Browser Security

Malicious Chrome Extensions Hijack Workday, NetSuite Accounts

Nishant Sharma

17 Jan 2026 — 1 min read

This newsletter is AI generated and may hallucinate sometimes 😊

Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts

Researchers identified five malicious Chrome extensions impersonating popular business tools like Workday and NetSuite, designed to steal user credentials.
These extensions used a technique to dynamically inject JavaScript into legitimate login pages, intercepting usernames, passwords, and multi-factor authentication codes.
The campaign targeted corporate environments, aiming to gain unauthorized access to critical SaaS applications, highlighting the risk of supply chain attacks through browser add-ons.

Source: The Hacker News | Date: January 16, 2026

References

Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts - The Hacker News

PDF.js Critical JavaScript Library Flaws Addressed: Update Urgently

This newsletter is AI generated and may hallucinate sometimes 😊 * Mozilla's PDF.js, a popular open-source JavaScript library widely used for in-browser PDF rendering, has addressed critical code injection and crash vulnerabilities. * The code injection flaw could enable attackers to execute arbitrary JavaScript code within a user's

Blesta XSS Flaw Poses Client-Side Risk to Management Portals

This newsletter is AI generated and may hallucinate sometimes 😊 Blesta Reflected XSS Flaw Endangers Client Management Portals * A reflected Cross-Site Scripting (XSS) vulnerability, tracked as KIS-2026-01, has been identified in Blesta versions up to 5.13.1, specifically affecting the confirm_url parameter. * This flaw enables attackers to inject arbitrary

Chrome, Foxit & Open VSX Address Critical Browser & Extension Security

This newsletter is AI generated and may hallucinate sometimes 😊 Foxit Releases Security Updates for PDF Editor Cloud XSS Vulnerabilities * Foxit released security updates for its PDF Editor Cloud, addressing multiple Cross-Site Scripting (XSS) vulnerabilities. * These XSS flaws could allow attackers to inject malicious scripts into web pages viewed by users,

Firefox & Foxit: New AI Privacy Controls and Critical JavaScript Flaws

This newsletter is AI generated and may hallucinate sometimes 😊 Mozilla Firefox Introduces One-Click Option to Disable Generative AI Features * Mozilla Firefox has added a new user-friendly option that allows users to disable all generative AI features within the browser with a single click. * This feature, currently rolling out in the

Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts

References

Read more

PDF.js Critical JavaScript Library Flaws Addressed: Update Urgently

Blesta XSS Flaw Poses Client-Side Risk to Management Portals

Chrome, Foxit & Open VSX Address Critical Browser & Extension Security

Firefox & Foxit: New AI Privacy Controls and Critical JavaScript Flaws