Theft. Most of the article that we'll cover today is centered on this; malicious users using one means or the other steal stuff that includes credentials, money, or proprietary data.
Fake AI Chrome extensions with 300K users steal credentials, emails
I rarely install web browser extensions. If you think that's weird, this article should change your mind. Moreover, when I read the extension names included in the article, it felt off and numb.
From the article:
The malicious browser add-ons do not implement AI functionality locally; instead, they deliver the promised feature by rendering a full-screen iframe to load content from a remote domain. This, by itself, is risky, as publishers can change the extensions’ logic at any time without pushing an update.
Attackers prompted Gemini over 100,000 times while trying to clone it, Google says
Shortcuts sound good, but not in the context of training an AI model when you don't have permission to do so. That's a quick summary of what's going on here.
From the article:
In the report published by Google, its threat intelligence group describes a growing wave of these distillation attacks against Gemini. Many of the campaigns specifically targeted the algorithms that help the model perform simulated reasoning tasks, or decide how to process information step by step.
WordPress plugin with 900k installs vulnerable to critical RCE flaw
900k installs is a lot. For added context, the plugin in question is "WPvivid Backup & Migration plugin", tracked as CVE-2026-1357 with a severity score of 9.8.
Here is what's going on:
The root cause is the improper error handling in RSA decryption, combined with a lack of path sanitization. Specifically, when the ‘openssl_private_decrypt()’ function fails, the plugin does not halt execution and instead passes the failed result (false) to the AES (Rijndael) routine.
The cryptographic library treats this as a string of null bytes, creating a predictable encryption key that an attacker can use to craft malicious payloads that the plugin would accept.
Malicious packages for dYdX cryptocurrency exchange empties user wallets
What prompted me to cover this article is the theft of cryptocurrencies and the way that the attackers did it. It should serve as a reminder that there are people out there ready to steal your money using any means necessary. This means you should always take appropriate measures (to the best of your abilities) to protect your assets.
From the article:
The incident is at least the third time dYdX has been targeted in attacks. Previous events include a September 2022 uploading of malicious code to the npm repository and the commandeering in 2024 of the dYdX v3 website through DNS hijacking. Users were redirected to a malicious site that prompted them to sign transactions designed to drain their wallets.
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, and I'll see you next time.
Top comments (0)