Browser Extensions Are the Quiet SSO Bypass
Most organizations have a process for evaluating software. Procurement reviews, security assessments, sometimes formal vendor questionnaires. Almost none of them have a process for evaluating what browser extensions their employees are running. That gap is exactly what this campaign exploits. Researchers at Socket documented 108 malicious Chrome extensions sharing a single command-and-control backend, collectively installed […]