Are you affected by the Chrome browser add-ons' weaknesses revealing sensitive information?

A crucial security exposure that affects many Chrome extension users has been identified, disclosing universal uncovering of delicate Application Programming Interface keys, which are cryptographic data used for encrypting and decrypting. Secrets, that are sensitive data which includes passwords. And authentication tokens which are digital identifiers that verify a person’s identity integrated in software extension.

This serious weakness is caused by the designers embedding credentials into their JavaScript files, making this private information attainable to everyone who examines the add-on.

The weakness impacts common file extensions with many merged users, possibly revealing cloud services, data management service, and other external programs to intrusion and misuse.

The protection supervision represents one of the most basic mistakes in software engineering, where sensitive authorization factors are kept in clear text within front end code.

Once Chrome add-ons are publicized to the Web Store, their machine code becomes accessible for inspection, effectively communicating these authorizations to possible cybercriminals.

The effects reach much beyond simple data leaks, as cybercriminals can influence these authorizations to send junk mail to informational services, earning unapproved cloud computing expenses, transmit harmful data, or acquiring more access to linked services depending on the authorization related with each breached key.

Symantec investigators discovered this extensive susceptibility while supervising regular security evaluations of popular browser add-ons, discovering a structure of bad authorization management procedures across multiple high performance applications.

The finding emphasizes a widespread problem in extension creation methods, where comfort frequently replaces security concerns.

The impacted add-ons conjointly serve more than 15 million people, making this one of the biggest authorization vulnerability events in recent browser add-on history.

The susceptibility’s affect is significantly different based on the type and area of revealed authorizations, varying from distorted analytics information to possible financial losses for add-on creators whose cloud services become selected for attacks.

More unsettling is the likelihood that cybercriminals could use vulnerable AWS authorizations (usernames, passwords, or keys), or identical cloud service keys to move into expanded infrastructure, likely entering databases, data storage systems, or other linked resources if the authorizations have increased consents.

Technical Evaluation of Authorization Vulnerability Trends

The uncovered authorizations follow clear trends across different add-on classifications, with analytics keys, cloud storage authorizations, and speech recognition Application Programming Interface credential being the most general security weaknesses.

 

Reference-

Dutta, Tushar S., “Chrome Extensions Vulnerability Exposes API Keys, Secrets, and Tokens.” Cybersecuritynews.com, Cyber Security News, 6 June 2025, https://cybersecuritynews.com/chrome-extensions-vulnerability-exposes-api-keys/. Accessed 7 June 2025.

 

Do the problems with ATS affect your job search?

 

According to Chougule, while ATS systems help companies go through lots of applications, qualified candidates get rejected before anyone even sees their resume.

Fortune 500 companies like Amazon and Google use these automated systems for their hiring but over 75% of resumes never get past the ATS system. The reason for this is ATS uses its own algorithms rather than looking at an individual's talent and it automatically rejects resumes that don't have the keywords that it's programmed to look for even if the job seeker could possibly be a perfect match for the position.

ATS hurts job seekers by:

Candidates that are qualified get ghosted since their resumes don't have the right keywords.  Resume difficulties- if your resume isn't set up to ATS quality then your employment application won't be identified.  ATS has also known to be unfair with hiring practices.  ATS has been known to favor some demographics over others and be discriminatory towards women in technology. 

References-

Chougule, Pragati.  "Exposed: How ATS is Silently Killing Job Applications and Ruining Careers." The Bridge Chronicle, 09 February 2025, https://www.thebridgechronicle.com/tech/ats-impact-job-applications-careers. Accessed 18 May 2025.

 

Russian Government Cybercriminals Were Found Purchasing Passwords From Other Cybercriminals, Are You Affected?

 

 

Designed by Freepik.com

 

 

(Naraine, 2025).  In a new report published with Dutch intelligence agencies cooperating and coordinating their efforts, Redmond’s threat intelligence hunting team said that the Russian hacking group is looking heavily on the low cost end of the network crime economy: purchasing usernames and passwords that have been robbed from data thief markets for use in brute force password attacks. 

Recently, Microsoft said it observed the team acquire a more precise “attacker-in-the-middle phishing attack” method that tricks the Microsoft Entra login page with a URL hijacking and a vicious QR-code arrangement to a phony European defense summit.

“We estimate that Void Blizzard, a new group that targets systems or individuals that Microsoft Threat Intelligence has seen directing surveillance actions in Russia, is using the free software attack infrastructure Evilginx to oversee the AitM phishing, which is an advanced attack where attackers get the information going between a personal user and a real website, campaign and take verification information, including the put in username and password and any internet cookies created by the server,” Microsoft said.  Evilginx made public in 2017 is a universally accessible trickery tool with [attacker-in-the-middle] AitM abilities.

While the methods are by the book for federal-level cyberwarfare campaigns, the goal is very precise with a casualty list that overlaps with other Russia-linked cyber intelligencers, Microsoft said, noting that the Russian hackers are likely stealing military intelligence that can be fed back into military or political planning.

Microsoft said that NATO states and Ukraine stay the main attacking sandbox and identified a case where a Ukrainian aviation department was compromised by separate Russian APTs, which have lots of resources and go in for advanced damaging network activity that targets network intrusion for an extended period of time, showing centered attacking on flight path and space-based networks.

According to Microsoft, the Void Blizzard playbook is to the point: rob authentication, sign into Exchange or SharePoint Online, and program the input of whatever a breached user can view.

Redmond said its security intelligence center found “a collection of global cloud misuse tasks” connected to Void Blizzard and cautioned that the cyberthreat actor’s production activity against networks in important sections presents an increased risk to NATO member states and allies to Ukraine.

After getting first time access, Microsoft found the hackers misusing authorized cloud Application Program Interfaces such as Exchange Online and Microsoft Graph to specified email addresses, including any shared email addresses, and cloud-hosted files.

“When accounts are effectively infiltrated, the hacker likely programs the volume collection of cloud-hosted information (primarily email and files) and any email boxes or file shares that the infiltrated person can get into, which can include email boxes and folders that belong to other people who have given other people read authorizations,” Microsoft explained.

In a small amount of confirmed breaches, Microsoft said the cyber-terrorists snooped in on Microsoft Teams discussions and communications through the Microsoft Teams web client application.

“The threat hacker has also in some cases identified the infiltrated organization’s Microsoft Entra ID configuration using the widely available AzureHound tool to get data about the users, roles, groups, applications, and devices belonging to that occupant,” according to the documentation.

Since the middle of 2024, Microsoft said it has traced “successful infiltrations” against telcos, defense suppliers, digital services providers, healthcare, and IT.

 

Reference-

Naraine, Ryan. “Russian Government Hackers Caught Buying Passwords from Cybercriminals.” Securityweek, 27 May 2025, https://www.securityweek.com/russian-government-hackers-caught-buying-passwords-from-cybercriminals/. Accessed 28 May 2025.

Did you know about these interesting network security facts?

 Designed by Freepik

 

 

 

Individual failure causes 95% of all network breaches.

According to (Novo, 2023), IBM’s Cyber Security Intelligence Index Report, which is a yearly report that helps with understanding the internet threat environment, almost all effective network breaches are caused by accidental human error or inaction.  The general errors people make include using poor passwords or unintentionally downloading attachments programmed with viruses.

90% of network attacks are malware emails.

In an Enterprise Phishing Susceptibility Report, which calculates the chances of employees falling for malware attacks, PhishMe, a security awareness training simulation, transmitted 40 million reproduced phishing emails to 1,000 companies to check the amount of users that would respond.  The test found that 9 out of 10 effective cyber attacks can be detected back to phishing scams.  The worst part is these attacks are increasing.

Within the United States, phishing efforts increased substantially from 2019 to 2020.  In fact, phishing was the most widespread type of illegal online activity during the COVID-19 pandemic, according to the FBI.  Looking like someone you may know, phishing emails try to mislead people into downloading attachments with viruses or giving away passwords.

One simple method to find a decoy is by looking at the “sender” email address.  Scammers usually have odd symbols or numbers in their address, which you’ll want to tell your cybersecurity team about and take out of your inbox right away.  Other common signs are odd fonts, bright colors, and incorrectly spelled words.

 

 

Reference-

 

Novo, Paula. “Top 10 Cybersecurity Facts and Stats in 2025.” High Speed Options, 4 Oct. 2023, https://www.highspeedoptions.com/resources/insights/10-cybersecurity-facts-and-stats. Accessed 24 May 2025.

Would you like to know about my point of view on the various Microsoft Windows Operating Systems?

  

 

Designed by Freepik

Designed by Freepik

·       Having lots of exposure to computers and reading about their problems gives me the knowledge of what to look for whenever I buy a new computer.

 

·      The Windows XP operating system was around for a very long time and liked by a lot of people.  I also heard that it also had some "bugs" when it first came out and those got fixed as more updates were released. 

·      Some things I liked about Windows XP are it had an easy to use user interface, it was easy to find where things were, and lots of software was compatible with it. 

 

·       As time goes on that computers and operating systems become outdated and obsolete.  

 

·      When Windows Vista came out it looked "good and high tech" but it also came with lots of problems. 

 

·      Vista's performance was slower with older hardware, had hardware and software compatibility problems, and the user account control feature caused lots of prompts.

·       When you start using Windows Vista you have 30 days to activate it and if it's not activated within 30 days many of the features won't work.  Microsoft no longer supports the Windows Vista operating system.

 

·      I liked Windows 7 a lot more.  It looked "cool and high tech" but was also more stable. 

 

·      With anything I needed to use Windows 7 for I never encountered any big or serious problems. 

 

·      For any operating system to perform properly that it needs to be running on a computer system with the recommended or higher system requirements.  This will prevent lagging system performance. 

 

·       If you're running an operating system with the recommended or higher system requirements and still have lots of performance problems it could be due to a virus or a poorly made operating system. It could also be due to a background program or process that's using lots of system resources to run or causing problems.

 

·      Windows XP was around for a long time, then Windows Vista came out but it was only out for a few years, then Windows 7 was around for a long time, I never used Windows 8 but heard that it was hard and confusing to use, Windows 10 has been around for a while, and I've heard about lots of problems with Windows 11. 

 

·       My opinion is that operating systems should be tested more thoroughly before they're released, they should be tested to be more user friendly, any problems that come up should be addressed and resolved promptly, and the operating system should be updated and supported for a long time rather than being replaced with a different operating system after a few years that comes out with many problems.