DataBreachToday

Grafana AI Bug Leaks Data With Zero-Click Exploit

A Grafana AI flaw enables zero-click data exfiltration by hiding malicious prompts in URLs, said a Noma Security report.

108 Google Chrome Extensions Are Stealing User Data, Over 20,000 Users Affected

Collectively, the extensions amassed about 20,000 installs in the Chrome Web Store. All 108 extensions route stolen ...
The Hacker News

108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users

According to Socket, the extensions (complete list here) are published under five distinct publisher identities – Yana ...

Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway.

Microsoft assigned CVE-2026-21520 to a Copilot Studio prompt injection vulnerability and patched it in January — but in ...

GrafanaGhost: The AI That Leaked Everything Without Being Hacked

A newly disclosed vulnerability reveals how AI assistants can become invisible channels for data exfiltration — and why ...
SecurityWeek

100 Chrome Extensions Steal User Data, Create Backdoor

Over 100 Chrome extensions sharing C&C infrastructure were seen stealing user data, injecting ads, and containing a backdoor.

Massive Chrome Extension Scam Exposes 20,000 Users to Data Theft

Researchers linked 108 malicious Chrome extensions to a coordinated campaign that exposed about 20,000 users to data theft, ...

108 malicious Chrome extensions found stealing data and injecting ads into every page you visit

Security researchers have uncovered a new coordinated campaign which uses malicious extensions to steal user data and hijack browsing sessions.