution against the concealed risks lying behind digital interactions. From seemingly innocent browser extensions with millions of downloads and vulnerabilities in the crucial infrastructure of a major IT security provider (ironic much?) to government ministries witnessing sensitive data leaks.
Well, here’s a roundup of the most recent cybersecurity events and news. Let’s dive in!
A significant security concern has emerged in the form of nearly three dozen Chrome browser extensions exhibiting suspicious behavior, collectively installed over 4 million times!
Security researcher John Tucker of Secure Annex unearthed this network while assisting a client with security monitoring. What raised immediate alarm was the discovery of two unlisted extensions among the 132 extensions analyzed.
Unlike regular extensions found on the Chrome Web Store, these unlisted tools can only be accessed via direct URLs, a tactic often employed by malicious actors to keep their activities hidden from public scrutiny and Google's detection mechanisms.
Following the initial discovery, Tucker identified an additional 33 extensions displaying similar characteristics. These extensions exhibited connections to the same servers, employed identical code patterns, and requested an unusually extensive array of permissions.
Users were prompted to grant access to sensitive data, including browser tabs and windows, cookies, storage, scripting capabilities, alarms, and management APIs.
"At this point, this information should be enough for any organization to reasonably kick this out of their environment as it presents unnecessary risk," Tucker wrote in a blog on Thursday.
In addition, the code inside these extensions was substantially altered, which raised concerns. This strategy is often utilized by developers who want to hide the real operations of their software, making it hard for security investigators and even users to figure out what the extensions are doing behind the curtains.
Most interestingly, 10 of these hazardous extensions have Google's "Featured" badge, which typically indicates some kind of evaluation and trust from Google. How these potentially risky extensions managed to acquire this label remains unclear, but it likely contributed to their widespread adoption.
While Tucker found no direct evidence of data exfiltration, he cautioned that this possibility could not be ruled out. One particularly ironic example was an extension named "Fire Shield Extension Protection," which claimed, ironically, to scan Chrome for malicious plugins.
Upon analysis, Tucker discovered a JavaScript file within this extension capable of uploading data and downloading code and instructions from several dubious domains, including one named “unknow.com.”
The domain “unknow.com” is particularly noteworthy as it was referenced by all 35 suspicious extensions in their background service daemons, despite lacking any visible web presence or clear purpose.
Whois records indicated the domain was "available" and "for sale," making its consistent inclusion across these extensions even more perplexing.
Security experts, including Tucker, strongly advise to remove if anyone happens to have any of these extensions installed. Secure Annex has also published a comprehensive list of the identified extensions and permhashes on their blog in an open-access spreadsheet.
With Chrome’s browser extensions being exploited, rising security concerns are affecting other well-known businesses. Let’s take a look!
In another security incident, network security firm Fortinet recently admitted that threat actors have uncovered new ways to attack three vulnerabilities that it thought it patched the previous year.
Fortinet stated that an unknown attacker used a technique to create a symbolic link (symlink) that gave users read-only access to the root filesystem. This illegal access may disclose important resources, such as system configuration files.
While Fortinet has taken steps to mitigate the issue and has notified affected customers, the incident raises serious concerns about the reliability of past patching efforts against determined adversaries.
As a temporary measure, Fortinet advised users who are unable to apply the latest patches to disable SSL-VPN, since the exploitation method reportedly depends on this feature being enabled.
Benjamin Harris, CEO of attack surface management firm watchTowr, acknowledged Fortinet's proactive communication but also pointed out a troubling trend arising from this development.
Harris noted that "We have seen, numerous times, attackers deploy capabilities and backdoors after rapid exploitation designed to survive the patching, upgrade and factory reset processes organizations have come to rely on to mitigate these situations to maintain persistence and access to compromised organizations."
“This is straight-up terrifying. In high-profile situations, we may be entering a world where even updates, patching, and factory resets are insufficient to consider restoring appliance integrity,” Harris added.
The Fortinet incident demonstrates existing concerns in vulnerability management, requiring further evaluation of how vulnerabilities are managed. On that note...
The National Institute of Standards and Technology (NIST), which oversees the Common Vulnerabilities and Exposures (CVE) database, has announced a major shift in how it handles the older vulnerability submissions.
Citing a growing backlog, NIST announced it will be moving a substantial number of older CVEs into a "deferred" status. Under this policy, vulnerabilities disclosed before January 1, 2018, will not receive updates unless deemed absolutely necessary, essentially treating them like end-of-life software in terms of maintenance.
NIST stated that these older CVEs would be designated as deferred in due course. While persons with novel knowledge about these postponed CVEs can still submit it, NIST noted that changes to enhancement data would only be considered if the content clearly indicated an urgent need for an update, and even then, it would be dependent on the resources and time at hand.
Notably, NIST made clear that CVEs on the Known Exploited Vulnerabilities list shall continue to be upgraded irrespective of their postponed status. This makes sure that regularly attacked older vulnerabilities are still under investigation.
Nevertheless, the point is clear: In the future, you shouldn't depend solely on NIST to patch older CVEs–except the very important ones.
This move emphasizes the complexity of addressing the growing volume of reported vulnerabilities, as well as the importance of businesses having their own comprehensive vulnerability management methods.
As NIST shifts its priorities, security challenges persist across other sectors. Let’s find out more.
To cap the list of recent alarming security incidents, news of a "major data leak" involving various government ministries in the Netherlands went viral. While the specifics are limited, the Ministries of Economic Affairs and Climate and Green Growth provided confirmation of their participation in regional media outlets, and reports indicate that additional ministries may also be impacted.
The Dutch government has not revealed the cause of the leak, noting only that an inquiry is ongoing. At this point, it's unknown if any confidential information was accessed or stolen.
Yet, knowing that the Dutch Data Protection Authority was approached, it seems indicative of highly sensitive data being breached. This instance provides a warning that even large organizations with extensive resources and safety measures, such as government agencies, are vulnerable to data breaches.
Ultimately, these latest incidents demonstrate a persistent and dynamic threat landscape. From seemingly innocent browser extensions to weaknesses in software patches to potential data breaches within government agencies, the risks are increasing–in frequency and severity.
Do you think businesses need to step up their security strategies?
Share your thoughts in the comments below!
We’re not here to stoke your fears but to help raise awareness about the surge in cyber threats.
After all, recent findings serve as a caution against the concealed risks lying behind digital interactions. From seemingly innocent browser extensions with millions of downloads and vulnerabilities in the crucial infrastructure of a major IT security provider (ironic much?) to government ministries witnessing sensitive data leaks.
Well, here’s a roundup of the most recent cybersecurity events and news. Let’s dive in!
Risky Chrome Extensions Expose Millions To Potential Threats
A significant security concern has emerged in the form of nearly three dozen Chrome browser extensions exhibiting suspicious behavior, collectively installed over 4 million times!
Security researcher John Tucker of Secure Annex unearthed this network while assisting a client with security monitoring. What raised immediate alarm was the discovery of two unlisted extensions among the 132 extensions analyzed.
Unlike regular extensions found on the Chrome Web Store, these unlisted tools can only be accessed via direct URLs, a tactic often employed by malicious actors to keep their activities hidden from public scrutiny and Google's detection mechanisms.
Following the initial discovery, Tucker identified an additional 33 extensions displaying similar characteristics. These extensions exhibited connections to the same servers, employed identical code patterns, and requested an unusually extensive array of permissions.
Users were prompted to grant access to sensitive data, including browser tabs and windows, cookies, storage, scripting capabilities, alarms, and management APIs.
"At this point, this information should be enough for any organization to reasonably kick this out of their environment as it presents unnecessary risk," Tucker wrote in a blog on Thursday.
In addition, the code inside these extensions was substantially altered, which raised concerns. This strategy is often utilized by developers who want to hide the real operations of their software, making it hard for security investigators and even users to figure out what the extensions are doing behind the curtains.
Most interestingly, 10 of these hazardous extensions have Google's "Featured" badge, which typically indicates some kind of evaluation and trust from Google. How these potentially risky extensions managed to acquire this label remains unclear, but it likely contributed to their widespread adoption.
While Tucker found no direct evidence of data exfiltration, he cautioned that this possibility could not be ruled out. One particularly ironic example was an extension named "Fire Shield Extension Protection," which claimed, ironically, to scan Chrome for malicious plugins.
Upon analysis, Tucker discovered a JavaScript file within this extension capable of uploading data and downloading code and instructions from several dubious domains, including one named “unknow.com.”
The domain “unknow.com” is particularly noteworthy as it was referenced by all 35 suspicious extensions in their background service daemons, despite lacking any visible web presence or clear purpose.
Whois records indicated the domain was "available" and "for sale," making its consistent inclusion across these extensions even more perplexing.
Security experts, including Tucker, strongly advise to remove if anyone happens to have any of these extensions installed. Secure Annex has also published a comprehensive list of the identified extensions and permhashes on their blog in an open-access spreadsheet.
With Chrome’s browser extensions being exploited, rising security concerns are affecting other well-known businesses. Let’s take a look!
Fortinet Flaws Under Renewed Attack Despite Previous Patches
In another security incident, network security firm Fortinet recently admitted that threat actors have uncovered new ways to attack three vulnerabilities that it thought it patched the previous year.
Fortinet stated that an unknown attacker used a technique to create a symbolic link (symlink) that gave users read-only access to the root filesystem. This illegal access may disclose important resources, such as system configuration files.
While Fortinet has taken steps to mitigate the issue and has notified affected customers, the incident raises serious concerns about the reliability of past patching efforts against determined adversaries.
As a temporary measure, Fortinet advised users who are unable to apply the latest patches to disable SSL-VPN, since the exploitation method reportedly depends on this feature being enabled.
Benjamin Harris, CEO of attack surface management firm watchTowr, acknowledged Fortinet's proactive communication but also pointed out a troubling trend arising from this development.
Harris noted that "We have seen, numerous times, attackers deploy capabilities and backdoors after rapid exploitation designed to survive the patching, upgrade and factory reset processes organizations have come to rely on to mitigate these situations to maintain persistence and access to compromised organizations."
“This is straight-up terrifying. In high-profile situations, we may be entering a world where even updates, patching, and factory resets are insufficient to consider restoring appliance integrity,” Harris added.
The Fortinet incident demonstrates existing concerns in vulnerability management, requiring further evaluation of how vulnerabilities are managed. On that note...
NIST To Defer Updates For Older CVEs Amidst Submission Backlog
The National Institute of Standards and Technology (NIST), which oversees the Common Vulnerabilities and Exposures (CVE) database, has announced a major shift in how it handles the older vulnerability submissions.
Citing a growing backlog, NIST announced it will be moving a substantial number of older CVEs into a "deferred" status. Under this policy, vulnerabilities disclosed before January 1, 2018, will not receive updates unless deemed absolutely necessary, essentially treating them like end-of-life software in terms of maintenance.
NIST stated that these older CVEs would be designated as deferred in due course. While persons with novel knowledge about these postponed CVEs can still submit it, NIST noted that changes to enhancement data would only be considered if the content clearly indicated an urgent need for an update, and even then, it would be dependent on the resources and time at hand.
Notably, NIST made clear that CVEs on the Known Exploited Vulnerabilities list shall continue to be upgraded irrespective of their postponed status. This makes sure that regularly attacked older vulnerabilities are still under investigation.
Nevertheless, the point is clear: In the future, you shouldn't depend solely on NIST to patch older CVEs–except the very important ones.
This move emphasizes the complexity of addressing the growing volume of reported vulnerabilities, as well as the importance of businesses having their own comprehensive vulnerability management methods.
As NIST shifts its priorities, security challenges persist across other sectors. Let’s find out more.
Dutch Ministries Fall Victim To Data Leak
To cap the list of recent alarming security incidents, news of a "major data leak" involving various government ministries in the Netherlands went viral. While the specifics are limited, the Ministries of Economic Affairs and Climate and Green Growth provided confirmation of their participation in regional media outlets, and reports indicate that additional ministries may also be impacted.
The Dutch government has not revealed the cause of the leak, noting only that an inquiry is ongoing. At this point, it's unknown if any confidential information was accessed or stolen.
Yet, knowing that the Dutch Data Protection Authority was approached, it seems indicative of highly sensitive data being breached. This instance provides a warning that even large organizations with extensive resources and safety measures, such as government agencies, are vulnerable to data breaches.
Ultimately, these latest incidents demonstrate a persistent and dynamic threat landscape. From seemingly innocent browser extensions to weaknesses in software patches to potential data breaches within government agencies, the risks are increasing–in frequency and severity.
Do you think businesses need to step up their security strategies?
Share your thoughts in the comments below!
First published on Mon, Apr 14, 2025
Enjoyed what you read? Great news – there’s a lot more to explore!
Dive into our content repository of the latest tech news, a diverse range of articles spanning introductory guides, product reviews, trends and more, along with engaging interviews, up-to-date AI blogs and hilarious tech memes!
Also explore our collection of branded insights via informative white papers, enlightening case studies, in-depth reports, educational videos and exciting events and webinars from leading global brands.
Head to the TechDogs homepage to Know Your World of technology today!
Disclaimer - Reference to any specific product, software or entity does not constitute an endorsement or recommendation by TechDogs nor should any data or content published be relied upon. The views expressed by TechDogs' members and guests are their own and their appearance on our site does not imply an endorsement of them or any entity they represent. Views and opinions expressed by TechDogs' Authors are those of the Authors and do not necessarily reflect the view of TechDogs or any of its officials. While we aim to provide valuable and helpful information, some content on TechDogs' site may not have been thoroughly reviewed for every detail or aspect. We encourage users to verify any information independently where necessary.
Trending TD NewsDesk
HR Tech: Rippling Raises $450M, New Microsoft AI Features & Awardees Revealed
By TechDogs Bureau
OpenAI Expands Presence In Asia, Announces CEO Of Applications & Enhances ChatGPT’s Deep Research
By TechDogs Bureau
EdTech Company Pearson & SK Telecom Face Hacks As Meta Beats Spyware Firm NSO
By TechDogs Bureau
Apple’s Testimony Wipes Out $150 Billion From Google Amid New AI Model Launch
By TechDogs Bureau
CrowdStrike, IBM, Google & PwC Navigate Continued Layoffs In 2025 Amid AI-Driven Workforce Shifts
By TechDogs Bureau
Join Our Newsletter
Get weekly news, engaging articles, and career tips-all free!
By subscribing to our newsletter, you're cool with our terms and conditions and agree to our Privacy Policy.
Join The Discussion