Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode

Malicious Chrome Extensions Caught Stealing Business Data, Emails, and Browsing History

Cybersecurity researchers have discovered a malicious Google Chrome extension that’s designed to steal data associated with Meta Business Suite and Facebook Business Manager.

The extension, named CL Suite by @CLMasters (ID: jkphinfhmfkckkcnifhjiplhfoiefffl), is marketed as a way to scrape Meta Business Suite data, remove verification pop-ups, and generate two-factor authentication (2FA) codes. The extension has 33 users as of writing. It was first uploaded to the Chrome Web Store on March 1, 2025.

However, the browser add-on also exfiltrates TOTP codes for Facebook and Meta Business accounts, Business Manager contact lists, and analytics data to infrastructure controlled by the threat actor, Socket said.

The Frontier Labs War: Opus 4.6, GPT 5.3 Codex, and the SuperBowl Ads Debacle

Questions to inspire discussion AI Model Performance & Capabilities.

🤖 Q: How does Anthropic’s Opus 4.6 compare to GPT-5.2 in performance?

A: Opus 4.6 outperforms GPT-5.2 by 144 ELO points while handling 1M tokens, and is now in production with recursive self-improvement capabilities that allow it to rewrite its entire tech stack.

🔧 Q: What real-world task demonstrates Opus 4.6’s agent swarm capabilities?

A: An agent swarm created a C compiler in Rust for multiple architectures in weeks for **$20K, a task that would take humans decades, demonstrating AI’s ability to collapse timelines and costs.

🐛 Q: How effective is Opus 4.6 at finding security vulnerabilities?

Continue reading “The Frontier Labs War: Opus 4.6, GPT 5.3 Codex, and the SuperBowl Ads Debacle” | >

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign orchestrated by the North Korea-linked Lazarus Group.

The coordinated campaign has been codenamed graphalgo in reference to the first package published in the npm registry. It’s assessed to be active since May 2025.

“Developers are approached via social platforms like LinkedIn and Facebook, or through job offerings on forums like Reddit,” ReversingLabs researcher Karlo Zanki said in a report. “The campaign includes a well-orchestrated story around a company involved in blockchain and cryptocurrency exchanges.”

This $20 CISSP course bundle helps you study for this grueling certification

Want to make a career jump in 2026? If cybersecurity is on your radar, you’ll want to get prepared for the CISSP exam, one of the most prestigious credentials in the industry that signals you’re ready for high-level roles.

Now, you can learn right from the couch with the CISSP Security and Risk Management Training Bundle, on sale for just $19.99, with no coupon code required.

You don’t have to head back to school to get prepped for a cybersecurity career. The CISSP Security & Risk Management Training Bundle can prepare you in the comfort of your home. This bundle of eight courses teaches you how to protect computers, networks, and data from threats and helps you master the eight domains information security professionals should know.

/* */