security – Tech News

Browser extensions pushed malware to 4.3M Chrome, Edge users

A seven-year malicious browser extension campaign infected 4.3 million Google Chrome and Microsoft Edge users with malware, including backdoors and spyware sending people's data to servers in China. The attackers, which Koi named ShadyPanda, played the long game: publishing legitimate extensions, accumulating thousands or sometimes millions of downloads over several years, and then pushing a malware-laden update that auto updates across the entire user base.
https://www.theregister.com/2025/12/01/chrome_edge_malicious_browser_extensions/?td=rt-3a

Hackers exploit 3D design software to target game developers, animators

Israel-based cybersecurity firm Morphisec said in a report this week that it had blocked several campaigns over the past six months in which attackers used Blender project files to deliver the StealC V2 infostealer. The attackers relied on malicious files posted on platforms such as CGTrader, an online marketplace for 3D models.
https://therecord.media/hackers-blender-software-malware

Google: No, We’re Not Secretly Using Your Gmail Account to Train Gemini

Google has hit back at claims circulating on social media that accuse the tech giant of training its Google Gemini AI on users' emails without their permission. In a statement shared with The Verge, Google called reports "misleading," saying that the company has “not changed anyone’s settings. Gmail Smart Features have existed for many years, and we do not use your Gmail content for training our Gemini AI model.”
https://www.pcmag.com/news/google-no-were-not-secretly-training-gemini-on-your-gmail-account

Meta releases a new tool to protect reels creators from having their work stolen

Facebook creators are getting a new tool to help them protect their work from being ripped off by others. On Monday, Meta introduced Facebook content protection, a mobile tool designed to detect when a creator’s original reels posted to Facebook are being used without their permission. If the creator is alerted that someone else is using their reels, they’ll also have the ability to block the reel’s visibility across both Facebook and Instagram or track the reel’s performance and optionally add attribution links to their work.
https://techcrunch.com/2025/11/17/meta-releases-a-new-tool-to-protect-reels-creators-from-having-their-work-stolen/

NPM flooded with malicious packages downloaded more than 86,000 times

Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 credential-stealing packages since August, mostly without detection. Anyone who regularly downloads packages from NPM should check the Koi post for a list of indicators that their system has been compromised through PhantomRaven. These indicators can be used in system scans to determine whether they’ve been targeted.
https://arstechnica.com/security/2025/10/npm-flooded-with-malicious-packages-downloaded-more-than-86000-times/

Millions of Apple Airplay-enabled devices can be hacked via Wi-Fi

Apple’s AirPlay feature enables iPhones and MacBooks to seamlessly play music or show photos and videos on other Apple devices or third-party speakers and TVs that integrate the protocol. Now newly uncovered security flaws in AirPlay mean that those same wireless connections could allow hackers to move within a network just as easily, spreading malicious code from one infected device to another. Apple products are known for regularly receiving fixes, but given how rarely some smart-home devices are patched, it’s likely that these wirelessly enabled footholds for malware, across many of the hundreds of models of AirPlay-enabled devices, will persist for years to come.
https://arstechnica.com/security/2025/04/millions-of-apple-airplay-enabled-devices-can-be-hacked-via-wi-fi/

Android phones will soon reboot if they’re locked for a few days

Android is launching a new security feature that will force devices to reboot themselves if you haven’t unlocked them for a while, making it harder for other people to access the data inside. The feature included in the latest Google Play services update says that Android phones will automatically restart “if locked for 3 consecutive days,” requiring users to enter their passcode the next time they want to open the device.
https://www.theverge.com/news/648757/google-android-update-automatic-reboot-phone-locked